Merge pull request #4880 from sbwalker/dev

User Settings should only be accessible to individual users or administrators
2024-11-27 13:16:04 -05:00 · 2024-11-27 13:16:04 -05:00 · 497b255216
commit 497b255216
parent 2441647d75 d96286d771
1 changed files with 1 additions and 14 deletions
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@ -145,20 +145,7 @@ namespace Oqtane.Controllers
                    filtered.DeletedBy = user.DeletedBy;
                    filtered.DeletedOn = user.DeletedOn;
                    filtered.IsDeleted = user.IsDeleted;
-                }
-
-                // if authenticated user is accessing their own user account
-                if (_userPermissions.GetUser(User).UserId == user.UserId)
-                {
-                    // include all settings
-                    filtered.Settings = user.Settings;
-                }
-                else
-                {
-                    // include only public settings
-                    filtered.Settings = _settings.GetSettings(EntityNames.User, user.UserId)
-                        .Where(item => !item.IsPrivate)
-                        .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
+                    filtered.Settings = user.Settings; // include all settings
                }
            }