I have created a few response-classes to make sure that non sensative info gets out through postman.
api/users/{userId} - Created response that returns userId, username and adress_city
api/users/all - method for both admin and users that returns all users, but without sensative information
api/users/all/{adminId} - Method for admins if they would ever need ALL the information of ALL the users
api/users/wishlist/{userId} - Method authorize the user logged in and gets a slimmed down version of his/hers wishlist, with only gameId, title and price
I have created a few response-classes to make sure that non sensative info gets out through postman.
Please test in postman, and have fun!
git checkout 111-userinforesponses-in-users