fix: check 'with_members' in /systems/:ref/groups against member list privacy

This commit is contained in:
spiral 2021-11-19 10:18:12 -05:00
parent 0ca356eec3
commit 85c095a115
No known key found for this signature in database
GPG Key ID: A6059F0CA0E1BD31

View File

@ -39,6 +39,9 @@ namespace PluralKit.API
.Select(g => g.ToJson(ctx, needsMembersArray: with_members)) .Select(g => g.ToJson(ctx, needsMembersArray: with_members))
.ToListAsync(); .ToListAsync();
if (with_members && !system.MemberListPrivacy.CanAccess(ctx))
throw Errors.UnauthorizedMemberList;
if (with_members && j_groups.Count > 0) if (with_members && j_groups.Count > 0)
{ {
var q = await _repo.GetGroupMemberInfo(await groups.Select(x => x.Id).ToListAsync()); var q = await _repo.GetGroupMemberInfo(await groups.Select(x => x.Id).ToListAsync());