From ae564c97d48bf728745c57720734cb40378fd90f Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Fri, 13 Jun 2014 17:46:48 +0300
Subject: Dont expose user email via API

To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.

What user can get via API:

* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 lib/api/internal.rb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'lib/api/internal.rb')

diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 06c66ba0b35..5850892df07 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -59,4 +59,3 @@ module API
     end
   end
 end
-
-- 
cgit v1.2.1