From 5420cf58bd98e1bced1bd8976359a92da2f9f68a Mon Sep 17 00:00:00 2001
From: garrettmills <shout@garrettmills.dev>
Date: Tue, 14 Sep 2021 20:42:45 -0500
Subject: [PATCH] Add flat user endpoint

---
 app/controllers/api/v1/Auth.controller.js | 20 ++++++++++++++++++++
 app/routing/routers/api/v1/auth.routes.js |  5 +++++
 2 files changed, 25 insertions(+)

diff --git a/app/controllers/api/v1/Auth.controller.js b/app/controllers/api/v1/Auth.controller.js
index 25ca701..9f680f6 100644
--- a/app/controllers/api/v1/Auth.controller.js
+++ b/app/controllers/api/v1/Auth.controller.js
@@ -220,6 +220,26 @@ class AuthController extends Controller {
         return res.api(await user.to_api())
     }
 
+    async get_user_flat(req, res, next) {
+        if ( req.params.id === 'me' )
+            return res.json(await req.user.to_api())
+
+        const User = this.models.get('auth:User')
+        const user = await User.findById(req.params.id)
+
+        if ( !user )
+            return res.status(404)
+                .message(req.T('api.user_not_found'))
+                .api()
+
+        if ( !req.user.can(`auth:user:${user.id}:view`) )
+            return res.status(401)
+                .message(req.T('api.insufficient_permissions'))
+                .api()
+
+        return res.json(await user.to_api())
+    }
+
     async get_user_photo(req, res, next) {
         let user
         if ( req.params.id === 'me' ) {
diff --git a/app/routing/routers/api/v1/auth.routes.js b/app/routing/routers/api/v1/auth.routes.js
index 94055cf..5692ab5 100644
--- a/app/routing/routers/api/v1/auth.routes.js
+++ b/app/routing/routers/api/v1/auth.routes.js
@@ -36,6 +36,11 @@ const auth_routes = {
             ['middleware::api:Permission', { check: 'v1:auth:users:get' }],
             'controller::api:v1:Auth.get_user',
         ],
+        '/users/:id/flat': [
+            'middleware::auth:APIRoute',
+            ['middleware::api:Permission', { check: 'v1:auth:users:get' }],
+            'controller::api:v1:Auth.get_user_flat',
+        ],
         '/users/:id/photo': [
             'controller::api:v1:Auth.get_user_photo',
         ],