From 94d1bbbfba3079cb400c7470acd462225b718124 Mon Sep 17 00:00:00 2001
From: daniel31x13 <daniel31x13@gmail.com>
Date: Fri, 24 Nov 2023 12:51:43 -0500
Subject: [PATCH 1/3] bug fixed

---
 pages/api/v1/avatar/[id].ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pages/api/v1/avatar/[id].ts b/pages/api/v1/avatar/[id].ts
index c25ddff..a3e7be5 100644
--- a/pages/api/v1/avatar/[id].ts
+++ b/pages/api/v1/avatar/[id].ts
@@ -53,7 +53,11 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
           .send("File inaccessible.");
       }
 
-      if (user.username && !whitelistedUsernames?.includes(user.username)) {
+      if (
+        user.username &&
+        !whitelistedUsernames?.includes(user.username) &&
+        targetUser.id !== user.id
+      ) {
         return res
           .setHeader("Content-Type", "text/plain")
           .status(400)
@@ -61,6 +65,8 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
       }
     }
 
+    console.log(queryId);
+
     const { file, contentType, status } = await readFile(
       `uploads/avatar/${queryId}.jpg`
     );

From 87196b11900c24944881067ac4dccf19bdf27c13 Mon Sep 17 00:00:00 2001
From: daniel31x13 <daniel31x13@gmail.com>
Date: Fri, 24 Nov 2023 12:52:07 -0500
Subject: [PATCH 2/3] minor change

---
 pages/api/v1/avatar/[id].ts | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pages/api/v1/avatar/[id].ts b/pages/api/v1/avatar/[id].ts
index a3e7be5..d44d033 100644
--- a/pages/api/v1/avatar/[id].ts
+++ b/pages/api/v1/avatar/[id].ts
@@ -65,8 +65,6 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
       }
     }
 
-    console.log(queryId);
-
     const { file, contentType, status } = await readFile(
       `uploads/avatar/${queryId}.jpg`
     );

From 676c7c3a5d577fa0396fe632111297ca7613b495 Mon Sep 17 00:00:00 2001
From: daniel31x13 <daniel31x13@gmail.com>
Date: Fri, 24 Nov 2023 13:28:47 -0500
Subject: [PATCH 3/3] bug fixed

---
 .../controllers/public/users/getPublicUser.ts | 18 ++++++++++++-
 pages/api/v1/avatar/[id].ts                   | 25 ++++++++++++++++++-
 pages/public/collections/[id].tsx             |  7 ++++--
 pages/settings/account.tsx                    |  2 +-
 4 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/lib/api/controllers/public/users/getPublicUser.ts b/lib/api/controllers/public/users/getPublicUser.ts
index 8e17887..e5f1138 100644
--- a/lib/api/controllers/public/users/getPublicUser.ts
+++ b/lib/api/controllers/public/users/getPublicUser.ts
@@ -29,7 +29,23 @@ export default async function getPublicUser(
     (usernames) => usernames.username
   );
 
-  if (user?.isPrivate) {
+  const isInAPublicCollection = await prisma.collection.findFirst({
+    where: {
+      ["OR"]: [
+        { ownerId: user.id },
+        {
+          members: {
+            some: {
+              userId: user.id,
+            },
+          },
+        },
+      ],
+      isPublic: true,
+    },
+  });
+
+  if (user?.isPrivate && !isInAPublicCollection) {
     if (requestingId) {
       const requestingUser = await prisma.user.findUnique({
         where: { id: requestingId },
diff --git a/pages/api/v1/avatar/[id].ts b/pages/api/v1/avatar/[id].ts
index d44d033..8c591ff 100644
--- a/pages/api/v1/avatar/[id].ts
+++ b/pages/api/v1/avatar/[id].ts
@@ -25,7 +25,30 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
       },
     });
 
-    if (targetUser?.isPrivate) {
+    if (!targetUser) {
+      return res
+        .setHeader("Content-Type", "text/plain")
+        .status(400)
+        .send("File inaccessible.");
+    }
+
+    const isInAPublicCollection = await prisma.collection.findFirst({
+      where: {
+        ["OR"]: [
+          { ownerId: targetUser.id },
+          {
+            members: {
+              some: {
+                userId: targetUser.id,
+              },
+            },
+          },
+        ],
+        isPublic: true,
+      },
+    });
+
+    if (targetUser?.isPrivate && !isInAPublicCollection) {
       if (!userId) {
         return res
           .setHeader("Content-Type", "text/plain")
diff --git a/pages/public/collections/[id].tsx b/pages/public/collections/[id].tsx
index eea44bc..d6b3531 100644
--- a/pages/public/collections/[id].tsx
+++ b/pages/public/collections/[id].tsx
@@ -185,8 +185,11 @@ export default function PublicCollections() {
               ) : null}
 
               <p className="ml-2 mt-1 text-gray-500 dark:text-gray-300">
-                By {collectionOwner.name} and {collection.members.length}{" "}
-                others.
+                By {collectionOwner.name}
+                {collection.members.length > 0
+                  ? ` and ${collection.members.length} others`
+                  : undefined}
+                .
               </p>
             </div>
           </div>
diff --git a/pages/settings/account.tsx b/pages/settings/account.tsx
index 95d98af..5998f94 100644
--- a/pages/settings/account.tsx
+++ b/pages/settings/account.tsx
@@ -334,7 +334,7 @@ export default function Account() {
           />
 
           <p className="text-gray-500 dark:text-gray-300 text-sm">
-            This will limit who can find and add you to other Collections.
+            This will limit who can find and add you to new Collections.
           </p>
 
           {user.isPrivate && (