Description of problem:
Translation resources requested on the REST interface include user email addresses. This doesn't seem like something we want to be sharing without users specifically agreeing that their email address should be shared. No authentication is required to retrieve the resource that shows the email address.
Steps to Reproduce:
1. Find a document that has had at least one text flow translated in the editor.
2. Retrieve translations in JSON format.
Here is an example in production:
curl -i -H "Accept: application/json" https://translate.zanata.org/zanata/rest/projects/p/jdf/iterations/i/WhatIsTicketMonster_1.0/r/Building_The_Business_Services_With_JAX-RS.odt/translations/ja > output
(look in ./output for email addresses).
Generic command for any server/project/version/document (substituting in appropriate values for anything in the form "<...>"):
curl -H "Accept: application/json" <zanata-server>/rest/projects/p/<project-id>/iterations/i/<version-id>/r/<document-id>/translations/<locale-id>
3. Inspect the response for an email address (e.g. search for '@')
Email address is shown in the "translator" section for any translated textFlowTargets.
User emails are not available through the REST interface without appropriate authentication (i.e. user's own email, or administrator privileges).