From 492e8ad655562bfba83132c419387f20ed876b2c Mon Sep 17 00:00:00 2001
From: eiknat <eiknat@protonmail.com>
Date: Fri, 7 Aug 2020 22:43:33 -0400
Subject: [PATCH] user_view: add fn to return sanitized fields

---
 server/lemmy_db/src/user_view.rs | 29 +++++++++++++++++++++++++++++
 server/src/api/user.rs           |  2 +-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/server/lemmy_db/src/user_view.rs b/server/lemmy_db/src/user_view.rs
index ce75ef4d..f304b176 100644
--- a/server/lemmy_db/src/user_view.rs
+++ b/server/lemmy_db/src/user_view.rs
@@ -223,4 +223,33 @@ impl UserView {
       .filter(banned.eq(true))
       .load::<Self>(conn)
   }
+
+  pub fn get_user_secure(conn: &PgConnection, user_id: i32) -> Result<Self, Error> {
+    use super::user_view::user_fast::dsl::*;
+    use diesel::sql_types::{Nullable, Text};
+    user_fast
+      .select((
+        id,
+        actor_id,
+        name,
+        preferred_username,
+        avatar,
+        banner,
+        "".into_sql::<Nullable<Text>>(),
+        matrix_user_id,
+        bio,
+        local,
+        admin,
+        banned,
+        show_avatars,
+        send_notifications_to_email,
+        published,
+        number_of_posts,
+        post_score,
+        number_of_comments,
+        comment_score,
+      ))
+      .find(user_id)
+      .first::<Self>(conn)
+  }
 }
diff --git a/server/src/api/user.rs b/server/src/api/user.rs
index ffdcee9a..f5ab84c5 100644
--- a/server/src/api/user.rs
+++ b/server/src/api/user.rs
@@ -857,7 +857,7 @@ impl Perform for Oper<BanUser> {
     blocking(pool, move |conn| ModBan::create(conn, &form)).await??;
 
     let user_id = data.user_id;
-    let user_view = blocking(pool, move |conn| UserView::read(conn, user_id)).await??;
+    let user_view = blocking(pool, move |conn| UserView::get_user_secure(conn, user_id)).await??;
 
     let res = BanUserResponse {
       user: user_view,