Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix what information is shown about user in API. #9115

Merged
merged 5 commits into from
Nov 24, 2019
Merged

Fix what information is shown about user in API. #9115

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
775676d
Fix what information is shown about user in API.
davidsvantesson Nov 21, 2019
c2464b8
Use Email directly, as KeepEmailPrivate is already handled.
davidsvantesson Nov 22, 2019
3808bd8
Merge branch 'master' into api-user-information
lunny Nov 22, 2019
e04e89a
Merge branch 'master' into api-user-information
lunny Nov 23, 2019
382e08d
Merge branch 'master' into api-user-information
techknowlogick Nov 24, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions modules/convert/convert.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,21 +256,21 @@ func ToTeam(team *models.Team) *api.Team {
}

// ToUser convert models.User to api.User
// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself
func ToUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
UserName: user.Name,
AvatarURL: user.AvatarLink(),
FullName: markup.Sanitize(user.FullName),
Created: user.CreatedUnix.AsTime(),
}
// hide primary email if API caller isn't user itself or an admin
if !signed {
result.Email = ""
} else if user.KeepEmailPrivate && !authed {
result.Email = user.GetEmail()
} else { // only user himself and admin could visit these information
result.ID = user.ID
// hide primary email if API caller is anonymous or user keep email private
if signed && (!user.KeepEmailPrivate || authed) {
zeripath marked this conversation as resolved.
Show resolved Hide resolved
result.Email = user.Email
}
// only site admin will get these information and possibly user himself
if authed {
result.ID = user.ID
result.IsAdmin = user.IsAdmin
result.LastLogin = user.LastLoginUnix.AsTime()
}
Expand Down