From b6b8b9e44a25a976aa8484ad061c0acd8bf83abf Mon Sep 17 00:00:00 2001
From: Bradley Hilton <graywolf336@craftyn.com>
Date: Tue, 10 Apr 2018 18:16:19 -0500
Subject: [PATCH] Don't expose the 'settings' property on users to regular
 users via the rest api (#10411)

[BREAK] The property "settings" is no longer available to regular users via rest api
---
 packages/rocketchat-api/server/api.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/rocketchat-api/server/api.js b/packages/rocketchat-api/server/api.js
index c332c67f4575..7f62e48678e8 100644
--- a/packages/rocketchat-api/server/api.js
+++ b/packages/rocketchat-api/server/api.js
@@ -28,7 +28,8 @@ class API extends Restivus {
 			roles: 0,
 			statusDefault: 0,
 			_updatedAt: 0,
-			customFields: 0
+			customFields: 0,
+			settings: 0
 		};
 
 		this._config.defaultOptionsEndpoint = function _defaultOptionsEndpoint() {