fix(secure): remove user list from roles and permissions field to avoid leaking userlist (#1614)

* fix(secure): remove user list from roles and permissions field to avoid leaking userlist

Signed-off-by: fengxsong <fengxsong@outlook.com>

* Update permission.go

* Update role.go

---------

Signed-off-by: fengxsong <fengxsong@outlook.com>
Co-authored-by: hsluoyz <hsluoyz@qq.com>

object/permission.go

@@ -245,6 +245,10 @@ func GetPermissionsByUser(userId string) []*Permission {
 		panic(err)
 	}
 
+	for i := range permissions {
+		permissions[i].Users = nil
+	}
+
 	return permissions
 }
 

object/role.go

@@ -159,6 +159,10 @@ func GetRolesByUser(userId string) []*Role {
 		panic(err)
 	}
 
+	for i := range roles {
+		roles[i].Users = nil
+	}
+
 	return roles
 }