From b3a50bd4b0e701bb68bd2ed6654f061bae344c91 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 3 Feb 2020 03:47:45 +0100
Subject: [PATCH] FIX #12874

---
 htdocs/user/class/api_users.class.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/htdocs/user/class/api_users.class.php b/htdocs/user/class/api_users.class.php
index be768a3e15a..fa139e2c69f 100644
--- a/htdocs/user/class/api_users.class.php
+++ b/htdocs/user/class/api_users.class.php
@@ -132,15 +132,15 @@ class Users extends DolibarrApi
 
 	/**
 	 * Get properties of an user object
-	 *
 	 * Return an array with user informations
 	 *
-	 * @param 	int 	$id ID of user
+	 * @param 	int 	$id 					ID of user
+	 * @param	int		$includepermissions	Set this to 1 to have the array of permissions loaded (not done by default for performance purpose)
 	 * @return 	array|mixed data without useless information
 	 *
 	 * @throws 	RestException
 	 */
-    public function get($id)
+    public function get($id, $includepermissions = 0)
     {
 		//if (!DolibarrApiAccess::$user->rights->user->user->lire) {
 			//throw new RestException(401);
@@ -157,6 +157,10 @@ class Users extends DolibarrApi
 			throw new RestException(401, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 
+		if ($includepermissions) {
+			$this->useraccount->getRights();
+		}
+
 		return $this->_cleanObjectDatas($this->useraccount);
 	}
 
@@ -544,6 +548,12 @@ class Users extends DolibarrApi
 	    unset($object->clicktodial_password);
 	    unset($object->openid);
 
+	    unset($object->lines);
+	    unset($object->modelpdf);
+	    unset($object->skype);
+	    unset($object->twitter);
+	    unset($object->facebook);
+	    unset($object->linkedin);
 
 	    $canreadsalary = ((!empty($conf->salaries->enabled) && !empty(DolibarrApiAccess::$user->rights->salaries->read))
 	    	|| (!empty($conf->hrm->enabled) && !empty(DolibarrApiAccess::$user->rights->hrm->employee->read)));