lib/api · 8ff171f62849d5e418847c1751a802f93604cc61 · Forest Godfrey / gitlab-ce

Dont expose user email via API · ae564c97

authored Jun 13, 2014

To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.

What user can get via API:

* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

ae564c97

Name	Last commit	Last update
..
api.rb		Loading commit data...
branches.rb		Loading commit data...
commits.rb		Loading commit data...
deploy_keys.rb		Loading commit data...
entities.rb		Loading commit data...
files.rb		Loading commit data...
groups.rb		Loading commit data...
helpers.rb		Loading commit data...
internal.rb		Loading commit data...
issues.rb		Loading commit data...
merge_requests.rb		Loading commit data...
milestones.rb		Loading commit data...
namespaces.rb		Loading commit data...
notes.rb		Loading commit data...
project_hooks.rb		Loading commit data...
project_members.rb		Loading commit data...
project_snippets.rb		Loading commit data...
projects.rb		Loading commit data...
repositories.rb		Loading commit data...
services.rb		Loading commit data...
session.rb		Loading commit data...
system_hooks.rb		Loading commit data...
users.rb		Loading commit data...