User objects are being loaded as part of many others, these places should not expose anything but the most harmless information about the user (currently isAdmin is being exposed that way).
These private attributes should only be exposed to owner of the account. The most logical places would be the login procedures, /me call to get user data and user listing in admin context.
User objects are being loaded as part of many others, these places should not expose anything but the most harmless information about the user (currently isAdmin is being exposed that way).
These private attributes should only be exposed to owner of the account. The most logical places would be the login procedures, /me call to get user data and user listing in admin context.