RocketChat
[NEW] Add permissions for viewing other user's emails, phone, roles and utc offset
This leaves for the server admin to decide whether email address, phone numbers, roles, utcOffset are sensitive information or can be viewed by any other user.
This PR makes roles accessible by regular users by default instead of only admins, since that's required for us to show role tags on the mobile clients.
Related: https://github.com/RocketChat/Rocket.Chat/pull/10891
Closes #6515
Cool @vynmera ! I think that's also very important and related. I'll link it in this PR's description.
I'd say we change the default behaviour to not show emails and phone #, as otherwise this switch would have dramatic consequences to users of public servers (if the owner doesn't follow the repo closely, they can get in major trouble, perhaps even legally)
@vynmera , I think it should be the default behavior since most servers are private, but you're right, it will cause trouble with currently running public servers.
I'll make the change just for roles now, since that's required for us to show role tags on the mobile clients.
its very expensive to do that I think (our permissions are heavy), need some study I guess
Is there a threshold to how many permissions we should consult in this method?
I can go back to using settings like I did in this commit: https://github.com/RocketChat/Rocket.Chat/pull/11316/commits/4d8fe6d5dc522c5e54704b8ea6e8d32b575ea3c0
Need to check about another PRs or Issues regarding have permissions per field so the user decides what to show as public.
