forked from jmug/stoatchat
Fix: User's invisibility status is exposed
This commit is contained in:
@@ -5,7 +5,7 @@ use rocket::serde::json::Value;
|
||||
|
||||
#[get("/<target>")]
|
||||
pub async fn req(user: User, target: Ref) -> Result<Value> {
|
||||
let target = target.fetch_user().await?;
|
||||
let mut target = target.fetch_user().await?;
|
||||
|
||||
let perm = permissions::PermissionCalculator::new(&user)
|
||||
.with_user(&target)
|
||||
@@ -16,5 +16,15 @@ pub async fn req(user: User, target: Ref) -> Result<Value> {
|
||||
Err(Error::MissingPermission)?
|
||||
}
|
||||
|
||||
// If the user's status is `Presence::Invisible`, return it as `Presence::Offline`
|
||||
if let Some(mut status) = target.status {
|
||||
if let Some(presence) = status.presence {
|
||||
if presence == Presence::Invisible {
|
||||
status.presence = Some(Presence::Offline);
|
||||
target.status = Some(status);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(json!(target.from(&user).with(perm)))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user