From b42df3105d6d94fbc758daff81a5f39d4416ed42 Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 6 Jul 2022 02:47:16 +0100 Subject: Only show Followers that current user can access (#20220) (#20253) Backport #20220 Users who are following or being followed by a user should only be displayed if the viewing user can see them. Signed-off-by: Andrew Thornton --- routers/api/v1/user/follower.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'routers/api/v1/user') diff --git a/routers/api/v1/user/follower.go b/routers/api/v1/user/follower.go index 1eacb89db2..d648d50d69 100644 --- a/routers/api/v1/user/follower.go +++ b/routers/api/v1/user/follower.go @@ -24,13 +24,13 @@ func responseAPIUsers(ctx *context.APIContext, users []*user_model.User) { } func listUserFollowers(ctx *context.APIContext, u *user_model.User) { - users, err := user_model.GetUserFollowers(u, utils.GetListOptions(ctx)) + users, count, err := user_model.GetUserFollowers(ctx, u, ctx.User, utils.GetListOptions(ctx)) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserFollowers", err) return } - ctx.SetTotalCountHeader(int64(u.NumFollowers)) + ctx.SetTotalCountHeader(count) responseAPIUsers(ctx, users) } @@ -90,13 +90,13 @@ func ListFollowers(ctx *context.APIContext) { } func listUserFollowing(ctx *context.APIContext, u *user_model.User) { - users, err := user_model.GetUserFollowing(u, utils.GetListOptions(ctx)) + users, count, err := user_model.GetUserFollowing(ctx, u, ctx.User, utils.GetListOptions(ctx)) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserFollowing", err) return } - ctx.SetTotalCountHeader(int64(u.NumFollowing)) + ctx.SetTotalCountHeader(count) responseAPIUsers(ctx, users) } -- cgit v1.2.3