feat: don't return "userId" for invites by email

Author: maxceem

src/routes/projectMemberInvites/create.spec.js

@@ -445,9 +445,8 @@ describe('Project Member Invite create', () => {
             should.exist(resJson);
             resJson.role.should.equal('customer');
             resJson.projectId.should.equal(project2.id);
-            resJson.userId.should.equal(12345);
-            should.not.exist(resJson.email);
-            should.not.exist(resJson.hashEmail);
+            should.not.exist(resJson.userId);
+            resJson.email.should.equal('hello@world.com');
             server.services.pubsub.publish.calledWith('project.member.invite.created').should.be.true;
             done();
           }

src/routes/projectMemberInvites/get.spec.js

@@ -206,10 +206,7 @@ describe('GET Project Member Invite', () => {
             const resJson = res.body;
             should.exist(resJson);
             should.exist(resJson.projectId);
-            should.not.exist(resJson.email);
-            should.not.exist(resJson.hashEmail);
             resJson.id.should.be.eql(2);
-            resJson.userId.should.be.eql(testUtil.userIds.copilot);
             resJson.status.should.be.eql(INVITE_STATUS.PENDING);
             done();
           }

src/util.js

@@ -659,6 +659,7 @@ _.assignIn(util, {
     const isAdmin = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
     const currentUserId = req.authUser.userId;
 
+    // admins can get data as it is
     if (isAdmin) {
       // even though we didn't make any changes to the data, return a clone here for consistency
       return dataClone;
@@ -668,18 +669,21 @@ _.assignIn(util, {
       if (!_.has(invite, 'email')) {
         return invite;
       }
-      let email;
-      if (!invite.userId) {
+
+      if (invite.email) {
         // mask email if non-admin or not own invite
-        email = isAdmin || invite.createdBy === currentUserId ? invite.email : util.maskEmail(invite.email);
-      } else {
-        // userId is defined, no email field returned
-        email = null;
-      }
-      _.assign(invite, { email });
-      if (!invite.email && _.has(invite, 'hashEmail')) {
-        _.assign(invite, { hashEmail: null });
+        _.assign(invite, {
+          email: isAdmin || invite.createdBy === currentUserId ? invite.email : util.maskEmail(invite.email),
+        });
+
+        // for non-admin users don't return `userId` for invites created by `email`
+        if (invite.userId && !isAdmin) {
+          _.assign(invite, {
+            userId: null,
+          });
+        }
       }
+
       return invite;
     };