[BREAK] Always remove the field services from user data responses in REST API
#10799
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
graywolf336
previously requested changes
May 17, 2018
| @@ -1,4 +1,7 @@ | |||
| RocketChat.API.helperMethods.set('parseJsonQuery', function _parseJsonQuery() { | |||
| const VIEW_FULL_USER_FIELDS_TO_EXCLUDE = { | |||
There was a problem hiding this comment.
Don't define this every time the call happens, move it outside.
MarcosSpessatto
changed the title
|
@rodrigok @graywolf336 @MarcosSpessatto what's the status on this? we need to get it merged... has the mobile team been informed of the breaking change? |
|
@RocketChat/android @RocketChat/ios just in case not on radar. |
cardoso
reviewed
May 29, 2018
| @@ -52,8 +60,12 @@ RocketChat.API.helperMethods.set('parseJsonQuery', function _parseJsonQuery() { | |||
| // Verify the user has permission to query the fields they are | |||
| if (typeof query === 'object') { | |||
| let nonQuerableFields = Object.keys(RocketChat.API.v1.defaultFieldsToExclude); | |||
|
@geekgonecrazy @marceloschmidt @MarcosSpessatto @graywolf336 this doesn't break anything for us |
ggazzo
previously requested changes
Jun 12, 2018
| if (!RocketChat.authz.hasPermission(this.userId, 'view-full-other-user-info') && this.request.route.includes('/v1/users.')) { | ||
| nonSelectableFields = nonSelectableFields.concat(Object.keys(RocketChat.API.v1.limitedUserFieldsToExclude)); | ||
| if (this.request.route.includes('/v1/users.')) { | ||
| if (RocketChat.authz.hasPermission(this.userId, 'view-full-other-user-info')) { |
There was a problem hiding this comment.
what do you think
...
const getFields = () => Object.keys(RocketChat.authz.hasPermission(this.userId, 'view-full-other-user-info') ? RocketChat.API.v1.limitedUserFieldsToExcludeIfIsPrivilegedUser : RocketChat.API.v1.limitedUserFieldsToExclude);
nonSelectableFields = nonSelectableFields.concat(getFields());
...Refactor the if else statement on parseJsonQuery function
|
Can we merge this yet? |
|
@ggazzo what do you think? |
rodrigok
approved these changes
Jun 20, 2018
rodrigok
changed the title
services from user data responses
rodrigok
changed the title
services from user data responsesservices from user data responses in REAT API
rodrigok
changed the title
services from user data responses in REAT APIservices from user data responses in REST API
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.