From ab1917c5fe0f03e7719863a5598ad575d9fef302 Mon Sep 17 00:00:00 2001
From: NavaL <ayoyo@thoughtworks.com>
Date: Thu, 14 Jul 2016 15:06:20 +0200
Subject: [feature] restrict is_admin in the user api, to only allow querying
 for him/herself

So that it we do not expose the is_admin property to anyone else
including other admins.
---
 test/integration/api/signup_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'test/integration/api')

diff --git a/test/integration/api/signup_test.rb b/test/integration/api/signup_test.rb
index 2e515c1..dc24420 100644
--- a/test/integration/api/signup_test.rb
+++ b/test/integration/api/signup_test.rb
@@ -8,7 +8,7 @@ class SignupTest < SrpTest
   end
 
   test "signup response" do
-    assert_json_response :login => @login, :ok => true, :is_admin => false, :id => @user.id, :enabled => true
+    assert_json_response :login => @login, :ok => true, :id => @user.id, :enabled => true
     assert last_response.successful?
   end
 
-- 
cgit v1.2.3