Secondary emails of other users must only be visible to users with the
'Modify Account' capability (see change Icf3108d45f).
Secondary emails in AccountInfo are populated by
InternalAccountDirectory.fillAccountInfo if the SECONDARY_EMAILS fill
option is requested. At the moment each caller of
InternalAccountDirectory.fillAccountInfo must check for the 'Modify
Account' capability if the SECONDARY_EMAILS fill option is going to be
requested. This is error-prone and callers by easily forget to do this
permission check (e.g. change Ic8f169769 fixes a caller that was
initially overlooked). To make this safer
InternalAccountDirectory.fillAccountInfo is now checking for the 'Modify
Account' capability and the SECONDARY_EMAILS fill option is omitted if
this capability is not granted.
Change-Id: I249c27e1a76cff0ca0e685eaca26941cd0b6b31b
Signed-off-by: Edwin Kempin <ekempin@google.com>
35fed1545b