summaryrefslogtreecommitdiff
path: root/app/controllers/application_controller.rb
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2014-06-13 17:46:48 +0300
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2014-06-13 17:46:48 +0300
commitae564c97d48bf728745c57720734cb40378fd90f (patch)
treed9ac31827984c443b9c219deef29309a5e251125 /app/controllers/application_controller.rb
parentd5b0f29c4a3a9d7da849d91a16f70bd494831da7 (diff)
downloadgitlab-ce-ae564c97d48bf728745c57720734cb40378fd90f.tar.gz
Dont expose user email via API
To prevent leaking of users info we reduce amount of user information retrieved via API for normal users. What user can get via API: * if not admin: only id, state, name, username and avatar_url * if admin: all user information * about himself: all informaion Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r--app/controllers/application_controller.rb3
1 files changed, 1 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 685d41a5520..603e89a5e29 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -164,9 +164,8 @@ class ApplicationController < ActionController::Base
def add_gon_variables
gon.default_issues_tracker = Project.issues_tracker.default_value
gon.api_version = API::API.version
- gon.gravatar_url = request.ssl? || Gitlab.config.gitlab.https ? Gitlab.config.gravatar.ssl_url : Gitlab.config.gravatar.plain_url
gon.relative_url_root = Gitlab.config.gitlab.relative_url_root
- gon.gravatar_enabled = Gitlab.config.gravatar.enabled
+ gon.default_avatar_url = URI::join(Gitlab.config.gitlab.url, ActionController::Base.helpers.image_path('no_avatar.png')).to_s
if current_user
gon.current_user_id = current_user.id
View Lorry Controller Status