Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix what information is shown about user in API. #9115

Merged
merged 5 commits into from
Nov 24, 2019
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions modules/convert/convert.go
Original file line number Diff line number Diff line change
Expand Up @@ -256,21 +256,21 @@ func ToTeam(team *models.Team) *api.Team {
}

// ToUser convert models.User to api.User
// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself
func ToUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
UserName: user.Name,
AvatarURL: user.AvatarLink(),
FullName: markup.Sanitize(user.FullName),
Created: user.CreatedUnix.AsTime(),
}
// hide primary email if API caller isn't user itself or an admin
if !signed {
result.Email = ""
} else if user.KeepEmailPrivate && !authed {
result.Email = user.GetEmail()
} else { // only user himself and admin could visit these information
result.ID = user.ID
// hide primary email if API caller is anonymous or user keep email private
if signed && (!user.KeepEmailPrivate || authed) {
zeripath marked this conversation as resolved.
Show resolved Hide resolved
result.Email = user.Email
}
// only site admin will get these information and possibly user himself
if authed {
result.ID = user.ID
result.IsAdmin = user.IsAdmin
result.LastLogin = user.LastLoginUnix.AsTime()
}
Expand Down