Details
-
Bug
-
Resolution: Timed out
-
Low
-
3.5.0
-
None
-
Severity 3 - Minor
-
1
-
Description
https://domain/rest-service/users-v1/some_username/ GET resource doesn't give e-mail information if you're logged in as a normal user (non-admin). But the strange thing is that if you try to see that user from normal Web interface it is possible to see its e-mail via this page:
https://domain/user/some_username
in About section. So there is some security misconception. If I see the e-mail on the web interface with certain user I should see it via Restful API, too.