From e7821a63e71edd1524d90343066255d478c4c24a Mon Sep 17 00:00:00 2001 From: Vinoth Kannan Date: Tue, 5 Feb 2019 23:31:19 +0530 Subject: [PATCH] FIX: Users should able check the emails for self --- app/controllers/users_controller.rb | 6 ++++-- spec/requests/users_controller_spec.rb | 13 +++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index fe87d7d506c..5d7c99b13ca 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -148,9 +148,11 @@ class UsersController < ApplicationController def check_emails user = fetch_user_from_params(include_inactive: true) - guardian.ensure_can_check_emails!(user) - StaffActionLogger.new(current_user).log_check_email(user, context: params[:context]) + unless user == current_user + guardian.ensure_can_check_emails!(user) + StaffActionLogger.new(current_user).log_check_email(user, context: params[:context]) + end email, *secondary_emails = user.emails diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb index 67521471593..11dda380c03 100644 --- a/spec/requests/users_controller_spec.rb +++ b/spec/requests/users_controller_spec.rb @@ -2072,6 +2072,19 @@ describe UsersController do expect(response).to be_forbidden end + it "returns emails and associated_accounts for self" do + user = Fabricate(:user) + sign_in(user) + + get "/u/#{user.username}/emails.json" + + expect(response.status).to eq(200) + json = JSON.parse(response.body) + expect(json["email"]).to eq(user.email) + expect(json["secondary_emails"]).to eq(user.secondary_emails) + expect(json["associated_accounts"]).to eq([]) + end + it "returns emails and associated_accounts when you're allowed to see them" do user = Fabricate(:user) sign_in_admin