GET users.list broken for "normal" users

[mb987654]

Description:

When trying to perform a GET against /api/v1/users.list with no query parameters, the following response is returned for users who do not have a role that includes the "View Full Other User Info" permission:

{
"success": false,
"error": "Invalid attribute: emails.address [error-invalid-query]",
"errorType": "error-invalid-query"
}

If a user has a role that includes the "View Full Other User Info" permission, then the error does not occur and a list of users is returned as expected.

Steps to reproduce:

1. perform a GET against /api/v1/users.list as a user that has no roles that include the "View Full Other User Info" permission

Expected behavior:

a list of users is returned

Actual behavior:

an error is returned:

{
"success": false,
"error": "Invalid attribute: emails.address [error-invalid-query]",
"errorType": "error-invalid-query"
}

I did not have this problem with 4.7.0.

Server Setup Information:

• Version of Rocket.Chat Server: 4.8.0
• Operating System: CentOS
• Deployment Method: docker-compose
• Number of Running Instances: 1
• DB Replicaset Oplog: Enabled
• NodeJS Version: 14.18.3 - x64
• MongoDB Version: 4.0.28

[Gummikavalier]

RC 4.7.4 seems to suffer from this too.
Edit: Ignore regarding 4.7.4. My bad. Something other has just changed in the parameters or their syntax. And more likely in what sort of hyphens can be read.

[gelpiu-developers]

Has anyone solved this? I'm having the exact same problem, and I don't find anything in the documentation explaining why this is not working now...