From b5419ef11a6c88d888cc30bb7f6e92c4bdc787e7 Mon Sep 17 00:00:00 2001
From: Pedro Maia Costa <550684+pnmcosta@users.noreply.github.com>
Date: Wed, 30 Apr 2025 15:53:18 +0100
Subject: [PATCH] [management] limit peers based on module read permission
 (#3757)

---
 management/server/peer.go | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/management/server/peer.go b/management/server/peer.go
index 908610fbe..a4210e3f0 100644
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -49,20 +49,9 @@ func (am *DefaultAccountManager) GetPeers(ctx context.Context, accountID, userID
 		return nil, err
 	}
 
-	peers := make([]*nbpeer.Peer, 0)
-	peersMap := make(map[string]*nbpeer.Peer)
-
-	for _, peer := range accountPeers {
-		if user.IsRegularUser() && user.Id != peer.UserID {
-			// only display peers that belong to the current user if the current user is not an admin
-			continue
-		}
-		peers = append(peers, peer)
-		peersMap[peer.ID] = peer
-	}
-
+	// @note if the user has permission to read peers it shows all account peers
 	if allowed {
-		return peers, nil
+		return accountPeers, nil
 	}
 
 	settings, err := am.Store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
@@ -74,6 +63,18 @@ func (am *DefaultAccountManager) GetPeers(ctx context.Context, accountID, userID
 		return []*nbpeer.Peer{}, nil
 	}
 
+	// @note if it does not have permission read peers then only display it's own peers
+	peers := make([]*nbpeer.Peer, 0)
+	peersMap := make(map[string]*nbpeer.Peer)
+
+	for _, peer := range accountPeers {
+		if user.Id != peer.UserID {
+			continue
+		}
+		peers = append(peers, peer)
+		peersMap[peer.ID] = peer
+	}
+
 	return am.getUserAccessiblePeers(ctx, accountID, peersMap, peers)
 }