From 2f5ca43158bb1838c032eba9ff51c45f16910a6b Mon Sep 17 00:00:00 2001 From: Agniva De Sarker Date: Fri, 20 Oct 2023 20:49:50 +0530 Subject: [PATCH] Clarify the sensitive/sanitized logic (#25034) I was looking at the high number of user_updated ws events and ran across this piece of code. Had a hard time digesting it, thought of adding a comment for people to understand it more clearly. ```release-note NONE ``` --- server/channels/app/platform/web_conn.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/server/channels/app/platform/web_conn.go b/server/channels/app/platform/web_conn.go index 6ac3e120570..699d4da485b 100644 --- a/server/channels/app/platform/web_conn.go +++ b/server/channels/app/platform/web_conn.go @@ -744,6 +744,13 @@ func (wc *WebConn) ShouldSendEvent(msg *model.WebSocketEvent) bool { } } + // There are two checks here which differentiates between what to send to an admin user and what to send to a normal user. + // For websocket events containing sensitive data, we split that to create two events: + // 1. We sanitize all fields, and set ContainsSanitizedData to true. This goes to normal users. + // 2. We don't sanitize, and set ContainsSensitiveData to true. This goes to admins. + // Setting both ContainsSanitizedData and ContainsSensitiveData for the same event is a bug, and in that case + // the event gets sent to no one. This is unit tested in TestWebConnShouldSendEvent. + // If the event contains sanitized data, only send to users that don't have permission to // see sensitive data. Prevents admin clients from receiving events with bad data var hasReadPrivateDataPermission *bool