kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/fixtures/api/schemas
History
Timothy Andrew 34b71e734b Don't display the `is_admin?` flag for user API responses. 
- To prevent an attacker from enumerating the `/users` API to get a list of all
  the admins.

- Display the `is_admin?` flag wherever we display the `private_token` - at the
  moment, there are two instances:

  - When an admin uses `sudo` to view the `/user` endpoint
  - When logging in using the `/session` endpoint
 		2017-04-25 09:46:05 +00:00
..
public_api Don't display the `is_admin?` flag for user API responses. 2017-04-25 09:46:05 +00:00
board.json
boards.json
conflicts.json
issue.json
issues.json
list.json
lists.json