User Emails only returned if UserType is LOCAL_USER

GEWIS / sudosos-backend

SudoSOS is a Node.js-based Bar and POS system made for study association GEWIS.

https://sudosos.gewis.nl

GNU Affero General Public License v3.0

4 stars 3 forks source link

User Emails only returned if UserType is LOCAL_USER #138

Open CodeNamedRobin opened 7 months ago

CodeNamedRobin commented 7 months ago

For management reasons it would be nice if all user emails are returned. From revision-to-response.ts:149 : email: user.type === UserType.LOCAL_USER ? user.email : undefined,

Yoronex commented 1 week ago

Depends on full implementation of https://github.com/GEWIS/sudosos-backend/issues/62, because of https://github.com/GEWIS/sudosos-backend/issues/23. Because every SudoSOS user is allowed to fetch all users within SudoSOS, they can then also find out all email addresses, which leaks a lot of personal information.