Dont expose user email via API

To prevent leaking of users info we reduce amount of user information retrieved via API for normal users. What user can get via API: * if not admin: only id, state, name, username and avatar_url * if admin: all user information * about himself: all informaion Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-13 18:46:48 +0400
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-13 18:46:48 +0400
commit: ae564c97d48bf728745c57720734cb40378fd90f (patch)
tree: d9ac31827984c443b9c219deef29309a5e251125 /spec
parent: d5b0f29c4a3a9d7da849d91a16f70bd494831da7 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index a6d300b099b..c4728431ec5 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -20,7 +20,7 @@ describe API::API, api: true  do
         get api("/users", user)
         response.status.should == 200
         json_response.should be_an Array
-        json_response.first['email'].should == user.email
+        json_response.first['username'].should == user.username
       end
     end
   end
@@ -29,7 +29,7 @@ describe API::API, api: true  do
     it "should return a user by id" do
       get api("/users/#{user.id}", user)
       response.status.should == 200
-      json_response['email'].should == user.email
+      json_response['username'].should == user.username
     end
 
     it "should return a 401 if unauthenticated" do
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-06-13 18:46:48 +0400
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-06-13 18:46:48 +0400
commit	ae564c97d48bf728745c57720734cb40378fd90f (patch)
tree	d9ac31827984c443b9c219deef29309a5e251125 /spec
parent	d5b0f29c4a3a9d7da849d91a16f70bd494831da7 (diff)