[HOTFIX] [PROD] Post release 2.3.1 (#550)

maxceem · Maksym Mykhailenko · web-flow · commit 4207147e440e · 2020-04-17T17:34:56.000+05:30
* fix: don't mask email in invite by email When user is invited by email he should be able to see email in his invite without mask ref issue #548 * fix: unit tests for invites Co-authored-by: Maksym Mykhailenko <maxcemm@gmail.com>
diff --git a/src/routes/projectMemberInvites/get.spec.js b/src/routes/projectMemberInvites/get.spec.js
@@ -227,7 +227,8 @@ describe('GET Project Member Invite', () => {
             should.exist(resJson);
             should.exist(resJson.projectId);
             resJson.id.should.be.eql(3);
-            resJson.email.should.be.eql('t***t@t***r.com'); // masked
+            // not masked, because user who is invited by email is the user who is calling this endpoint
+            resJson.email.should.be.eql('test@topcoder.com');
             resJson.status.should.be.eql(INVITE_STATUS.PENDING);
             done();
           }
diff --git a/src/routes/projectMemberInvites/list.spec.js b/src/routes/projectMemberInvites/list.spec.js
@@ -252,7 +252,8 @@ describe('GET Project Member Invites', () => {
             resJson.length.should.be.eql(1);
             // check invitations
             _.filter(resJson, inv => inv.id === 3).length.should.be.eql(1);
-            resJson[0].email.should.be.eql('t***t@t***r.com'); // masked
+            // not masked, because user who is invited by email is the user who is calling this endpoint
+            resJson[0].email.should.be.eql('test@topcoder.com');
             done();
           }
         });
diff --git a/src/util.js b/src/util.js
@@ -653,6 +653,7 @@ _.assignIn(util, {
 
     const isAdmin = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
     const currentUserId = req.authUser.userId;
+    const currentUserEmail = req.authUser.email;
 
     // admins can get data as it is
     if (isAdmin) {
@@ -669,7 +670,13 @@ _.assignIn(util, {
         const canSeeEmail = (
           isAdmin || // admin
           invite.createdBy === currentUserId || // user who created invite
-          invite.userId === currentUserId // user who is invited
+          (invite.userId !== null && invite.userId === currentUserId) || // user who is invited by `handle`
+          ( // user who is invited by `email` (invite doesn't have `userId`)
+            invite.userId === null &&
+            invite.email &&
+            currentUserEmail &&
+            invite.email.toLowerCase() === currentUserEmail.toLowerCase()
+          )
         );
         // mask email if user cannot see it
         _.assign(invite, {
