From cf3b450743f20bf92bf8495091fd5eb98b94f800 Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Wed, 30 Dec 2020 17:39:31 -0500
Subject: [PATCH] Only return required info for dynamic user lists (#2397)

---
 Gemfile                              | 2 ++
 Gemfile.lock                         | 4 ++++
 app/controllers/admins_controller.rb | 4 ++--
 app/controllers/users_controller.rb  | 4 ++--
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 71eb734a..ef568015 100644
--- a/Gemfile
+++ b/Gemfile
@@ -80,6 +80,8 @@ gem 'cancancan', '~> 2.0'
 gem 'aws-sdk-s3', '~> 1.75'
 gem 'google-cloud-storage', '~> 1.26'
 
+gem 'pluck_to_hash', '~> 1.0.2'
+
 group :production do
   # Use a postgres database in production.
   gem 'pg', '~> 0.18'
diff --git a/Gemfile.lock b/Gemfile.lock
index 0d795470..97fd7630 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -256,6 +256,9 @@ GEM
     parser (2.7.1.3)
       ast (~> 2.4.0)
     pg (0.21.0)
+    pluck_to_hash (1.0.2)
+      activerecord (>= 4.0.2)
+      activesupport (>= 4.0.2)
     popper_js (1.16.0)
     public_suffix (4.0.5)
     puma (3.12.6)
@@ -443,6 +446,7 @@ DEPENDENCIES
   omniauth-twitter
   pagy
   pg (~> 0.18)
+  pluck_to_hash (~> 1.0.2)
   puma (~> 3.12)
   rails (~> 5.2.4.4)
   rails-controller-testing
diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb
index 5c4b106e..d51aeca0 100644
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@@ -199,10 +199,10 @@ class AdminsController < ApplicationController
   # GET /admins/merge_list
   def merge_list
     # Returns a list of users that can merged into another user
-    initial_list = User.select(:uid, :name, :email)
-                       .without_role(:super_admin)
+    initial_list = User.without_role(:super_admin)
                        .where.not(uid: current_user.uid)
                        .merge_list_search(params[:search])
+                       .pluck_to_hash(:uid, :name, :email)
 
     initial_list = initial_list.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration
 
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index ac603317..98db31e0 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -209,10 +209,10 @@ class UsersController < ApplicationController
       roles_can_appear << role.name if role.get_permission("can_appear_in_share_list") && role.priority >= 0
     end
 
-    initial_list = User.select(:uid, :name)
-                       .where.not(uid: current_user.uid)
+    initial_list = User.where.not(uid: current_user.uid)
                        .with_role(roles_can_appear)
                        .shared_list_search(params[:search])
+                       .pluck_to_hash(:uid, :name)
 
     initial_list = initial_list.where(provider: @user_domain) if Rails.configuration.loadbalanced_configuration