To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.
What user can get via API:
* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
In user lists created when entering a (partial) user name into
a field, the URL to the user avatar was invalid if running with
relative_url_root.
This patch is the result of:
sed -i 's/\(= *\)\(user\.avatar_url\)/\1gon.relative_url_root + \2/' \
app/assets/javascripts/*.coffee