3e4b45fc21
Previously, this would include the entire User record in the update hash, which was rendered in the response using `to_json`, erroneously exposing every attribute of that record, including their (now removed) private token. Now we only include the user ID, and perform the lookup on-demand. |
||
---|---|---|
.. | ||
time_tracking_shared_examples.rb |