Fix what information is shown about user in API. (#9115)
* Fix what information is shown about user in API. * Use Email directly, as KeepEmailPrivate is already handled.
This commit is contained in:
parent
e84326aaec
commit
d0edb607a3
1 changed files with 7 additions and 7 deletions
|
@ -256,6 +256,7 @@ func ToTeam(team *models.Team) *api.Team {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ToUser convert models.User to api.User
|
// ToUser convert models.User to api.User
|
||||||
|
// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself
|
||||||
func ToUser(user *models.User, signed, authed bool) *api.User {
|
func ToUser(user *models.User, signed, authed bool) *api.User {
|
||||||
result := &api.User{
|
result := &api.User{
|
||||||
UserName: user.Name,
|
UserName: user.Name,
|
||||||
|
@ -263,14 +264,13 @@ func ToUser(user *models.User, signed, authed bool) *api.User {
|
||||||
FullName: markup.Sanitize(user.FullName),
|
FullName: markup.Sanitize(user.FullName),
|
||||||
Created: user.CreatedUnix.AsTime(),
|
Created: user.CreatedUnix.AsTime(),
|
||||||
}
|
}
|
||||||
// hide primary email if API caller isn't user itself or an admin
|
// hide primary email if API caller is anonymous or user keep email private
|
||||||
if !signed {
|
if signed && (!user.KeepEmailPrivate || authed) {
|
||||||
result.Email = ""
|
|
||||||
} else if user.KeepEmailPrivate && !authed {
|
|
||||||
result.Email = user.GetEmail()
|
|
||||||
} else { // only user himself and admin could visit these information
|
|
||||||
result.ID = user.ID
|
|
||||||
result.Email = user.Email
|
result.Email = user.Email
|
||||||
|
}
|
||||||
|
// only site admin will get these information and possibly user himself
|
||||||
|
if authed {
|
||||||
|
result.ID = user.ID
|
||||||
result.IsAdmin = user.IsAdmin
|
result.IsAdmin = user.IsAdmin
|
||||||
result.LastLogin = user.LastLoginUnix.AsTime()
|
result.LastLogin = user.LastLoginUnix.AsTime()
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue