From 56ba06c0166f46e9fcfcc4f654a3f7346244b5a9 Mon Sep 17 00:00:00 2001
From: Martin Kraft <mkraft@users.noreply.github.com>
Date: Fri, 29 Jun 2018 08:45:04 -0400
Subject: MM-10980: Conditionally filteres User json properties. (#9018)

---
 api4/user.go      | 6 +++++-
 api4/user_test.go | 8 +++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'api4')

diff --git a/api4/user.go b/api4/user.go
index 14ab3a0a2..ac702644d 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -154,7 +154,11 @@ func getUserByUsername(c *Context, w http.ResponseWriter, r *http.Request) {
 	if c.HandleEtag(etag, "Get User", w, r) {
 		return
 	} else {
-		c.App.SanitizeProfile(user, c.IsSystemAdmin())
+		if c.Session.UserId == user.Id {
+			user.Sanitize(map[string]bool{})
+		} else {
+			c.App.SanitizeProfile(user, c.IsSystemAdmin())
+		}
 		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
 		w.Write([]byte(user.ToJson()))
 		return
diff --git a/api4/user_test.go b/api4/user_test.go
index 96aa55d5f..ad77c8c4c 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -411,7 +411,7 @@ func TestGetUserByUsername(t *testing.T) {
 	th.App.UpdateConfig(func(cfg *model.Config) { cfg.PrivacySettings.ShowEmailAddress = false })
 	th.App.UpdateConfig(func(cfg *model.Config) { cfg.PrivacySettings.ShowFullName = false })
 
-	ruser, resp = Client.GetUserByUsername(user.Username, "")
+	ruser, resp = Client.GetUserByUsername(th.BasicUser2.Username, "")
 	CheckNoError(t, resp)
 
 	if ruser.Email != "" {
@@ -424,6 +424,12 @@ func TestGetUserByUsername(t *testing.T) {
 		t.Fatal("last name should be blank")
 	}
 
+	ruser, resp = Client.GetUserByUsername(th.BasicUser.Username, "")
+	CheckNoError(t, resp)
+	if len(ruser.NotifyProps) == 0 {
+		t.Fatal("notify props should be sent")
+	}
+
 	Client.Logout()
 	_, resp = Client.GetUserByUsername(user.Username, "")
 	CheckUnauthorizedStatus(t, resp)
-- 
cgit v1.2.3-1-g7c22