feat: get-user API respects org's account item's view rules now (#3882)

2025-07-02 03:00:18 +08:00 · 2025-06-16 20:09:21 +08:00
parent 12cc0f429e
commit 6dc7b4d533
3 changed files with 121 additions and 41 deletions
--- a/controllers/user.go
+++ b/controllers/user.go
@ -197,8 +197,8 @@ func (c *ApiController) GetUser() {
 		return
 	}

+	var organization *object.Organization
 	if user != nil {
-		var organization *object.Organization
 		organization, err = object.GetOrganizationByUser(user)
 		if err != nil {
 			c.ResponseError(err.Error())
@ -237,6 +237,14 @@ func (c *ApiController) GetUser() {
 		return
 	}

+	if organization != nil && user != nil {
+		user, err = object.GetFilteredUser(user, c.IsAdmin(), c.IsAdminOrSelf(user), organization.AccountItems)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	}
+
 	c.ResponseOk(user)
 }