diff --git a/app/api/server/api.js b/app/api/server/api.js index 7f4f34fa5d309..67f40369b6859 100644 --- a/app/api/server/api.js +++ b/app/api/server/api.js @@ -40,7 +40,7 @@ export class APIClass extends Restivus { importIds: 0, e2e: 0, }; - this.limitedUserFieldsToExclude = { + this.defaultLimitedUserFieldsToExclude = { avatarOrigin: 0, emails: 0, phone: 0, @@ -53,14 +53,25 @@ export class APIClass extends Restivus { roles: 0, statusDefault: 0, _updatedAt: 0, - customFields: 0, settings: 0, }; + this.limitedUserFieldsToExclude = this.defaultLimitedUserFieldsToExclude; this.limitedUserFieldsToExcludeIfIsPrivilegedUser = { services: 0, }; } + setLimitedCustomFields(customFields) { + const nonPublicFieds = customFields.reduce((acc, customField) => { + acc[`customFields.${ customField }`] = 0; + return acc; + }, {}); + this.limitedUserFieldsToExclude = { + ...this.defaultLimitedUserFieldsToExclude, + ...nonPublicFieds, + }; + } + hasHelperMethods() { return API.helperMethods.size !== 0; } @@ -599,6 +610,16 @@ settings.get('API_Enable_CORS', (key, value) => { createApi(value); }); +settings.get('Accounts_CustomFields', (key, value) => { + try { + const customFields = JSON.parse(value); + const nonPublicCustomFields = Object.keys(customFields).filter((customFieldKey) => customFields[customFieldKey].public !== true); + API.v1.setLimitedCustomFields(nonPublicCustomFields); + } catch (error) { + console.warn('Invalid Custom Fields', error); + } +}); + settings.get('API_Enable_Rate_Limiter_Limit_Time_Default', (key, value) => { defaultRateLimiterOptions.intervalTimeInMS = value; API.v1.reloadRoutesToRefreshRateLimiter();