Dont expose user email via API

To prevent leaking of users info we reduce amount of user information retrieved via API for normal users. What user can get via API: * if not admin: only id, state, name, username and avatar_url * if admin: all user information * about himself: all informaion Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-13 17:46:48 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-13 17:46:48 +0300
commit: ae564c97d48bf728745c57720734cb40378fd90f (patch)
tree: d9ac31827984c443b9c219deef29309a5e251125 /lib/api/projects.rb
parent: d5b0f29c4a3a9d7da849d91a16f70bd494831da7 (diff)
download: gitlab-ce-ae564c97d48bf728745c57720734cb40378fd90f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 9a7f22b536f..732c969d7ef 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -209,7 +209,7 @@ module API
         @users = User.where(id: user_project.team.users.map(&:id))
         @users = @users.search(params[:search]) if params[:search].present?
         @users = paginate @users
-        present @users, with: Entities::User
+        present @users, with: Entities::UserBasic
       end
 
       # Get a project labels
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-06-13 17:46:48 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-06-13 17:46:48 +0300
commit	ae564c97d48bf728745c57720734cb40378fd90f (patch)
tree	d9ac31827984c443b9c219deef29309a5e251125 /lib/api/projects.rb
parent	d5b0f29c4a3a9d7da849d91a16f70bd494831da7 (diff)
download	gitlab-ce-ae564c97d48bf728745c57720734cb40378fd90f.tar.gz