Merge pull request #4880 from sbwalker/dev

User Settings should only be accessible to individual users or administrators

Oqtane.Server/Controllers/UserController.cs

@@ -145,20 +145,7 @@ namespace Oqtane.Controllers
                     filtered.DeletedBy = user.DeletedBy;
                     filtered.DeletedOn = user.DeletedOn;
                     filtered.IsDeleted = user.IsDeleted;
-                }
+                    filtered.Settings = user.Settings; // include all settings
-
-                // if authenticated user is accessing their own user account
-                if (_userPermissions.GetUser(User).UserId == user.UserId)
-                {
-                    // include all settings
-                    filtered.Settings = user.Settings;
-                }
-                else
-                {
-                    // include only public settings
-                    filtered.Settings = _settings.GetSettings(EntityNames.User, user.UserId)
-                        .Where(item => !item.IsPrivate)
-                        .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
                 }
             }