remove potentially sensitive fields from group self

frontend/composables/use-groups.ts

@@ -1,8 +1,8 @@
 import { useAsync, ref } from "@nuxtjs/composition-api";
 import { useUserApi } from "~/composables/api";
-import { GroupBase, GroupInDB } from "~/lib/api/types/user";
+import { GroupBase, GroupSummary } from "~/lib/api/types/user";
 
-const groupSelfRef = ref<GroupInDB | null>(null);
+const groupSelfRef = ref<GroupSummary | null>(null);
 const loading = ref(false);
 
 export const useGroupSelf = function () {

frontend/lib/api/types/user.ts

@@ -48,6 +48,13 @@ export interface GroupInDB {
   users?: UserOut[];
   preferences?: ReadGroupPreferences;
 }
+export interface GroupSummary {
+  name: string;
+  id: string;
+  slug: string;
+  preferences?: ReadGroupPreferences;
+
+}
 export interface CategoryBase {
   name: string;
   id: string;

frontend/lib/api/user/groups.ts

@@ -1,5 +1,5 @@
 import { BaseCRUDAPI } from "../base/base-clients";
-import { CategoryBase, GroupBase, GroupInDB, UserOut } from "~/lib/api/types/user";
+import { CategoryBase, GroupBase, GroupInDB, GroupSummary, UserOut } from "~/lib/api/types/user";
 import {
   CreateInviteToken,
   GroupAdminUpdate,
@@ -35,7 +35,7 @@ export class GroupAPI extends BaseCRUDAPI<GroupBase, GroupInDB, GroupAdminUpdate
   /** Returns the Group Data for the Current User
    */
   async getCurrentUserGroup() {
-    return await this.requests.get<GroupInDB>(routes.groupsSelf);
+    return await this.requests.get<GroupSummary>(routes.groupsSelf);
   }
 
   async getCategories() {

mealie/routes/groups/controller_group_self_service.py

@@ -8,7 +8,7 @@ from mealie.routes._base.routers import UserAPIRouter
 from mealie.schema.group.group_permissions import SetPermissions
 from mealie.schema.group.group_preferences import ReadGroupPreferences, UpdateGroupPreferences
 from mealie.schema.group.group_statistics import GroupStatistics, GroupStorage
-from mealie.schema.user.user import GroupInDB, UserOut
+from mealie.schema.user.user import GroupInDB, GroupSummary, UserOut
 from mealie.services.group_services.group_service import GroupService
 
 router = UserAPIRouter(prefix="/groups", tags=["Groups: Self Service"])
@@ -20,10 +20,10 @@ class GroupSelfServiceController(BaseUserController):
     def service(self) -> GroupService:
         return GroupService(self.group_id, self.repos)
 
-    @router.get("/self", response_model=GroupInDB)
+    @router.get("/self", response_model=GroupSummary)
     def get_logged_in_user_group(self):
         """Returns the Group Data for the Current User"""
-        return self.group
+        return self.group.cast(GroupSummary)
 
     @router.get("/members", response_model=list[UserOut])
     def get_group_members(self):

mealie/schema/user/user.py

@@ -249,6 +249,21 @@ class GroupInDB(UpdateGroup):
         ]
 
 
+class GroupSummary(MealieModel):
+    id: UUID4
+    name: str
+    slug: str
+    preferences: ReadGroupPreferences | None = None
+
+    model_config = ConfigDict(from_attributes=True)
+
+    @classmethod
+    def loader_options(cls) -> list[LoaderOption]:
+        return [
+            joinedload(Group.preferences),
+        ]
+
+
 class GroupPagination(PaginationBase):
     items: list[GroupInDB]