Skip to content

Post-Processing Invites #516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

Conversation

gets0ul
Copy link
Contributor

@gets0ul gets0ul commented Mar 19, 2020

  • change maskInviteEmails to postProcessInvites which will be post-processing on invite(s) with following constraints:
    • email field will be omitted from invite if the invite has defined userId
    • email field (if existed) will be masked UNLESS current user has admin permissions OR current user created this invite
  • also apply this post-processing when creating invite.

…ocessing on invite(s) with following constraints:

  1. email field will be omitted from invite if the invite has defined userId
  2. email field (if existed) will be masked UNLESS current user has admin permissions OR current user created this invite
- also apply this post-processing when creating invite.
Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gets0ul we have to mask email if it's not "null" UNLESS current user has admin permissions OR current user created this invite which means req.authUser.userId === invite.createdBy not req.authUser.email === invite.email.
In other words, if Bob invites Alice by "email" he can still see the email of Alice because it was he who created this invite.

As a result of this logic:

  • Create invite endpoint would always return emails without masking even though we apply post-processor. So unit tests of create invite endpoint should check that email is always returned without mask (when we invite by email, when by the handle, email suppose to be not returned).
    • I just understand that if invite failed, we don't have createdBy, so please, don't apply post-processor to the failed array.
  • Please, add one more unit test to create invite endpoint: email should not be returned for invites by a handle to non-admin users

Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as per requirements.

@maxceem maxceem merged commit 10c39a2 into topcoder-platform:feature/restful-invites Mar 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants