eightball/PluralKit
1
0
Fork 0
mirror of https://github.com/PluralKit/PluralKit.git synced 2026-02-04 13:06:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix(api): correctly check privacy settings on group list endpoint

Browse source
This commit is contained in:
alyssa 2024-04-16 14:59:12 -04:00
parent ffe3ee9050
commit 2b46d0c2ac
1 changed files with 2 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
PluralKit.API/Controllers/v2/GroupControllerV2.cs
View file

@ -21,9 +21,6 @@ public class GroupControllerV2: PKControllerBase
var ctx = ContextFor(system);
if (with_members && !system.MemberListPrivacy.CanAccess(ctx))
throw Errors.UnauthorizedMemberList;
if (!system.GroupListPrivacy.CanAccess(ContextFor(system)))
throw Errors.UnauthorizedGroupList;
@ -34,17 +31,14 @@ public class GroupControllerV2: PKControllerBase
.Select(g => g.ToJson(ctx, needsMembersArray: with_members))
.ToListAsync();
if (with_members && !system.MemberListPrivacy.CanAccess(ctx))
throw Errors.UnauthorizedMemberList;
if (with_members && j_groups.Count > 0)
{
var q = await _repo.GetGroupMemberInfo(await groups
.Where(g => g.Visibility.CanAccess(ctx))
.Where(g => g.ListPrivacy.CanAccess(ctx))
.Select(x => x.Id)
.ToListAsync());
foreach (var row in q)
if (row.MemberVisibility.CanAccess(ctx))
((JArray)j_groups.Find(x => x.Value<string>("id") == row.Group)["members"]).Add(row.MemberUuid);
@ -151,4 +145,4 @@ public class GroupControllerV2: PKControllerBase
return NoContent();
}
}
}