Skip to content

Commit e76441c

Browse files
jmgasperjmgasper
committed
Loosen up this particular member ID search to better match what we did in v5
1 parent fbcd4e5 commit e76441c

File tree

1 file changed

+10
-1
lines changed

1 file changed

+10
-1
lines changed

src/services/SearchService.js

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -162,9 +162,18 @@ async function searchMembers (currentUser, query) {
162162
}
163163

164164
// search for the members based on query
165+
// Allow sanitized responses for explicit lookups even without elevated privileges.
166+
const isExplicitMemberLookup =
167+
query.userId != null ||
168+
(_.isArray(query.userIds) && query.userIds.length > 0) ||
169+
(!_.isEmpty(query.handle)) ||
170+
(_.isArray(query.handles) && query.handles.length > 0) ||
171+
(!_.isEmpty(query.handleLower)) ||
172+
(_.isArray(query.handlesLower) && query.handlesLower.length > 0)
173+
165174
const canBypassStatusRestriction = currentUser && (currentUser.isMachine || helper.hasAdminRole(currentUser))
166175
const prismaFilter = prismaHelper.buildSearchMemberFilter(query, {
167-
restrictStatus: !canBypassStatusRestriction
176+
restrictStatus: !(canBypassStatusRestriction || isExplicitMemberLookup)
168177
})
169178
logger.debug(`searchMembers: prisma filter ${stringifyForLog(prismaFilter)}`)
170179
const searchData = await fillMembers(prismaFilter, query, fields)

0 commit comments

Comments
 (0)