remove potentially sensitive fields from group self

mealie/routes/groups/controller_group_self_service.py

@@ -8,7 +8,7 @@ from mealie.routes._base.routers import UserAPIRouter
 from mealie.schema.group.group_permissions import SetPermissions
 from mealie.schema.group.group_preferences import ReadGroupPreferences, UpdateGroupPreferences
 from mealie.schema.group.group_statistics import GroupStatistics, GroupStorage
-from mealie.schema.user.user import GroupInDB, UserOut
+from mealie.schema.user.user import GroupInDB, GroupSummary, UserOut
 from mealie.services.group_services.group_service import GroupService
 
 router = UserAPIRouter(prefix="/groups", tags=["Groups: Self Service"])
@@ -20,10 +20,10 @@ class GroupSelfServiceController(BaseUserController):
     def service(self) -> GroupService:
         return GroupService(self.group_id, self.repos)
 
-    @router.get("/self", response_model=GroupInDB)
+    @router.get("/self", response_model=GroupSummary)
     def get_logged_in_user_group(self):
         """Returns the Group Data for the Current User"""
-        return self.group
+        return self.group.cast(GroupSummary)
 
     @router.get("/members", response_model=list[UserOut])
     def get_group_members(self):

mealie/schema/user/user.py

@@ -249,6 +249,21 @@ class GroupInDB(UpdateGroup):
         ]
 
 
+class GroupSummary(MealieModel):
+    id: UUID4
+    name: str
+    slug: str
+    preferences: ReadGroupPreferences | None = None
+
+    model_config = ConfigDict(from_attributes=True)
+
+    @classmethod
+    def loader_options(cls) -> list[LoaderOption]:
+        return [
+            joinedload(Group.preferences),
+        ]
+
+
 class GroupPagination(PaginationBase):
     items: list[GroupInDB]