Don't allow getting custom fields in the members list, use the users.list api for that

8 years ago · 041dea5698
parent edda4127e2
commit 041dea5698
3 changed files with 9 additions and 9 deletions
--- a/packages/rocketchat-api/server/v1/channels.js
+++ b/packages/rocketchat-api/server/v1/channels.js
@ -422,7 +422,7 @@ RocketChat.API.v1.addRoute('channels.members', { authRequired: true }, {
 		const findResult = findChannelByIdOrName({ params: this.requestParams(), checkedArchived: false });

 		const { offset, count } = this.getPaginationItems();
-		const { sort, fields } = this.parseJsonQuery();
+		const { sort } = this.parseJsonQuery();

 		const members = RocketChat.models.Rooms.processQueryOptionsOnResult(Array.from(findResult.usernames), {
 			sort: sort ? sort : -1,
@ -430,8 +430,8 @@ RocketChat.API.v1.addRoute('channels.members', { authRequired: true }, {
 			limit: count
 		});

-		const ourFields = Object.assign({ _id: 1, username: 1, status: 1 }, fields, RocketChat.API.v1.defaultFieldsToExclude);
-		const users = RocketChat.models.Users.find({ username: { $in: members } }, { fields: ourFields }).fetch();
+		const users = RocketChat.models.Users.find({ username: { $in: members } },
+			{ fields: { _id: 1, username: 1, name: 1, status: 1, utcOffset: 1 } }).fetch();

 		return RocketChat.API.v1.success({
 			members: users,
--- a/packages/rocketchat-api/server/v1/groups.js
+++ b/packages/rocketchat-api/server/v1/groups.js
@ -366,7 +366,7 @@ RocketChat.API.v1.addRoute('groups.members', { authRequired: true }, {
 	get() {
 		const findResult = findPrivateGroupByIdOrName({ params: this.requestParams(), userId: this.userId });
 		const { offset, count } = this.getPaginationItems();
-		const { sort, fields } = this.parseJsonQuery();
+		const { sort } = this.parseJsonQuery();

 		const members = RocketChat.models.Rooms.processQueryOptionsOnResult(Array.from(findResult._room.usernames), {
 			sort: sort ? sort : -1,
@ -374,8 +374,8 @@ RocketChat.API.v1.addRoute('groups.members', { authRequired: true }, {
 			limit: count
 		});

-		const ourFields = Object.assign({ _id: 1, username: 1, status: 1 }, fields, RocketChat.API.v1.defaultFieldsToExclude);
-		const users = RocketChat.models.Users.find({ username: { $in: members } }, { fields: ourFields }).fetch();
+		const users = RocketChat.models.Users.find({ username: { $in: members } },
+			{ fields: { _id: 1, username: 1, name: 1, status: 1, utcOffset: 1 } }).fetch();

 		return RocketChat.API.v1.success({
 			members: users,
--- a/packages/rocketchat-api/server/v1/im.js
+++ b/packages/rocketchat-api/server/v1/im.js
@ -126,7 +126,7 @@ RocketChat.API.v1.addRoute(['dm.members', 'im.members'], { authRequired: true },
 		const findResult = findDirectMessageRoom(this.requestParams(), this.user);

 		const { offset, count } = this.getPaginationItems();
-		const { sort, fields } = this.parseJsonQuery();
+		const { sort } = this.parseJsonQuery();

 		const members = RocketChat.models.Rooms.processQueryOptionsOnResult(Array.from(findResult.room.usernames), {
 			sort: sort ? sort : -1,
@ -134,8 +134,8 @@ RocketChat.API.v1.addRoute(['dm.members', 'im.members'], { authRequired: true },
 			limit: count
 		});

-		const ourFields = Object.assign({ _id: 1, username: 1, status: 1 }, fields, RocketChat.API.v1.defaultFieldsToExclude);
-		const users = RocketChat.models.Users.find({ username: { $in: members } }, { fields: ourFields }).fetch();
+		const users = RocketChat.models.Users.find({ username: { $in: members } },
+			{ fields: { _id: 1, username: 1, name: 1, status: 1, utcOffset: 1 } }).fetch();

 		return RocketChat.API.v1.success({
 			members: users,