The documentation states that querying:

• repositories GET {url}/api/v1/users/{username}/{repos}
• organizations GET {url}/api/v1/users/{username}/{orgs}
• etc
  should only return public data of that user. That isn't the fact if the {username} is the same user that owns the api-token, instead everything is returned.

This is what one can expect when issuing the GET {url}/api/v1/user/repos and similar requests for the authorized user.

Either must the documentation be changed to cover the differences or the code should actually return the public data within the scopes for public data.

Second one makes the most sense.... It would be convenient to actually have an method to get only public data, even for the authorized user, as the data returned for some requests (such as organizations) doesnt tell if this data is a private or public.

Gogs Version: 0.11.29.0727