Skip to content

Commit 0a347af

Browse files
maxceemmaxceem
authored
Merge pull request #509 from topcoder-platform/hotfix/hide-fullname-email
[HOTFIX] [DEV] Don't return fullname and email
2 parents 8046526 + e3f42c9 commit 0a347af

File tree

1 file changed

+13
-2
lines changed

1 file changed

+13
-2
lines changed

src/util.js

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -280,6 +280,8 @@ _.assignIn(util, {
280280

281281
// for non topcoder admins remove emails from the field list
282282
_.assign(fields, { project_members: _.filter(fields.project_members, f => f !== 'email') });
283+
_.assign(fields, { project_members: _.filter(fields.project_members, f => f !== 'firstName') });
284+
_.assign(fields, { project_members: _.filter(fields.project_members, f => f !== 'lastName') });
283285

284286
return fields;
285287
},
@@ -665,11 +667,11 @@ _.assignIn(util, {
665667
return members;
666668
}
667669
const memberTraitFields = ['photoURL', 'workingHourStart', 'workingHourEnd', 'timeZone'];
668-
const memberDetailFields = ['handle', 'firstName', 'lastName'];
670+
let memberDetailFields = ['handle'];
669671

670672
// Only Topcoder admins can get emails for users
671673
if (util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser)) {
672-
memberDetailFields.push('email');
674+
memberDetailFields = memberDetailFields.concat(['email', 'firstName', 'lastName']);
673675
}
674676

675677
let allMemberDetails = [];
@@ -727,6 +729,8 @@ _.assignIn(util, {
727729

728730
// in general, only users with Topcoder administrator privileges can see emails
729731
let canSeeEmail = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
732+
// we also shouldn't return full name to users except of admins
733+
const canSeeFullName = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
730734

731735
// for invites we have some special situations, when we still return "email"
732736
if (memberDetails.status) { // we identify that the object is "invite" and not a "member" if object has "status" field
@@ -741,6 +745,13 @@ _.assignIn(util, {
741745
if (!canSeeEmail) {
742746
delete memberDetails.email;
743747
}
748+
749+
// this is a temporary fix as ES also has this data, so we have explicitly remove it
750+
if (!canSeeFullName) {
751+
delete memberDetails.firstName;
752+
delete memberDetails.lastName;
753+
}
754+
744755
return _(memberDetails).pick(fields).defaults(memberDefaults).value();
745756
});
746757
},

0 commit comments

Comments
 (0)