diff options
author | David Svantesson <davidsvantesson@gmail.com> | 2019-11-24 20:45:58 +0100 |
---|---|---|
committer | techknowlogick <techknowlogick@gitea.io> | 2019-11-24 14:45:58 -0500 |
commit | d0edb607a3b0052b206f4d427652a8c4b2fed59d (patch) | |
tree | 0dcf1d84abd3b2a2a7090471e6edbaeeaf09b3a6 /modules/convert/convert.go | |
parent | e84326aaecf4850aab37861f1edf223dee2be674 (diff) | |
download | gitea-d0edb607a3b0052b206f4d427652a8c4b2fed59d.tar.gz gitea-d0edb607a3b0052b206f4d427652a8c4b2fed59d.zip |
Fix what information is shown about user in API. (#9115)
* Fix what information is shown about user in API.
* Use Email directly, as KeepEmailPrivate is already handled.
Diffstat (limited to 'modules/convert/convert.go')
-rw-r--r-- | modules/convert/convert.go | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/modules/convert/convert.go b/modules/convert/convert.go index d3b2e38165..0fa05d0850 100644 --- a/modules/convert/convert.go +++ b/modules/convert/convert.go @@ -256,6 +256,7 @@ func ToTeam(team *models.Team) *api.Team { } // ToUser convert models.User to api.User +// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself func ToUser(user *models.User, signed, authed bool) *api.User { result := &api.User{ UserName: user.Name, @@ -263,14 +264,13 @@ func ToUser(user *models.User, signed, authed bool) *api.User { FullName: markup.Sanitize(user.FullName), Created: user.CreatedUnix.AsTime(), } - // hide primary email if API caller isn't user itself or an admin - if !signed { - result.Email = "" - } else if user.KeepEmailPrivate && !authed { - result.Email = user.GetEmail() - } else { // only user himself and admin could visit these information - result.ID = user.ID + // hide primary email if API caller is anonymous or user keep email private + if signed && (!user.KeepEmailPrivate || authed) { result.Email = user.Email + } + // only site admin will get these information and possibly user himself + if authed { + result.ID = user.ID result.IsAdmin = user.IsAdmin result.LastLogin = user.LastLoginUnix.AsTime() } |