From 52c6fe34b24d599ea3174535192e085f91d40e43 Mon Sep 17 00:00:00 2001 From: Michael Genson <71845777+michael-genson@users.noreply.github.com> Date: Fri, 15 Mar 2024 19:50:39 +0000 Subject: [PATCH] remove potentially sensitive fields from group self --- frontend/composables/use-groups.ts | 4 ++-- frontend/lib/api/types/user.ts | 7 +++++++ frontend/lib/api/user/groups.ts | 4 ++-- .../groups/controller_group_self_service.py | 6 +++--- mealie/schema/user/user.py | 15 +++++++++++++++ 5 files changed, 29 insertions(+), 7 deletions(-) diff --git a/frontend/composables/use-groups.ts b/frontend/composables/use-groups.ts index f9b91283469b..01c164f4a577 100644 --- a/frontend/composables/use-groups.ts +++ b/frontend/composables/use-groups.ts @@ -1,8 +1,8 @@ import { useAsync, ref } from "@nuxtjs/composition-api"; import { useUserApi } from "~/composables/api"; -import { GroupBase, GroupInDB } from "~/lib/api/types/user"; +import { GroupBase, GroupSummary } from "~/lib/api/types/user"; -const groupSelfRef = ref(null); +const groupSelfRef = ref(null); const loading = ref(false); export const useGroupSelf = function () { diff --git a/frontend/lib/api/types/user.ts b/frontend/lib/api/types/user.ts index 681dc5291afa..35ae18f132b6 100644 --- a/frontend/lib/api/types/user.ts +++ b/frontend/lib/api/types/user.ts @@ -48,6 +48,13 @@ export interface GroupInDB { users?: UserOut[]; preferences?: ReadGroupPreferences; } +export interface GroupSummary { + name: string; + id: string; + slug: string; + preferences?: ReadGroupPreferences; + +} export interface CategoryBase { name: string; id: string; diff --git a/frontend/lib/api/user/groups.ts b/frontend/lib/api/user/groups.ts index 090f4fabc590..19f5cff9152b 100644 --- a/frontend/lib/api/user/groups.ts +++ b/frontend/lib/api/user/groups.ts @@ -1,5 +1,5 @@ import { BaseCRUDAPI } from "../base/base-clients"; -import { CategoryBase, GroupBase, GroupInDB, UserOut } from "~/lib/api/types/user"; +import { CategoryBase, GroupBase, GroupInDB, GroupSummary, UserOut } from "~/lib/api/types/user"; import { CreateInviteToken, GroupAdminUpdate, @@ -35,7 +35,7 @@ export class GroupAPI extends BaseCRUDAPI(routes.groupsSelf); + return await this.requests.get(routes.groupsSelf); } async getCategories() { diff --git a/mealie/routes/groups/controller_group_self_service.py b/mealie/routes/groups/controller_group_self_service.py index 92fc53a13a60..3fa018bdfb8f 100644 --- a/mealie/routes/groups/controller_group_self_service.py +++ b/mealie/routes/groups/controller_group_self_service.py @@ -8,7 +8,7 @@ from mealie.routes._base.routers import UserAPIRouter from mealie.schema.group.group_permissions import SetPermissions from mealie.schema.group.group_preferences import ReadGroupPreferences, UpdateGroupPreferences from mealie.schema.group.group_statistics import GroupStatistics, GroupStorage -from mealie.schema.user.user import GroupInDB, UserOut +from mealie.schema.user.user import GroupInDB, GroupSummary, UserOut from mealie.services.group_services.group_service import GroupService router = UserAPIRouter(prefix="/groups", tags=["Groups: Self Service"]) @@ -20,10 +20,10 @@ class GroupSelfServiceController(BaseUserController): def service(self) -> GroupService: return GroupService(self.group_id, self.repos) - @router.get("/self", response_model=GroupInDB) + @router.get("/self", response_model=GroupSummary) def get_logged_in_user_group(self): """Returns the Group Data for the Current User""" - return self.group + return self.group.cast(GroupSummary) @router.get("/members", response_model=list[UserOut]) def get_group_members(self): diff --git a/mealie/schema/user/user.py b/mealie/schema/user/user.py index 864ff6bd5ed7..dceb32acc18c 100644 --- a/mealie/schema/user/user.py +++ b/mealie/schema/user/user.py @@ -249,6 +249,21 @@ class GroupInDB(UpdateGroup): ] +class GroupSummary(MealieModel): + id: UUID4 + name: str + slug: str + preferences: ReadGroupPreferences | None = None + + model_config = ConfigDict(from_attributes=True) + + @classmethod + def loader_options(cls) -> list[LoaderOption]: + return [ + joinedload(Group.preferences), + ] + + class GroupPagination(PaginationBase): items: list[GroupInDB]