vic/filebrozer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: don't expose scope for non-admin users

Browse Source
This commit is contained in:
Oleg Lobanov
2022-02-21 20:17:42 +01:00
parent c1987237d0
commit 0942fc7042
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
http/users.go
View File

@@ -94,6 +94,9 @@ var userGetHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request
}
u.Password = ""
if !u.Perm.Admin {
u.Scope = ""
}
return renderJSON(w, r, u)
})