diff --git a/website/server/controllers/api-v3/tasks.js b/website/server/controllers/api-v3/tasks.js index 92f28d7145..dd12bc70c6 100644 --- a/website/server/controllers/api-v3/tasks.js +++ b/website/server/controllers/api-v3/tasks.js @@ -159,7 +159,9 @@ let requiredGroupFields = '_id leader tasksOrder name'; api.createUserTasks = { method: 'POST', url: '/tasks/user', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let tasks = await createTasks(req, res, {user}); @@ -230,7 +232,9 @@ api.createUserTasks = { api.createChallengeTasks = { method: 'POST', url: '/tasks/challenge/:challengeId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID(); @@ -284,7 +288,9 @@ api.createChallengeTasks = { api.getUserTasks = { method: 'GET', url: '/tasks/user', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let types = Tasks.tasksTypes.map(type => `${type}s`); types.push('completedTodos', '_allCompletedTodos'); // _allCompletedTodos is currently in BETA and is likely to be removed in future @@ -322,7 +328,9 @@ api.getUserTasks = { api.getChallengeTasks = { method: 'GET', url: '/tasks/challenge/:challengeId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID(); let types = Tasks.tasksTypes.map(type => `${type}s`); @@ -372,7 +380,9 @@ api.getChallengeTasks = { api.getTask = { method: 'GET', url: '/tasks/:taskId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let taskId = req.params.taskId; @@ -426,7 +436,9 @@ api.getTask = { api.updateTask = { method: 'PUT', url: '/tasks/:taskId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let challenge; @@ -538,7 +550,9 @@ api.updateTask = { api.scoreTask = { method: 'POST', url: '/tasks/:taskId/score/:direction', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('direction', res.t('directionUpDown')).notEmpty().isIn(['up', 'down']); @@ -709,7 +723,9 @@ api.scoreTask = { api.moveTask = { method: 'POST', url: '/tasks/:taskId/move/to/:position', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('taskId', apiError('taskIdRequired')).notEmpty(); req.checkParams('position', res.t('positionRequired')).notEmpty().isNumeric(); @@ -778,7 +794,9 @@ api.moveTask = { api.addChecklistItem = { method: 'POST', url: '/tasks/:taskId/checklist', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let challenge; @@ -838,7 +856,9 @@ api.addChecklistItem = { api.scoreCheckListItem = { method: 'POST', url: '/tasks/:taskId/checklist/:itemId/score', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -892,7 +912,9 @@ api.scoreCheckListItem = { api.updateChecklistItem = { method: 'PUT', url: '/tasks/:taskId/checklist/:itemId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let challenge; @@ -957,7 +979,9 @@ api.updateChecklistItem = { api.removeChecklistItem = { method: 'DELETE', url: '/tasks/:taskId/checklist/:itemId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let challenge; @@ -1020,7 +1044,9 @@ api.removeChecklistItem = { api.addTagToTask = { method: 'POST', url: '/tasks/:taskId/tags/:tagId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -1069,7 +1095,9 @@ api.addTagToTask = { api.removeTagFromTask = { method: 'DELETE', url: '/tasks/:taskId/tags/:tagId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -1114,7 +1142,9 @@ api.removeTagFromTask = { api.unlinkAllTasks = { method: 'POST', url: '/tasks/unlink-all/:challengeId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID(); req.checkQuery('keep', apiError('keepOrRemoveAll')).notEmpty().isIn(['keep-all', 'remove-all']); @@ -1181,7 +1211,9 @@ api.unlinkAllTasks = { api.unlinkOneTask = { method: 'POST', url: '/tasks/unlink-one/:taskId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('taskId', apiError('taskIdRequired')).notEmpty().isUUID(); req.checkQuery('keep', apiError('keepOrRemove')).notEmpty().isIn(['keep', 'remove']); @@ -1231,7 +1263,9 @@ api.unlinkOneTask = { api.clearCompletedTodos = { method: 'POST', url: '/tasks/clearCompletedTodos', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; @@ -1282,7 +1316,9 @@ api.clearCompletedTodos = { api.deleteTask = { method: 'DELETE', url: '/tasks/:taskId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { let user = res.locals.user; let challenge; diff --git a/website/server/controllers/api-v3/tasks/groups.js b/website/server/controllers/api-v3/tasks/groups.js index 9a920b5b3e..bd68fe6d2d 100644 --- a/website/server/controllers/api-v3/tasks/groups.js +++ b/website/server/controllers/api-v3/tasks/groups.js @@ -39,7 +39,9 @@ let api = {}; api.createGroupTasks = { method: 'POST', url: '/tasks/group/:groupId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('groupId', apiError('groupIdRequired')).notEmpty().isUUID(); @@ -83,7 +85,9 @@ api.createGroupTasks = { api.getGroupTasks = { method: 'GET', url: '/tasks/group/:groupId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('groupId', apiError('groupIdRequired')).notEmpty().isUUID(); req.checkQuery('type', res.t('invalidTasksType')).optional().isIn(types); @@ -116,7 +120,9 @@ api.getGroupTasks = { api.groupMoveTask = { method: 'POST', url: '/group-tasks/:taskId/move/to/:position', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('taskId', apiError('taskIdRequired')).notEmpty(); req.checkParams('position', res.t('positionRequired')).notEmpty().isNumeric(); @@ -167,7 +173,9 @@ api.groupMoveTask = { api.assignTask = { method: 'POST', url: '/tasks/:taskId/assign/:assignedUserId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('taskId', apiError('taskIdRequired')).notEmpty().isUUID(); req.checkParams('assignedUserId', res.t('userIdRequired')).notEmpty().isUUID(); @@ -227,7 +235,9 @@ api.assignTask = { api.unassignTask = { method: 'POST', url: '/tasks/:taskId/unassign/:assignedUserId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('taskId', apiError('taskIdRequired')).notEmpty().isUUID(); req.checkParams('assignedUserId', res.t('userIdRequired')).notEmpty().isUUID(); @@ -277,7 +287,9 @@ api.unassignTask = { api.approveTask = { method: 'POST', url: '/tasks/:taskId/approve/:userId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('taskId', apiError('taskIdRequired')).notEmpty().isUUID(); req.checkParams('userId', res.t('userIdRequired')).notEmpty().isUUID(); @@ -373,7 +385,9 @@ api.approveTask = { api.taskNeedsWork = { method: 'POST', url: '/tasks/:taskId/needs-work/:userId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('taskId', apiError('taskIdRequired')).notEmpty().isUUID(); req.checkParams('userId', res.t('userIdRequired')).notEmpty().isUUID(); @@ -470,7 +484,9 @@ api.taskNeedsWork = { api.getGroupApprovals = { method: 'GET', url: '/approvals/group/:groupId', - middlewares: [authWithHeaders()], + middlewares: [authWithHeaders({ + userFieldsToExclude: ['inbox'], + })], async handler (req, res) { req.checkParams('groupId', apiError('groupIdRequired')).notEmpty().isUUID();