(fix) Update member retrieval and JSON representation to include dynamic limits and additional attributes

gnepud · gnepud · commit 3d9164042e7f · 2026-04-01T15:37:11.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## Next release
 
+- Fix a bug: member unable to edit profile and reserve machine/format/event
+
 ## v6.5.4 2026 March 31
 
 - Fix a security issue: restrict exposed personal data in `/api/last_subscribed`, `/api/members` and `/api/members/:id` for public and non-privileged users
diff --git a/app/controllers/api/members_controller.rb b/app/controllers/api/members_controller.rb
@@ -20,15 +20,16 @@ def index
   end
 
   def last_subscribed
-    @query, @members = Members::MembersService.last_registered
+    @query, @members = Members::MembersService.last_registered(params[:last])
+    @query, @members = Members::MembersService.last_registered()
     @public_last_subscribed = true
     render :index
   end
 
   def show
     @member = User.friendly.find(params[:id])
     authorize @member
-    @restricted_member_show = !current_user.privileged?
+    @restricted_member_show = !current_user.privileged? && current_user.id != @member.id
   end
 
   def create
diff --git a/app/services/members/members_service.rb b/app/services/members/members_service.rb
@@ -103,12 +103,13 @@ def self.handle_organization(params)
     params
   end
 
-  def self.last_registered
+  def self.last_registered(limit = 10)
+    limit = [limit.to_i, 10].min
     query = User.active.with_role(:member)
                 .includes(:statistic_profile, profile: [:user_avatar])
                 .where('is_allow_contact = true AND confirmed_at IS NOT NULL')
                 .order('created_at desc')
-                .limit(10)
+                .limit(limit)
 
     # remove unmerged profiles from list
     members = query.to_a
diff --git a/app/views/api/members/_member.json.jbuilder b/app/views/api/members/_member.json.jbuilder
@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 
-json.extract! member, :username, :email, :slug
+json.extract! member, :id, :username, :email, :slug
 unless @restricted_member_show
-  json.id member.id
   json.group_id member.group_id
   json.role member.roles.first.name
 end
diff --git a/app/views/api/members/index.json.jbuilder b/app/views/api/members/index.json.jbuilder
@@ -27,6 +27,7 @@ json.array!(@members) do |member|
 
   if !@public_last_subscribed && attribute_requested?(@requested_attributes, 'profile')
     json.profile do
+      json.id member.profile.id
       if member.profile.user_avatar
         json.user_avatar do
           json.id member.profile.user_avatar.id
