From 0529f2fb5d252b01da8f2d4d7d9c700e4c11155c Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 29 Jun 2022 16:31:21 -0400
Subject: [PATCH] fix: use `user.hidePrivateData();` more consistently across
 user retrieval endpoints

---
 src/controllers/accounts/helpers.js | 15 +++------------
 src/controllers/user.js             |  9 ++-------
 2 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/src/controllers/accounts/helpers.js b/src/controllers/accounts/helpers.js
index e151f7c731..526175a838 100644
--- a/src/controllers/accounts/helpers.js
+++ b/src/controllers/accounts/helpers.js
@@ -28,7 +28,7 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {})
 	}
 	await parseAboutMe(results.userData);
 
-	const { userData } = results;
+	let { userData } = results;
 	const { userSettings } = results;
 	const { isAdmin } = results;
 	const { isGlobalModerator } = results;
@@ -41,17 +41,8 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {})
 		userData.birthday ? Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000) : 0
 	);
 
-	userData.emailClass = 'hide';
-
-	if (!results.canEdit && (!userSettings.showemail || meta.config.hideEmail)) {
-		userData.email = '';
-	} else if (!userSettings.showemail) {
-		userData.emailClass = '';
-	}
-
-	if (!results.canEdit && (!userSettings.showfullname || meta.config.hideFullname)) {
-		userData.fullname = '';
-	}
+	userData = await user.hidePrivateData(userData, callerUID);
+	userData.emailClass = userSettings.showemail ? 'hide' : '';
 
 	if (isAdmin || isSelf || (canViewInfo && !results.isTargetAdmin)) {
 		userData.ips = results.ips;
diff --git a/src/controllers/user.js b/src/controllers/user.js
index 9e038ea2c6..08772117a1 100644
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@@ -3,7 +3,6 @@
 const path = require('path');
 
 const user = require('../user');
-const meta = require('../meta');
 const privileges = require('../privileges');
 const accountHelpers = require('./accounts/helpers');
 
@@ -68,17 +67,13 @@ userController.getUserDataByUID = async function (callerUid, uid) {
 	if (!canView) {
 		throw new Error('[[error:no-privileges]]');
 	}
-	const [userData, settings] = await Promise.all([
-		user.getUserData(uid),
-		user.getSettings(uid),
-	]);
 
+	let userData = await user.getUserData(uid);
 	if (!userData) {
 		throw new Error('[[error:no-user]]');
 	}
 
-	userData.email = settings.showemail && !meta.config.hideEmail ? userData.email : undefined;
-	userData.fullname = settings.showfullname && !meta.config.hideFullname ? userData.fullname : undefined;
+	userData = await user.hidePrivateData(userData, callerUid);
 
 	return userData;
 };