User email addresses are exposed in read context #290

Closed
rmccue opened this Issue Jun 3, 2014 · 2 comments

Projects

None yet

3 participants

@rmccue
Member
rmccue commented Jun 3, 2014

Critical privacy issue: email is exposed to all users, not just in the edit context. We need to fix this.

@rmccue rmccue added this to the 1.1 milestone Jun 3, 2014
@rmccue rmccue added the Bug label Jun 3, 2014
@rmccue rmccue self-assigned this Jun 3, 2014
@pkevan
Contributor
pkevan commented Jun 3, 2014

Added in check for list_users, otherwise returns false
#292

@rmccue rmccue added the Has Patch label Jun 8, 2014
@rachelbaker rachelbaker closed this in #296 Jun 11, 2014
@tobych
Contributor
tobych commented Jul 20, 2014

I don't understand this. Only admin users or those with certain permissions can list users anyway. I need to be able to read the email addresses. How should I do this?

@danielbachhuber danielbachhuber added a commit that referenced this issue Apr 3, 2015
@danielbachhuber danielbachhuber User email should be returned in `context=view`
`context=view` correlates with the `list_users` cap, which has access to
this field

Previously #290
e634ce5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment