diff options
author | Christopher Speller <crspeller@gmail.com> | 2016-09-02 12:24:20 -0400 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2016-09-02 08:24:20 -0800 |
commit | eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9 (patch) | |
tree | 153eb3766b04b58171cad0f2e70136ff84c0d123 /api | |
parent | 717e8197ffd378d644d868a1b5e9f96c5385b41e (diff) | |
download | chat-eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9.tar.gz chat-eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9.tar.bz2 chat-eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9.zip |
Fixing SanitizeProfile (#3930)
Diffstat (limited to 'api')
-rw-r--r-- | api/user.go | 29 | ||||
-rw-r--r-- | api/user_test.go | 66 |
2 files changed, 85 insertions, 10 deletions
diff --git a/api/user.go b/api/user.go index b0d2c79b4..daa405ad4 100644 --- a/api/user.go +++ b/api/user.go @@ -898,8 +898,7 @@ func getInitialLoad(c *Context, w http.ResponseWriter, r *http.Request) { profiles := dp.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } il.DirectProfiles = profiles @@ -974,8 +973,7 @@ func getProfilesForDirectMessageList(c *Context, w http.ResponseWriter, r *http. profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, false, false) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Write([]byte(model.UserMapToJson(profiles))) @@ -1004,8 +1002,7 @@ func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) { profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Header().Set(model.HEADER_ETAG_SERVER, etag) @@ -1026,8 +1023,7 @@ func getDirectProfiles(c *Context, w http.ResponseWriter, r *http.Request) { profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Header().Set(model.HEADER_ETAG_SERVER, etag) @@ -1276,7 +1272,7 @@ func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { l4g.Error(utils.T("api.user.get_me.getting.error"), c.Session.UserId) } else { user := result.Data.(*model.User) - user.SanitizeProfile(c.IsSystemAdmin(), false, true, true) + user = sanitizeProfile(c, user) message := model.NewWebSocketEvent("", "", c.Session.UserId, model.WEBSOCKET_EVENT_USER_UPDATED) message.Add("user", user) go Publish(message) @@ -1326,7 +1322,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } updatedUser := rusers[0] - updatedUser.SanitizeProfile(c.IsSystemAdmin(), false, true, true) + updatedUser = sanitizeProfile(c, updatedUser) message := model.NewWebSocketEvent("", "", user.Id, model.WEBSOCKET_EVENT_USER_UPDATED) message.Add("user", updatedUser) @@ -2567,3 +2563,16 @@ func userTyping(req *model.WebSocketRequest) (map[string]interface{}, *model.App return nil, nil } + +func sanitizeProfile(c *Context, user *model.User) *model.User { + options := utils.Cfg.GetSanitizeOptions() + + if c.IsSystemAdmin() { + options["email"] = true + options["fullname"] = true + } + + user.SanitizeProfile(options) + + return user +} diff --git a/api/user_test.go b/api/user_test.go index 1b6662269..5e8d6d54f 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -434,6 +434,13 @@ func TestGetDirectProfiles(t *testing.T) { th.BasicClient.Must(th.BasicClient.CreateDirectChannel(th.BasicUser2.Id)) + prevShowEmail := utils.Cfg.PrivacySettings.ShowEmailAddress + defer func() { + utils.Cfg.PrivacySettings.ShowEmailAddress = prevShowEmail + }() + + utils.Cfg.PrivacySettings.ShowEmailAddress = true + if result, err := th.BasicClient.GetDirectProfiles(""); err != nil { t.Fatal(err) } else { @@ -446,6 +453,34 @@ func TestGetDirectProfiles(t *testing.T) { if users[th.BasicUser2.Id] == nil { t.Fatal("missing expected user") } + + for _, user := range users { + if user.Email == "" { + t.Fatal("problem with show email") + } + } + } + + utils.Cfg.PrivacySettings.ShowEmailAddress = false + + if result, err := th.BasicClient.GetDirectProfiles(""); err != nil { + t.Fatal(err) + } else { + users := result.Data.(map[string]*model.User) + + if len(users) != 1 { + t.Fatal("map was wrong length") + } + + if users[th.BasicUser2.Id] == nil { + t.Fatal("missing expected user") + } + + for _, user := range users { + if user.Email != "" { + t.Fatal("problem with show email") + } + } } } @@ -454,6 +489,13 @@ func TestGetProfilesForDirectMessageList(t *testing.T) { th.BasicClient.Must(th.BasicClient.CreateDirectChannel(th.BasicUser2.Id)) + prevShowEmail := utils.Cfg.PrivacySettings.ShowEmailAddress + defer func() { + utils.Cfg.PrivacySettings.ShowEmailAddress = prevShowEmail + }() + + utils.Cfg.PrivacySettings.ShowEmailAddress = true + if result, err := th.BasicClient.GetProfilesForDirectMessageList(th.BasicTeam.Id); err != nil { t.Fatal(err) } else { @@ -462,6 +504,30 @@ func TestGetProfilesForDirectMessageList(t *testing.T) { if len(users) < 1 { t.Fatal("map was wrong length") } + + for _, user := range users { + if user.Email == "" { + t.Fatal("problem with show email") + } + } + } + + utils.Cfg.PrivacySettings.ShowEmailAddress = false + + if result, err := th.BasicClient.GetProfilesForDirectMessageList(th.BasicTeam.Id); err != nil { + t.Fatal(err) + } else { + users := result.Data.(map[string]*model.User) + + if len(users) < 1 { + t.Fatal("map was wrong length") + } + + for _, user := range users { + if user.Email != "" { + t.Fatal("problem with show email") + } + } } } |