lib · 8ff171f62849d5e418847c1751a802f93604cc61 · Forest Godfrey / gitlab-ce

Dont expose user email via API · ae564c97

authored Jun 13, 2014

To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.

What user can get via API:

* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

ae564c97

Name	Last commit	Last update
..
api		Loading commit data...
assets		Loading commit data...
backup		Loading commit data...
gitlab		Loading commit data...
redcarpet/render		Loading commit data...
support		Loading commit data...
tasks		Loading commit data...
email_validator.rb		Loading commit data...
event_filter.rb		Loading commit data...
extracts_path.rb		Loading commit data...
file_size_validator.rb		Loading commit data...
static_model.rb		Loading commit data...