IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Update reviewable user serializer payload

Browse Source 
Exclude email from reviewable user serializer based on user scope.
This commit is contained in:
Blake Erickson
2024-05-30 11:30:06 -06:00
committed by Nat
parent 67e7808603
commit e2a7265dba
2 changed files with 37 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/serializers/reviewable_user_serializer.rb
View File

@@ -16,4 +16,14 @@ class ReviewableUserSerializer < ReviewableSerializer
def include_user_fields?
object.target.present? && object.target.user_fields.present?
end
def attributes(*args)
data = super
data[:payload]&.delete("email") if !include_email?
data
end
def include_email?
scope.can_check_emails?(scope.user)
end
end