Show access secret if isAdminOrSelf is true in get-user and get-account APIs

2025-07-03 20:50:19 +08:00 · 2023-07-19 19:14:53 +08:00
parent 5c441d195c
commit 38f031bc86
5 changed files with 26 additions and 7 deletions
--- a/object/record.go
+++ b/object/record.go
@ -161,7 +161,8 @@ func SendWebhooks(record *Record) error {

 		if matched {
 			if webhook.IsUserExtended {
-				user, err := GetMaskedUser(getUser(record.Organization, record.User))
+				user, err := getUser(record.Organization, record.User)
+				user, err = GetMaskedUser(user, false, err)
 				if err != nil {
 					return err
 				}
--- a/object/user.go
+++ b/object/user.go
@ -418,7 +418,7 @@ func GetUserNoCheck(id string) (*User, error) {
 	return getUser(owner, name)
 }

-func GetMaskedUser(user *User, errs ...error) (*User, error) {
+func GetMaskedUser(user *User, isAdminOrSelf bool, errs ...error) (*User, error) {
 	if len(errs) > 0 && errs[0] != nil {
 		return nil, errs[0]
 	}
@ -430,9 +430,13 @@ func GetMaskedUser(user *User, errs ...error) (*User, error) {
 	if user.Password != "" {
 		user.Password = "***"
 	}
-	if user.AccessSecret != "" {
-		user.AccessSecret = "***"
+
+	if !isAdminOrSelf {
+		if user.AccessSecret != "" {
+			user.AccessSecret = "***"
+		}
 	}
+
 	if user.ManagedAccounts != nil {
 		for _, manageAccount := range user.ManagedAccounts {
 			manageAccount.Password = "***"
@ -456,7 +460,7 @@ func GetMaskedUsers(users []*User, errs ...error) ([]*User, error) {

 	var err error
 	for _, user := range users {
-		user, err = GetMaskedUser(user)
+		user, err = GetMaskedUser(user, false)
 		if err != nil {
 			return nil, err
 		}