New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User email addresses are exposed in read context #290

Closed
rmccue opened this Issue Jun 3, 2014 · 2 comments

Comments

Projects
None yet
3 participants
@rmccue
Member

rmccue commented Jun 3, 2014

Critical privacy issue: email is exposed to all users, not just in the edit context. We need to fix this.

@rmccue rmccue added this to the 1.1 milestone Jun 3, 2014

@rmccue rmccue added the Bug label Jun 3, 2014

@rmccue rmccue self-assigned this Jun 3, 2014

@pkevan

This comment has been minimized.

Show comment
Hide comment
@pkevan

pkevan Jun 3, 2014

Contributor

Added in check for list_users, otherwise returns false
#292

Contributor

pkevan commented Jun 3, 2014

Added in check for list_users, otherwise returns false
#292

@tobych

This comment has been minimized.

Show comment
Hide comment
@tobych

tobych Jul 20, 2014

Contributor

I don't understand this. Only admin users or those with certain permissions can list users anyway. I need to be able to read the email addresses. How should I do this?

Contributor

tobych commented Jul 20, 2014

I don't understand this. Only admin users or those with certain permissions can list users anyway. I need to be able to read the email addresses. How should I do this?

danielbachhuber added a commit that referenced this issue Apr 3, 2015

User email should be returned in `context=view`
`context=view` correlates with the `list_users` cap, which has access to
this field

Previously #290
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment