Fix: User's invisibility status is exposed

This commit is contained in:
heikkari
2021-08-16 00:40:33 +03:00
parent f04137d50f
commit e35a6b12e1

View File

@@ -5,7 +5,7 @@ use rocket::serde::json::Value;
#[get("/<target>")]
pub async fn req(user: User, target: Ref) -> Result<Value> {
let target = target.fetch_user().await?;
let mut target = target.fetch_user().await?;
let perm = permissions::PermissionCalculator::new(&user)
.with_user(&target)
@@ -16,5 +16,15 @@ pub async fn req(user: User, target: Ref) -> Result<Value> {
Err(Error::MissingPermission)?
}
// If the user's status is `Presence::Invisible`, return it as `Presence::Offline`
if let Some(mut status) = target.status {
if let Some(presence) = status.presence {
if presence == Presence::Invisible {
status.presence = Some(Presence::Offline);
target.status = Some(status);
}
}
}
Ok(json!(target.from(&user).with(perm)))
}