From 0ce5f05b2ada384a75228673ab99ea621181419b Mon Sep 17 00:00:00 2001 From: Maja Komel Date: Wed, 19 Dec 2018 10:24:57 +0100 Subject: [PATCH] FIX: hide emails on admin user list for moderators (#6781) --- .../controllers/admin-users-list-show.js.es6 | 3 ++- .../admin/templates/users-list-show.hbs | 4 ++-- app/serializers/admin_user_list_serializer.rb | 4 ++-- .../admin_user_list_serializer_spec.rb | 21 +++++++++++++++++++ 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/app/assets/javascripts/admin/controllers/admin-users-list-show.js.es6 b/app/assets/javascripts/admin/controllers/admin-users-list-show.js.es6 index 57a114b68f6..057a9b532b6 100644 --- a/app/assets/javascripts/admin/controllers/admin-users-list-show.js.es6 +++ b/app/assets/javascripts/admin/controllers/admin-users-list-show.js.es6 @@ -2,8 +2,9 @@ import debounce from "discourse/lib/debounce"; import { i18n } from "discourse/lib/computed"; import AdminUser from "admin/models/admin-user"; import { observes } from "ember-addons/ember-computed-decorators"; +import CanCheckEmails from "discourse/mixins/can-check-emails"; -export default Ember.Controller.extend({ +export default Ember.Controller.extend(CanCheckEmails, { query: null, queryParams: ["order", "ascending"], order: null, diff --git a/app/assets/javascripts/admin/templates/users-list-show.hbs b/app/assets/javascripts/admin/templates/users-list-show.hbs index e0acb5fc435..a82f4e0432a 100644 --- a/app/assets/javascripts/admin/templates/users-list-show.hbs +++ b/app/assets/javascripts/admin/templates/users-list-show.hbs @@ -7,9 +7,9 @@

{{title}}

- {{#unless showEmails}} + {{#if canCheckEmails}} - {{/unless}} + {{/if}}
{{text-field value=listFilter placeholder=searchHint}} diff --git a/app/serializers/admin_user_list_serializer.rb b/app/serializers/admin_user_list_serializer.rb index 47e5fea86d9..f318cac53a2 100644 --- a/app/serializers/admin_user_list_serializer.rb +++ b/app/serializers/admin_user_list_serializer.rb @@ -38,8 +38,8 @@ class AdminUserListSerializer < BasicUserSerializer def include_email? # staff members can always see their email - (scope.is_staff? && object.id == scope.user.id) || scope.can_see_emails? || - (scope.is_staff? && object.staged?) + (scope.is_staff? && (object.id == scope.user.id || object.staged?)) || + (scope.is_admin? && scope.can_see_emails?) end alias_method :include_secondary_emails?, :include_email? diff --git a/spec/serializers/admin_user_list_serializer_spec.rb b/spec/serializers/admin_user_list_serializer_spec.rb index a8bf155f39b..63bc97cfd5c 100644 --- a/spec/serializers/admin_user_list_serializer_spec.rb +++ b/spec/serializers/admin_user_list_serializer_spec.rb @@ -5,8 +5,10 @@ describe AdminUserListSerializer do context "emails" do let(:admin) { Fabricate(:user_single_email, admin: true, email: "admin@email.com") } + let(:moderator) { Fabricate(:user_single_email, moderator: true, email: "moderator@email.com") } let(:user) { Fabricate(:user_single_email, email: "user@email.com") } let(:guardian) { Guardian.new(admin) } + let(:mod_guardian) { Guardian.new(moderator) } let(:json) do AdminUserListSerializer.new(user, @@ -15,6 +17,13 @@ describe AdminUserListSerializer do ).as_json end + let(:mod_json) do + AdminUserListSerializer.new(user, + scope: mod_guardian, + root: false + ).as_json + end + def fabricate_secondary_emails_for(u) ["first", "second"].each do |name| Fabricate(:secondary_email, user: u, email: "#{name}@email.com") @@ -57,6 +66,18 @@ describe AdminUserListSerializer do include_examples "not shown" end + context "when moderator makes a request with show_emails param set to true" do + before do + mod_guardian.can_see_emails = true + fabricate_secondary_emails_for(user) + end + + it "doesn't contain emails" do + expect(mod_json[:email]).to eq(nil) + expect(mod_json[:secondary_emails]).to eq(nil) + end + end + context "with a normal user after clicking 'show emails'" do before do guardian.can_see_emails = true