projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' of git.curoverse.com:arvados into 3408-production-datamanager
[arvados.git] / services / api / app / controllers / arvados / v1 / users_controller.rb
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index 0afb4e506c765a884c086cd41bb9450452fcb2ff..50ee3b0547a08c3c09b31dccb45638d9b3f0f1d4 100644 (file)
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -137,8 +137,9 @@ class Arvados::V1::UsersController < ApplicationController
   end
 
   def apply_filters
-    if (action_name == "index") and (not @read_users.any? { |u| u.is_admin })
-      # Non-admin index returns very basic information about readable users.
+    return super if @read_users.any? &:is_admin
+    if params[:uuid] != current_user.andand.uuid
+      # Non-admin index/show returns very basic information about readable users.
       safe_attrs = ["uuid", "is_active", "email", "first_name", "last_name"]
       if @select
         @select = @select & safe_attrs