Clarify the sensitive/sanitized logic (#25034)

I was looking at the high number of user_updated ws events and ran across this piece of code. Had a hard time digesting it, thought of adding a comment for people to understand it more clearly. ```release-note NONE ```
2025-02-25 18:55:24 -06:00 · 2023-10-20 20:49:50 +05:30 · 2023-10-20 20:49:50 +05:30 · 2f5ca43158
commit 2f5ca43158
parent 5196a184a0
1 changed files with 7 additions and 0 deletions
--- a/server/channels/app/platform/web_conn.go
+++ b/server/channels/app/platform/web_conn.go
@ -744,6 +744,13 @@ func (wc *WebConn) ShouldSendEvent(msg *model.WebSocketEvent) bool {
 		}
 	}

+	// There are two checks here which differentiates between what to send to an admin user and what to send to a normal user.
+	// For websocket events containing sensitive data, we split that to create two events:
+	// 1. We sanitize all fields, and set ContainsSanitizedData to true. This goes to normal users.
+	// 2. We don't sanitize, and set ContainsSensitiveData to true. This goes to admins.
+	// Setting both ContainsSanitizedData and ContainsSensitiveData for the same event is a bug, and in that case
+	// the event gets sent to no one. This is unit tested in TestWebConnShouldSendEvent.
+
 	// If the event contains sanitized data, only send to users that don't have permission to
 	// see sensitive data. Prevents admin clients from receiving events with bad data
 	var hasReadPrivateDataPermission *bool