Fix what information is shown about user in API. (#9115)

* Fix what information is shown about user in API.

* Use Email directly, as KeepEmailPrivate is already handled.
tokarchuk/v1.17
David Svantesson 5 years ago committed by techknowlogick
parent e84326aaec
commit d0edb607a3
  1. 14
      modules/convert/convert.go

@ -256,6 +256,7 @@ func ToTeam(team *models.Team) *api.Team {
} }
// ToUser convert models.User to api.User // ToUser convert models.User to api.User
// signed shall only be set if requester is logged in. authed shall only be set if user is site admin or user himself
func ToUser(user *models.User, signed, authed bool) *api.User { func ToUser(user *models.User, signed, authed bool) *api.User {
result := &api.User{ result := &api.User{
UserName: user.Name, UserName: user.Name,
@ -263,14 +264,13 @@ func ToUser(user *models.User, signed, authed bool) *api.User {
FullName: markup.Sanitize(user.FullName), FullName: markup.Sanitize(user.FullName),
Created: user.CreatedUnix.AsTime(), Created: user.CreatedUnix.AsTime(),
} }
// hide primary email if API caller isn't user itself or an admin // hide primary email if API caller is anonymous or user keep email private
if !signed { if signed && (!user.KeepEmailPrivate || authed) {
result.Email = ""
} else if user.KeepEmailPrivate && !authed {
result.Email = user.GetEmail()
} else { // only user himself and admin could visit these information
result.ID = user.ID
result.Email = user.Email result.Email = user.Email
}
// only site admin will get these information and possibly user himself
if authed {
result.ID = user.ID
result.IsAdmin = user.IsAdmin result.IsAdmin = user.IsAdmin
result.LastLogin = user.LastLoginUnix.AsTime() result.LastLogin = user.LastLoginUnix.AsTime()
} }

Loading…
Cancel
Save