diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2019-10-24 13:59:53 +0800 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2019-10-24 08:59:53 +0300 |
| commit | 14ebda6fd500cf57b8a48518782c7d8dcb7d19d7 (patch) | |
| tree | 43821412f84037e984059ac282e926a7afd06fa7 /routers/api | |
| parent | 1d10747514477b7b04af57d3835c4939144a6cc3 (diff) | |
| download | gitea-14ebda6fd500cf57b8a48518782c7d8dcb7d19d7.tar.gz gitea-14ebda6fd500cf57b8a48518782c7d8dcb7d19d7.zip | |
Hide some user information via API if user have no enough permission (#8655) (#8657)
* Hide some user information via API if user have no enough permission
* fix test
Diffstat (limited to 'routers/api')
| -rw-r--r-- | routers/api/v1/convert/convert.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/routers/api/v1/convert/convert.go b/routers/api/v1/convert/convert.go index e0e7f609c7..724086dc6c 100644 --- a/routers/api/v1/convert/convert.go +++ b/routers/api/v1/convert/convert.go @@ -232,12 +232,9 @@ func ToTeam(team *models.Team) *api.Team { // ToUser convert models.User to api.User func ToUser(user *models.User, signed, authed bool) *api.User { result := &api.User{ - ID: user.ID, UserName: user.Name, AvatarURL: user.AvatarLink(), FullName: markup.Sanitize(user.FullName), - IsAdmin: user.IsAdmin, - LastLogin: user.LastLoginUnix.AsTime(), Created: user.CreatedUnix.AsTime(), } // hide primary email if API caller isn't user itself or an admin @@ -245,8 +242,11 @@ func ToUser(user *models.User, signed, authed bool) *api.User { result.Email = "" } else if user.KeepEmailPrivate && !authed { result.Email = user.GetEmail() - } else { + } else { // only user himself and admin could visit these information + result.ID = user.ID result.Email = user.Email + result.IsAdmin = user.IsAdmin + result.LastLogin = user.LastLoginUnix.AsTime() } return result } |