[MM-53192] Patch Show Full Name issue in Insights team_members API (#24027)

* [MM-53192] Patch full name leak in Insights team_members API

* Update server/channels/app/team.go

Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>

---------

Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>

server/channels/app/team.go

@@ -2149,7 +2149,8 @@ func (a *App) GetNewTeamMembersSince(c request.CTX, teamID string, opts *model.I
 		return nil, 0, model.NewAppError("GetNewTeamMembersSince", "app.insights.feature_disabled", nil, "", http.StatusNotImplemented)
 	}
 
-	ntms, count, err := a.Srv().Store().Team().GetNewTeamMembersSince(teamID, opts.StartUnixMilli, opts.Page*opts.PerPage, opts.PerPage)
+	showFullName := *a.Config().PrivacySettings.ShowFullName || a.SessionHasPermissionTo(*c.Session(), model.PermissionManageSystem)
+	ntms, count, err := a.Srv().Store().Team().GetNewTeamMembersSince(teamID, opts.StartUnixMilli, opts.Page*opts.PerPage, opts.PerPage, showFullName)
 	if err != nil {
 		return nil, 0, model.NewAppError("GetNewTeamMembersSince", model.NoTranslation, nil, "", http.StatusInternalServerError).Wrap(err)
 	}

server/channels/store/opentracinglayer/opentracinglayer.go

@@ -9652,7 +9652,7 @@ func (s *OpenTracingLayerTeamStore) GetMembersByIds(teamID string, userIds []str
 	return result, err
 }
 
-func (s *OpenTracingLayerTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int) (*model.NewTeamMembersList, int64, error) {
+func (s *OpenTracingLayerTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int, showFullName bool) (*model.NewTeamMembersList, int64, error) {
 	origCtx := s.Root.Store.Context()
 	span, newCtx := tracing.StartSpanWithParentByContext(s.Root.Store.Context(), "TeamStore.GetNewTeamMembersSince")
 	s.Root.Store.SetContext(newCtx)
@@ -9661,7 +9661,7 @@ func (s *OpenTracingLayerTeamStore) GetNewTeamMembersSince(teamID string, since
 	}()
 
 	defer span.Finish()
-	result, resultVar1, err := s.TeamStore.GetNewTeamMembersSince(teamID, since, offset, limit)
+	result, resultVar1, err := s.TeamStore.GetNewTeamMembersSince(teamID, since, offset, limit, showFullName)
 	if err != nil {
 		span.LogFields(spanlog.Error(err))
 		ext.Error.Set(span, true)

server/channels/store/retrylayer/retrylayer.go

@@ -11021,11 +11021,11 @@ func (s *RetryLayerTeamStore) GetMembersByIds(teamID string, userIds []string, r
 
 }
 
-func (s *RetryLayerTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int) (*model.NewTeamMembersList, int64, error) {
+func (s *RetryLayerTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int, showFullName bool) (*model.NewTeamMembersList, int64, error) {
 
 	tries := 0
 	for {
-		result, resultVar1, err := s.TeamStore.GetNewTeamMembersSince(teamID, since, offset, limit)
+		result, resultVar1, err := s.TeamStore.GetNewTeamMembersSince(teamID, since, offset, limit, showFullName)
 		if err == nil {
 			return result, resultVar1, nil
 		}

server/channels/store/sqlstore/team_store.go

@@ -1653,7 +1653,7 @@ func (s SqlTeamStore) GroupSyncedTeamCount() (int64, error) {
 	return count, nil
 }
 
-func (s SqlTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int) (*model.NewTeamMembersList, int64, error) {
+func (s SqlTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int, showFullName bool) (*model.NewTeamMembersList, int64, error) {
 	builderF := func(selectClause string) sq.SelectBuilder {
 		return s.getQueryBuilder().
 			Select(selectClause).
@@ -1675,7 +1675,12 @@ func (s SqlTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset
 		return nil, 0, errors.Wrap(err, "failed to count team members since")
 	}
 
-	newTeamMembersBuilder := builderF("Users.Id, Users.Username, Users.FirstName, Users.LastName, Users.Position, Users.LastPictureUpdate, TeamMembers.CreateAt, Users.Nickname").
+	selectClause := "Users.Id, Users.Username, Users.Position, Users.LastPictureUpdate, TeamMembers.CreateAt, Users.Nickname"
+	if showFullName {
+		selectClause += ", Users.FirstName, Users.LastName"
+	}
+
+	newTeamMembersBuilder := builderF(selectClause).
 		Limit(uint64(limit + 1)).
 		Offset(uint64(offset))
 	query, args, err = newTeamMembersBuilder.ToSql()

server/channels/store/store.go

@@ -171,7 +171,7 @@ type TeamStore interface {
 	// users belong.
 	GetCommonTeamIDsForTwoUsers(userID, otherUserID string) ([]string, error)
 
-	GetNewTeamMembersSince(teamID string, since int64, offset int, limit int) (*model.NewTeamMembersList, int64, error)
+	GetNewTeamMembersSince(teamID string, since int64, offset int, limit int, showFullName bool) (*model.NewTeamMembersList, int64, error)
 }
 
 type ChannelStore interface {

server/channels/store/storetest/mocks/TeamStore.go

@@ -549,32 +549,32 @@ func (_m *TeamStore) GetMembersByIds(teamID string, userIds []string, restrictio
 	return r0, r1
 }
 
-// GetNewTeamMembersSince provides a mock function with given fields: teamID, since, offset, limit
-func (_m *TeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int) (*model.NewTeamMembersList, int64, error) {
-	ret := _m.Called(teamID, since, offset, limit)
+// GetNewTeamMembersSince provides a mock function with given fields: teamID, since, offset, limit, showFullName
+func (_m *TeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int, showFullName bool) (*model.NewTeamMembersList, int64, error) {
+	ret := _m.Called(teamID, since, offset, limit, showFullName)
 
 	var r0 *model.NewTeamMembersList
 	var r1 int64
 	var r2 error
-	if rf, ok := ret.Get(0).(func(string, int64, int, int) (*model.NewTeamMembersList, int64, error)); ok {
-		return rf(teamID, since, offset, limit)
+	if rf, ok := ret.Get(0).(func(string, int64, int, int, bool) (*model.NewTeamMembersList, int64, error)); ok {
+		return rf(teamID, since, offset, limit, showFullName)
 	}
-	if rf, ok := ret.Get(0).(func(string, int64, int, int) *model.NewTeamMembersList); ok {
-		r0 = rf(teamID, since, offset, limit)
+	if rf, ok := ret.Get(0).(func(string, int64, int, int, bool) *model.NewTeamMembersList); ok {
+		r0 = rf(teamID, since, offset, limit, showFullName)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).(*model.NewTeamMembersList)
 		}
 	}
 
-	if rf, ok := ret.Get(1).(func(string, int64, int, int) int64); ok {
-		r1 = rf(teamID, since, offset, limit)
+	if rf, ok := ret.Get(1).(func(string, int64, int, int, bool) int64); ok {
+		r1 = rf(teamID, since, offset, limit, showFullName)
 	} else {
 		r1 = ret.Get(1).(int64)
 	}
 
-	if rf, ok := ret.Get(2).(func(string, int64, int, int) error); ok {
-		r2 = rf(teamID, since, offset, limit)
+	if rf, ok := ret.Get(2).(func(string, int64, int, int, bool) error); ok {
+		r2 = rf(teamID, since, offset, limit, showFullName)
 	} else {
 		r2 = ret.Error(2)
 	}

server/channels/store/storetest/team_store.go

@@ -3630,6 +3630,6 @@ func testGetNewTeamMembersSince(t *testing.T, ss store.Store) {
 	})
 	require.NoError(t, err)
 
-	_, _, err = ss.Team().GetNewTeamMembersSince(team.Id, 0, 0, 1000)
+	_, _, err = ss.Team().GetNewTeamMembersSince(team.Id, 0, 0, 1000, false)
 	require.NoError(t, err)
 }

server/channels/store/timerlayer/timerlayer.go

@@ -8691,10 +8691,10 @@ func (s *TimerLayerTeamStore) GetMembersByIds(teamID string, userIds []string, r
 	return result, err
 }
 
-func (s *TimerLayerTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int) (*model.NewTeamMembersList, int64, error) {
+func (s *TimerLayerTeamStore) GetNewTeamMembersSince(teamID string, since int64, offset int, limit int, showFullName bool) (*model.NewTeamMembersList, int64, error) {
 	start := time.Now()
 
-	result, resultVar1, err := s.TeamStore.GetNewTeamMembersSince(teamID, since, offset, limit)
+	result, resultVar1, err := s.TeamStore.GetNewTeamMembersSince(teamID, since, offset, limit, showFullName)
 
 	elapsed := float64(time.Since(start)) / float64(time.Second)
 	if s.Root.Metrics != nil {