fix: return emails for members

maxceem · maxceem · commit b3a128ad7016 · 2020-03-02T13:11:00.000+08:00
- return email for members, but only to Topcoder Admins
- fix logic for not returning emails in invites by handle
- emails are returned only to Topcoder Admins but not Connect Admins
diff --git a/src/util.js b/src/util.js
@@ -28,6 +28,7 @@ import {
   VALUE_TYPE,
   ESTIMATION_TYPE,
   RESOURCES,
+  USER_ROLE,
 } from './constants';
 
 const tcCoreLibAuth = require('tc-core-library-js').auth;
@@ -268,12 +269,18 @@ _.assignIn(util, {
    * @return {object}                       the parsed array
    */
   ignoreEmailField: (req, fields) => {
-    if (!fields.project_members) { return fields; }
-    const isAdmin = util.hasPermission({ topcoderRoles: ADMIN_ROLES }, req.authUser);
-    if (isAdmin) {
+    if (!fields.project_members) {
+      return fields;
+    }
+
+    // Only Topcoder Admins can get all the fields
+    if (util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser)) {
       return fields;
     }
+
+    // for non topcoder admins remove emails from the field list
     _.assign(fields, { project_members: _.filter(fields.project_members, f => f !== 'email') });
+
     return fields;
   },
   /**
@@ -628,7 +635,7 @@ _.assignIn(util, {
     // uncomment code below, to enable masking emails again
 
     /*
-    const isAdmin = util.hasPermission({ topcoderRoles: ADMIN_ROLES }, req.authUser);
+    const isAdmin = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
     if (isAdmin) {
       return data;
     }
@@ -660,6 +667,11 @@ _.assignIn(util, {
     const memberTraitFields = ['photoURL', 'workingHourStart', 'workingHourEnd', 'timeZone'];
     const memberDetailFields = ['handle', 'firstName', 'lastName'];
 
+    // Only Topcoder admins can get emails for users
+    if (util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser)) {
+      memberDetailFields.push('email');
+    }
+
     let allMemberDetails = [];
     if (_.intersection(fields, _.union(memberDetailFields, memberTraitFields)).length > 0) {
       const userIds = _.reject(_.map(members, 'userId'), _.isNil); // some invites may have no `userId`
@@ -711,15 +723,16 @@ _.assignIn(util, {
     // pick valid fields from fetched member details
     return _.map(members, (member) => {
       let memberDetails = _.find(allMemberDetails, ({ userId }) => userId === member.userId);
-      memberDetails = _.assign({}, member, memberDetails);
+      memberDetails = _.assign({}, member, _.pick(memberDetails, _.union(memberDetailFields, memberTraitFields)));
       // this case would be only valid for invites:
       // don't return `email` for non-admins if invitation has `userId`
       // if invitation doesn't have `userId` means it is invitation by email
       // then we are still returning emails to all users
       if (
+        memberDetails.status && // this is how we identify that the object is "invite" and not a "member"
         memberDetails.email &&
         memberDetails.userId &&
-        !util.hasPermission({ topcoderRoles: ADMIN_ROLES }, req.authUser)
+        !util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser)
       ) {
         delete memberDetails.email;
       }
