v2.4.2: frontend enhancements, user/get fix

Core/API/UserAPI.class.php

@@ -237,7 +237,7 @@ namespace Core\API\User {
 
     public function __construct(Context $context, $externalCall = false) {
       parent::__construct($context, $externalCall,
-        self::getPaginationParameters(['id', 'name', 'fullName', 'email', 'groups', 'registeredAt', 'active', 'confirmed'],
+        self::getPaginationParameters(['id', 'name', 'fullName', 'email', 'groups', 'lastOnline', 'registeredAt', 'active', 'confirmed'],
           'id', 'asc')
       );
     }
@@ -316,20 +316,17 @@ namespace Core\API\User {
       } else if ($user === null) {
         return $this->createError("User not found");
       } else {
-
-        $queriedUser = $user->jsonSerialize();
+        // allow access to unconfirmed users only when we have administrative privileges, or we are querying ourselves
         $currentUser = $this->context->getUser();
-
-        // full info only when we have administrative privileges, or we are querying ourselves
         $fullInfo = ($userId === $currentUser->getId() ||
           $currentUser->hasGroup(Group::ADMIN) ||
           $currentUser->hasGroup(Group::SUPPORT));
 
-        if (!$fullInfo && !$queriedUser["confirmed"]) {
+        if (!$fullInfo && !$user->isConfirmed()) {
           return $this->createError("No permissions to access this user");
         }
 
-        $this->result["user"] = $queriedUser;
+        $this->result["user"] = $user->jsonSerialize();
       }
 
       return $this->success;

Core/core.php

@@ -10,7 +10,7 @@ if (is_file($autoLoad)) {
   require_once $autoLoad;
 }
 
-const WEBBASE_VERSION = "2.4.1";
+const WEBBASE_VERSION = "2.4.2";
 
 spl_autoload_extensions(".php");
 spl_autoload_register(function ($class) {