From 82b20392fea9cb486a879167d7fd627961261abf Mon Sep 17 00:00:00 2001 From: Carlos Palhares Date: Thu, 19 Dec 2024 18:30:49 +0000 Subject: [PATCH] Filter sensitive user data out of user list response --- audiences/app/controllers/audiences/contexts_controller.rb | 2 +- audiences/app/models/audiences/external_user.rb | 2 +- audiences/app/models/audiences/users_search.rb | 2 +- audiences/spec/controllers/contexts_controller_spec.rb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/audiences/app/controllers/audiences/contexts_controller.rb b/audiences/app/controllers/audiences/contexts_controller.rb index 50831e05..0e8e16db 100644 --- a/audiences/app/controllers/audiences/contexts_controller.rb +++ b/audiences/app/controllers/audiences/contexts_controller.rb @@ -17,7 +17,7 @@ def users limit: params[:limit], offset: params[:offset]) - render json: search + render json: search, only: %w[id externalId displayName photos] end private diff --git a/audiences/app/models/audiences/external_user.rb b/audiences/app/models/audiences/external_user.rb index 86e0577b..78f9f0db 100644 --- a/audiences/app/models/audiences/external_user.rb +++ b/audiences/app/models/audiences/external_user.rb @@ -29,7 +29,7 @@ def self.wrap(resources) end def as_json(*) - data.as_json + data.as_json(*) end end end diff --git a/audiences/app/models/audiences/users_search.rb b/audiences/app/models/audiences/users_search.rb index 07f67ab9..a6db67f6 100644 --- a/audiences/app/models/audiences/users_search.rb +++ b/audiences/app/models/audiences/users_search.rb @@ -13,7 +13,7 @@ def initialize(query:, limit: nil, offset: 0, scope: ExternalUser) def as_json(*) { - users: users, + users: users.as_json(*), count: count, } end diff --git a/audiences/spec/controllers/contexts_controller_spec.rb b/audiences/spec/controllers/contexts_controller_spec.rb index dcaa0732..18f5c70f 100644 --- a/audiences/spec/controllers/contexts_controller_spec.rb +++ b/audiences/spec/controllers/contexts_controller_spec.rb @@ -158,7 +158,7 @@ criterion.users.create!([ { user_id: 1, data: { "externalId" => 1, "displayName" => "John" } }, { user_id: 2, data: { "externalId" => 2, "displayName" => "Jose" } }, - { user_id: 3, data: { "externalId" => 3, "displayName" => "Nelson" } }, + { user_id: 3, data: { "externalId" => 3, "displayName" => "Nelson", "confidential" => "data" } }, ]) get :users, params: { key: example_context.signed_key, criterion_id: criterion.id }