User Settings should only be accessible to individual users or admini…

…strators
oqtane · Nov 27, 2024 · d96286d · d96286d
1 parent 77b780d
commit d96286d
Showing 1 changed file with 1 addition and 14 deletions.
diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs
@@ -145,20 +145,7 @@ private User Filter(User user)
                     filtered.DeletedBy = user.DeletedBy;
                     filtered.DeletedOn = user.DeletedOn;
                     filtered.IsDeleted = user.IsDeleted;
-                }
-
-                // if authenticated user is accessing their own user account
-                if (_userPermissions.GetUser(User).UserId == user.UserId)
-                {
-                    // include all settings
-                    filtered.Settings = user.Settings;
-                }
-                else
-                {
-                    // include only public settings
-                    filtered.Settings = _settings.GetSettings(EntityNames.User, user.UserId)
-                        .Where(item => !item.IsPrivate)
-                        .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
+                    filtered.Settings = user.Settings; // include all settings
                 }
             }