feat: don't return full name and email

Author: maxceem

src/routes/projects/get.js

@@ -26,7 +26,7 @@ const PROJECT_MEMBER_ATTRIBUTES = _.concat(_.without(_.keys(models.ProjectMember
 // project members has some additional fields stored in ES index, which we don't have in DB
 const PROJECT_MEMBER_ATTRIBUTES_ES = _.concat(
   PROJECT_MEMBER_ATTRIBUTES,
-  ['firstName', 'lastName', 'handle'], // 'email' can be added when allowed by `addEmailFieldIfAllowed`
+  ['handle'], // more fields can be added when allowed by `addUserDetailsFieldsIfAllowed`
 );
 const PROJECT_MEMBER_INVITE_ATTRIBUTES = _.without(_.keys(models.ProjectMemberInvite.rawAttributes), 'deletedAt');
 const PROJECT_ATTACHMENT_ATTRIBUTES = _.without(_.keys(models.ProjectAttachment.rawAttributes), 'deletedAt');
@@ -106,7 +106,7 @@ const retrieveProjectFromES = (projectId, req) => {
   fields = fields ? fields.split(',') : [];
   fields = util.parseFields(fields, {
     projects: PROJECT_ATTRIBUTES,
-    project_members: util.addEmailFieldIfAllowed(PROJECT_MEMBER_ATTRIBUTES_ES, req),
+    project_members: util.addUserDetailsFieldsIfAllowed(PROJECT_MEMBER_ATTRIBUTES_ES, req),
     project_member_invites: PROJECT_MEMBER_INVITE_ATTRIBUTES,
     project_phases: PROJECT_PHASE_ATTRIBUTES,
     project_phases_products: PROJECT_PHASE_PRODUCTS_ATTRIBUTES,

src/routes/projects/list.js

@@ -30,7 +30,7 @@ const PROJECT_MEMBER_ATTRIBUTES = _.without(_.keys(models.ProjectMember.rawAttri
 // project members has some additional fields stored in ES index, which we don't have in DB
 const PROJECT_MEMBER_ATTRIBUTES_ES = _.concat(
   PROJECT_MEMBER_ATTRIBUTES,
-  ['firstName', 'lastName', 'handle'], // 'email' can be added when allowed by `addEmailFieldIfAllowed`
+  ['handle'], // more fields can be added when allowed by `addUserDetailsFieldsIfAllowed`
 );
 const PROJECT_MEMBER_INVITE_ATTRIBUTES = _.without(
   _.keys(models.ProjectMemberInvite.rawAttributes),
@@ -553,7 +553,7 @@ const retrieveProjects = (req, criteria, sort, ffields) => {
     // parse the fields string to determine what fields are to be returned
   fields = util.parseFields(fields, {
     projects: PROJECT_ATTRIBUTES,
-    project_members: util.addEmailFieldIfAllowed(PROJECT_MEMBER_ATTRIBUTES_ES, req),
+    project_members: util.addUserDetailsFieldsIfAllowed(PROJECT_MEMBER_ATTRIBUTES_ES, req),
     project_member_invites: PROJECT_MEMBER_INVITE_ATTRIBUTES,
     project_phases: PROJECT_PHASE_ATTRIBUTES,
     project_phases_products: PROJECT_PHASE_PRODUCTS_ATTRIBUTES,

src/util.js

@@ -264,17 +264,17 @@ _.assignIn(util, {
   },
 
   /**
-   * Add `email` field to the list of field, if it's allowed to a user who made the request
+   * Add user details fields to the list of field, if it's allowed to a user who made the request
    *
    * @param  {Array}  fields fields list
    * @param  {Object} req    request object
    *
    * @return {Array} fields list with 'email' if allowed
    */
-  addEmailFieldIfAllowed: (fields, req) => {
+  addUserDetailsFieldsIfAllowed: (fields, req) => {
     // Only Topcoder Admins can get email
     if (util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser)) {
-      return _.concat(fields, ['email']);
+      return _.concat(fields, ['email', 'firstName', 'lastName']);
     }
 
     return fields;
@@ -685,11 +685,11 @@ _.assignIn(util, {
       return members;
     }
     const memberTraitFields = ['photoURL', 'workingHourStart', 'workingHourEnd', 'timeZone'];
-    const memberDetailFields = ['handle', 'firstName', 'lastName'];
+    let memberDetailFields = ['handle'];
 
-    // Only Topcoder admins can get emails for users
+    // Only Topcoder admins can get emails, first and last name for users
     if (util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser)) {
-      memberDetailFields.push('email');
+      memberDetailFields = memberDetailFields.concat(['email', 'firstName', 'lastName']);
     }
 
     let allMemberDetails = [];