Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-11 02:12:21 -05:00
Code Issues Activity

🔥 Moved user email removal to API serialization layer (#11110)

Browse source
This commit is contained in:
Naz Gargol 2019-09-16 15:42:14 +02:00 committed by GitHub
parent 39db5bd177
commit cb58115700
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 2 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
core/server/api/canary/utils/serializers/output/utils/clean.js
View file

@ -30,6 +30,7 @@ const author = (attrs, frame) => {
delete attrs.updated_at;
delete attrs.last_seen;
delete attrs.status;
delete attrs.email;
// @NOTE: used for night shift
delete attrs.accessibility;

1
core/server/api/v2/utils/serializers/output/utils/clean.js
View file

@ -30,6 +30,7 @@ const author = (attrs, frame) => {
delete attrs.updated_at;
delete attrs.last_seen;
delete attrs.status;
delete attrs.email;
// @NOTE: used for night shift
delete attrs.accessibility;

7
core/server/models/user.js
View file

@ -216,13 +216,6 @@ User = ghostBookshelf.Model.extend({
// remove password hash for security reasons
delete attrs.password;
// NOTE: We don't expose the email address for for external, app and public context.
// @TODO: Why? External+Public is actually the same context? Was also mentioned here https://github.com/TryGhost/Ghost/issues/9043
// @TODO: move to api serialization when we drop v0.1
if (!options || !options.context || (!options.context.user && !options.context.internal && (!options.context.api_key || options.context.api_key.type === 'content'))) {
delete attrs.email;
}
return attrs;
},