Redact events shown in the events API

1 files changed, 19 insertions, 3 deletions

diff --git a/lib/api/events.rb b/lib/api/events.rb
index dfe0e81af26..844103a5e76 100644
--- a/lib/api/events.rb
+++ b/lib/api/events.rb
@@ -16,12 +16,27 @@ module API
                         desc: 'Return events sorted in ascending and descending order'
       end
 
+      RedactedEvent = OpenStruct.new(target_title: 'Confidential event').freeze
+
+      def redact_events(events)
+        events.map do |event|
+          if event.visible_to_user?(current_user)
+            event
+          else
+            RedactedEvent
+          end
+        end
+      end
+
       # rubocop: disable CodeReuse/ActiveRecord
-      def present_events(events)
+      def present_events(events, redact: true)
         events = events.reorder(created_at: params[:sort])
                  .with_associations
 
-        present paginate(events), with: Entities::Event
+        events = paginate(events)
+        events = redact_events(events) if redact
+
+        present events, with: Entities::Event
       end
       # rubocop: enable CodeReuse/ActiveRecord
     end
@@ -44,7 +59,8 @@ module API
 
         events = EventsFinder.new(params.merge(source: current_user, current_user: current_user)).execute.preload(:author, :target)
 
-        present_events(events)
+        # Since we're viewing our own events, redaction is unnecessary
+        present_events(events, redact: false)
       end
       # rubocop: enable CodeReuse/ActiveRecord
     end