feat: always return email of invites to the users who invited user by email

maxceem · maxceem · commit 33bdb8a1463e · 2020-03-04T12:38:20.000+08:00
ref issue #3412
diff --git a/src/routes/projectMemberInvites/create.js b/src/routes/projectMemberInvites/create.js
@@ -366,11 +366,11 @@ module.exports = [
         })
     ))
     .then((values) => {
-      const success = _.assign({}, { success: values });
+      const response = _.assign({}, { success: values });
       if (failed.length) {
-        res.status(403).json(_.assign({}, util.maskInviteEmails('$.success[?(@.email)]', success, req), { failed }));
+        res.status(403).json(_.assign({}, response, { failed }));
       } else {
-        res.status(201).json(util.maskInviteEmails('$.success[?(@.email)]', success, req));
+        res.status(201).json(response);
       }
     })
     .catch(err => next(err));
diff --git a/src/routes/projectMemberInvites/create.spec.js b/src/routes/projectMemberInvites/create.spec.js
@@ -347,8 +347,6 @@ describe('Project Member Invite create', () => {
             should.exist(resJson);
             resJson.role.should.equal('customer');
             resJson.projectId.should.equal(project2.id);
-            // temporary disable this feature, because it has some side effects
-            // resJson.email.should.equal('he**o@wo**d.com'); // email is masked
             resJson.email.should.equal('hello@world.com');
             server.services.pubsub.publish.calledWith('project.member.invite.created').should.be.true;
             done();
@@ -401,8 +399,6 @@ describe('Project Member Invite create', () => {
             resJson.role.should.equal('customer');
             resJson.projectId.should.equal(project2.id);
             resJson.userId.should.equal(12345);
-            // temporary disable this feature, because it has some side effects
-            // resJson.email.should.equal('he**o@wo**d.com'); // email is masked
             resJson.email.should.equal('hello@world.com');
             server.services.pubsub.publish.calledWith('project.member.invite.created').should.be.true;
             done();
diff --git a/src/util.js b/src/util.js
@@ -728,9 +728,14 @@ _.assignIn(util, {
       // in general, only users with Topcoder administrator privileges can see emails
       let canSeeEmail = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
 
-      // specially for invite objects, we still have to return email, if invite is for a new user which doesn't have "userId"
+      // for invites we have some special situations, when we still return "email"
       if (memberDetails.status) { // we identify that the object is "invite" and not a "member" if object has "status" field
+        // we still have to return email, if invite is for a new user which doesn't have "userId"
         canSeeEmail = canSeeEmail || !memberDetails.userId;
+
+        // return email, if invite has been created by "email" by the current user
+        // so this user already knows the "email"
+        canSeeEmail = canSeeEmail || (member.createdBy === req.authUser.userId && member.email);
       }
 
       if (!canSeeEmail) {
