summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorDavid Svantesson <davidsvantesson@gmail.com>2019-11-24 20:45:58 +0100
committertechknowlogick <techknowlogick@gitea.io>2019-11-24 14:45:58 -0500
commitd0edb607a3b0052b206f4d427652a8c4b2fed59d (patch)
tree0dcf1d84abd3b2a2a7090471e6edbaeeaf09b3a6 /modules
parente84326aaecf4850aab37861f1edf223dee2be674 (diff)
downloadgitea-d0edb607a3b0052b206f4d427652a8c4b2fed59d.tar.gz
gitea-d0edb607a3b0052b206f4d427652a8c4b2fed59d.zip
Fix what information is shown about user in API. (#9115)
* Fix what information is shown about user in API. * Use Email directly, as KeepEmailPrivate is already handled.
Diffstat (limited to 'modules')
-rw-r--r--modules/convert/convert.go14
1 files changed, 7 insertions, 7 deletions
diff --git a/modules/convert/convert.go b/modules/convert/convert.go
index d3b2e38165..0fa05d0850 100644
--- a/modules/convert/convert.go
+++ b/modules/convert/convert.go
@@ -256,6 +256,7 @@ func ToTeam(team *models.Team) *api.Team {
}
// ToUser convert models.User to api.User
+// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself
func ToUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{
UserName: user.Name,
@@ -263,14 +264,13 @@ func ToUser(user *models.User, signed, authed bool) *api.User {
FullName: markup.Sanitize(user.FullName),
Created: user.CreatedUnix.AsTime(),
}
- // hide primary email if API caller isn't user itself or an admin
- if !signed {
- result.Email = ""
- } else if user.KeepEmailPrivate && !authed {
- result.Email = user.GetEmail()
- } else { // only user himself and admin could visit these information
- result.ID = user.ID
+ // hide primary email if API caller is anonymous or user keep email private
+ if signed && (!user.KeepEmailPrivate || authed) {
result.Email = user.Email
+ }
+ // only site admin will get these information and possibly user himself
+ if authed {
+ result.ID = user.ID
result.IsAdmin = user.IsAdmin
result.LastLogin = user.LastLoginUnix.AsTime()
}