From ae718c33284658433b86b3bd109176bfdb2b141c Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Fri, 21 Feb 2025 15:53:31 +0100 Subject: [PATCH] :bug: Fix incorrect data returned on viewer subapp bundle --- backend/src/app/rpc/commands/viewer.clj | 29 +++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/backend/src/app/rpc/commands/viewer.clj b/backend/src/app/rpc/commands/viewer.clj index 1eeb13818..7e471e4fc 100644 --- a/backend/src/app/rpc/commands/viewer.clj +++ b/backend/src/app/rpc/commands/viewer.clj @@ -16,7 +16,8 @@ [app.rpc.commands.teams :as teams] [app.rpc.cond :as-alias cond] [app.rpc.doc :as-alias doc] - [app.util.services :as sv])) + [app.util.services :as sv] + [cuerdas.core :as str])) ;; --- QUERY: View Only Bundle @@ -26,6 +27,27 @@ (update :pages (fn [pages] (filterv #(contains? allowed %) pages))) (update :pages-index select-keys allowed))) +(defn obfuscate-email + [email] + (let [[name domain] + (str/split email "@" 2) + + [_ rest] + (str/split domain "." 2) + + name + (if (> (count name) 3) + (str (subs name 0 1) (apply str (take (dec (count name)) (repeat "*")))) + "****")] + + (str name "@****." rest))) + +(defn anonymize-member + [member] + (-> (select-keys member [:id :email :name :fullname :photo-id]) + (update :email obfuscate-email) + (assoc :can-read true))) + (defn- get-view-only-bundle [{:keys [::db/conn] :as cfg} {:keys [profile-id file-id ::perms] :as params}] (let [file (files/get-file cfg file-id) @@ -37,7 +59,10 @@ team (-> (db/get conn :team {:id (:team-id project)}) (teams/decode-row)) - members (teams/get-team-members conn (:team-id project)) + members (cond->> (teams/get-team-members conn (:team-id project)) + (= :share-link (:type perms)) + (mapv anonymize-member)) + member-ids (into #{} (map :id) members) perms (assoc perms :in-team (contains? member-ids profile-id))