spec/requests/api · e8f222e39c5f7124bd604246c8d2502181760888 · Forest Godfrey / gitlab-ce

Dont expose user email via API · ae564c97

authored Jun 13, 2014

To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.

What user can get via API:

* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

ae564c97

Name	Last commit	Last update
..
api_helpers_spec.rb		Loading commit data...
branches_spec.rb		Loading commit data...
commits_spec.rb		Loading commit data...
files_spec.rb		Loading commit data...
groups_spec.rb		Loading commit data...
internal_spec.rb		Loading commit data...
issues_spec.rb		Loading commit data...
merge_requests_spec.rb		Loading commit data...
milestones_spec.rb		Loading commit data...
namespaces_spec.rb		Loading commit data...
notes_spec.rb		Loading commit data...
project_hooks_spec.rb		Loading commit data...
project_members_spec.rb		Loading commit data...
projects_spec.rb		Loading commit data...
repositories_spec.rb		Loading commit data...
services_spec.rb		Loading commit data...
session_spec.rb		Loading commit data...
system_hooks_spec.rb		Loading commit data...
users_spec.rb		Loading commit data...