Users API should return twofa_scheme only for administrators (#34242).

git-svn-id: http://svn.redmine.org/redmine/trunk@20687 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Go MAEDA <maeda@farend.jp> 2020-12-23 03:47:45 +0000
committer: Go MAEDA <maeda@farend.jp> 2020-12-23 03:47:45 +0000
commit: 988a36babc2b203d7a8de40eef390962f8a11313 (patch)
tree: 123df5ea5d011729fcdf7ade92e902a5c56ddbcc /app/views/users
parent: 5eb4b6af7948d1690942ba2f5fb8d0ffd90257be (diff)
download: redmine-988a36babc2b203d7a8de40eef390962f8a11313.tar.gz
redmine-988a36babc2b203d7a8de40eef390962f8a11313.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb
index 5fe3d5b1c..a19a8c637 100644
--- a/app/views/users/show.api.rsb
+++ b/app/views/users/show.api.rsb
@@ -9,7 +9,7 @@ api.user do
   api.updated_on @user.updated_on
   api.last_login_on     @user.last_login_on
   api.passwd_changed_on @user.passwd_changed_on
-  api.twofa_scheme      @user.twofa_scheme
+  api.twofa_scheme      @user.twofa_scheme if User.current.admin? || (User.current == @user)
   api.api_key    @user.api_key if User.current.admin? || (User.current == @user)
   api.status     @user.status if User.current.admin?
author	Go MAEDA <maeda@farend.jp>	2020-12-23 03:47:45 +0000
committer	Go MAEDA <maeda@farend.jp>	2020-12-23 03:47:45 +0000
commit	988a36babc2b203d7a8de40eef390962f8a11313 (patch)
tree	123df5ea5d011729fcdf7ade92e902a5c56ddbcc /app/views/users
parent	5eb4b6af7948d1690942ba2f5fb8d0ffd90257be (diff)
download	redmine-988a36babc2b203d7a8de40eef390962f8a11313.tar.gz redmine-988a36babc2b203d7a8de40eef390962f8a11313.zip