gitlab-org--gitlab-foss/spec/fixtures/api
Timothy Andrew 34b71e734b Don't display the is_admin? flag for user API responses.
- To prevent an attacker from enumerating the `/users` API to get a list of all
  the admins.

- Display the `is_admin?` flag wherever we display the `private_token` - at the
  moment, there are two instances:

  - When an admin uses `sudo` to view the `/user` endpoint
  - When logging in using the `/session` endpoint
2017-04-25 09:46:05 +00:00
..
schemas Don't display the is_admin? flag for user API responses. 2017-04-25 09:46:05 +00:00