Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: add canView check to /api/v3/users/:uid

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2024-04-12 16:25:24 -04:00
parent 14f5774f6a
commit 5bee324c6a
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/users.js
View File

@@ -41,6 +41,10 @@ usersAPI.create = async function (caller, data) {
}; };
usersAPI.get = async (caller, { uid }) => { usersAPI.get = async (caller, { uid }) => {
const canView = await privileges.global.can('view:users', caller.uid);
if (!canView) {
throw new Error('[[error:no-privileges]]');
}
const userData = await user.getUserData(uid); const userData = await user.getUserData(uid);
return await user.hidePrivateData(userData, caller.uid); return await user.hidePrivateData(userData, caller.uid);
}; };