From aad60309f4c4ad3126c598631bbb7a6d69685b02 Mon Sep 17 00:00:00 2001
From: Marcos Defendi <marcos.defendi@ulbra.inf.br>
Date: Tue, 31 Jul 2018 13:11:22 -0300
Subject: [PATCH 1/2] Fix getFullUserData function because it was with a
 variable with the same name plus some wrong permissions

---
 .../server/functions/getFullUserData.js       | 50 ++++++++++---------
 1 file changed, 27 insertions(+), 23 deletions(-)

diff --git a/packages/rocketchat-lib/server/functions/getFullUserData.js b/packages/rocketchat-lib/server/functions/getFullUserData.js
index 6b73befb42f1..043623ce94fd 100644
--- a/packages/rocketchat-lib/server/functions/getFullUserData.js
+++ b/packages/rocketchat-lib/server/functions/getFullUserData.js
@@ -28,34 +28,38 @@ const fullFields = {
 let publicCustomFields = {};
 let customFields = {};
 
-RocketChat.settings.get('Accounts_CustomFields', (key, value) => {
-	publicCustomFields = {};
-	customFields = {};
-
-	if (!value.trim()) {
-		return;
-	}
-
-	try {
-		const customFields = JSON.parse(value.trim());
-		Object.keys(customFields).forEach(key => {
-			const element = customFields[key];
-			if (element.public) {
-				publicCustomFields[`customFields.${ key }`] = 1;
-			}
-			customFields[`customFields.${ key }`] = 1;
-		});
-	} catch (e) {
-		logger.warn(`The JSON specified for "Accounts_CustomFields" is invalid. The following error was thrown: ${ e }`);
-	}
+const fillCustomFields = ({ isMyOwnInfo }) => {
+	RocketChat.settings.get('Accounts_CustomFields', (key, value) => {
+		publicCustomFields = {};
+		customFields = {};
+
+		if (!value.trim()) {
+			return;
+		}
+
+		try {
+			const customFieldsOnServer = JSON.parse(value.trim());
+			Object.keys(customFieldsOnServer).forEach(key => {
+				const element = customFieldsOnServer[key];
+				if (element.public || isMyOwnInfo) {
+					publicCustomFields[`customFields.${ key }`] = 1;
+				}
+				customFields[`customFields.${ key }`] = 1;
+			});
+		} catch (e) {
+			logger.warn(`The JSON specified for "Accounts_CustomFields" is invalid. The following error was thrown: ${ e }`);
+		}
+
+	});
+};
 
-});
 
 RocketChat.getFullUserData = function({ userId, filter, limit: l }) {
 	const username = s.trim(filter);
-
+	const userToRetrieveFullUserData = RocketChat.models.Users.findOneByUsername(username);
+	const isMyOwnInfo = userToRetrieveFullUserData && userToRetrieveFullUserData._id === userId;
+	fillCustomFields({ isMyOwnInfo });
 	const viewFullOtherUserInfo = RocketChat.authz.hasPermission(userId, 'view-full-other-user-info');
-
 	const limit = !viewFullOtherUserInfo ? 1 : l;
 
 	if (!username && limit <= 1) {

From 9b33308ba5d331603862933154633847dd375cba Mon Sep 17 00:00:00 2001
From: Diego Sampaio <chinello@gmail.com>
Date: Wed, 1 Aug 2018 14:29:55 -0300
Subject: [PATCH 2/2] Simplify customFields logic

---
 .../server/functions/getFullUserData.js       | 45 +++++++++----------
 1 file changed, 20 insertions(+), 25 deletions(-)

diff --git a/packages/rocketchat-lib/server/functions/getFullUserData.js b/packages/rocketchat-lib/server/functions/getFullUserData.js
index 043623ce94fd..5b306045851d 100644
--- a/packages/rocketchat-lib/server/functions/getFullUserData.js
+++ b/packages/rocketchat-lib/server/functions/getFullUserData.js
@@ -28,37 +28,32 @@ const fullFields = {
 let publicCustomFields = {};
 let customFields = {};
 
-const fillCustomFields = ({ isMyOwnInfo }) => {
-	RocketChat.settings.get('Accounts_CustomFields', (key, value) => {
-		publicCustomFields = {};
-		customFields = {};
+RocketChat.settings.get('Accounts_CustomFields', (key, value) => {
+	publicCustomFields = {};
+	customFields = {};
 
-		if (!value.trim()) {
-			return;
-		}
-
-		try {
-			const customFieldsOnServer = JSON.parse(value.trim());
-			Object.keys(customFieldsOnServer).forEach(key => {
-				const element = customFieldsOnServer[key];
-				if (element.public || isMyOwnInfo) {
-					publicCustomFields[`customFields.${ key }`] = 1;
-				}
-				customFields[`customFields.${ key }`] = 1;
-			});
-		} catch (e) {
-			logger.warn(`The JSON specified for "Accounts_CustomFields" is invalid. The following error was thrown: ${ e }`);
-		}
-
-	});
-};
+	if (!value.trim()) {
+		return;
+	}
 
+	try {
+		const customFieldsOnServer = JSON.parse(value.trim());
+		Object.keys(customFieldsOnServer).forEach(key => {
+			const element = customFieldsOnServer[key];
+			if (element.public) {
+				publicCustomFields[`customFields.${ key }`] = 1;
+			}
+			customFields[`customFields.${ key }`] = 1;
+		});
+	} catch (e) {
+		logger.warn(`The JSON specified for "Accounts_CustomFields" is invalid. The following error was thrown: ${ e }`);
+	}
+});
 
 RocketChat.getFullUserData = function({ userId, filter, limit: l }) {
 	const username = s.trim(filter);
 	const userToRetrieveFullUserData = RocketChat.models.Users.findOneByUsername(username);
 	const isMyOwnInfo = userToRetrieveFullUserData && userToRetrieveFullUserData._id === userId;
-	fillCustomFields({ isMyOwnInfo });
 	const viewFullOtherUserInfo = RocketChat.authz.hasPermission(userId, 'view-full-other-user-info');
 	const limit = !viewFullOtherUserInfo ? 1 : l;
 
@@ -66,7 +61,7 @@ RocketChat.getFullUserData = function({ userId, filter, limit: l }) {
 		return undefined;
 	}
 
-	const _customFields = viewFullOtherUserInfo ? customFields : publicCustomFields;
+	const _customFields = isMyOwnInfo || viewFullOtherUserInfo ? customFields : publicCustomFields;
 
 	const fields = viewFullOtherUserInfo ? { ...defaultFields, ...fullFields, ..._customFields } : { ...defaultFields, ..._customFields };