From: David Svantesson Date: Sun, 24 Nov 2019 19:45:58 +0000 (+0100) Subject: Fix what information is shown about user in API. (#9115) X-Git-Tag: v1.11.0-rc1~252 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=d0edb607a3b0052b206f4d427652a8c4b2fed59d;p=gitea.git Fix what information is shown about user in API. (#9115) * Fix what information is shown about user in API. * Use Email directly, as KeepEmailPrivate is already handled. --- diff --git a/modules/convert/convert.go b/modules/convert/convert.go index d3b2e38165..0fa05d0850 100644 --- a/modules/convert/convert.go +++ b/modules/convert/convert.go @@ -256,6 +256,7 @@ func ToTeam(team *models.Team) *api.Team { } // ToUser convert models.User to api.User +// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself func ToUser(user *models.User, signed, authed bool) *api.User { result := &api.User{ UserName: user.Name, @@ -263,14 +264,13 @@ func ToUser(user *models.User, signed, authed bool) *api.User { FullName: markup.Sanitize(user.FullName), Created: user.CreatedUnix.AsTime(), } - // hide primary email if API caller isn't user itself or an admin - if !signed { - result.Email = "" - } else if user.KeepEmailPrivate && !authed { - result.Email = user.GetEmail() - } else { // only user himself and admin could visit these information - result.ID = user.ID + // hide primary email if API caller is anonymous or user keep email private + if signed && (!user.KeepEmailPrivate || authed) { result.Email = user.Email + } + // only site admin will get these information and possibly user himself + if authed { + result.ID = user.ID result.IsAdmin = user.IsAdmin result.LastLogin = user.LastLoginUnix.AsTime() }