{{i18n 'admin.user.sso.external_avatar_url'}}
{{sso.external_avatar_url}}
diff --git a/app/serializers/single_sign_on_record_serializer.rb b/app/serializers/single_sign_on_record_serializer.rb
index d2e35119b15..d55f6678149 100644
--- a/app/serializers/single_sign_on_record_serializer.rb
+++ b/app/serializers/single_sign_on_record_serializer.rb
@@ -6,4 +6,8 @@ class SingleSignOnRecordSerializer < ApplicationSerializer
:external_avatar_url,
:external_profile_background_url,
:external_card_background_url
+
+ def include_external_email?
+ scope.is_admin?
+ end
end
diff --git a/spec/serializers/single_sign_on_record_serializer_spec.rb b/spec/serializers/single_sign_on_record_serializer_spec.rb
new file mode 100644
index 00000000000..678ef77c008
--- /dev/null
+++ b/spec/serializers/single_sign_on_record_serializer_spec.rb
@@ -0,0 +1,36 @@
+require 'rails_helper'
+
+RSpec.describe SingleSignOnRecordSerializer do
+ let(:user) { user = Fabricate(:user) }
+ let :sso do
+ SingleSignOnRecord.create!(user_id: user.id, external_id: '12345', external_email: user.email, last_payload: '')
+ end
+
+ context "admin" do
+ let(:admin) { Fabricate(:admin) }
+ let :serializer do
+ SingleSignOnRecordSerializer.new(sso, scope: Guardian.new(admin), root: false)
+ end
+
+ it "should include user sso info" do
+ payload = serializer.as_json
+ expect(payload[:user_id]).to eq(user.id)
+ expect(payload[:external_id]).to eq('12345')
+ expect(payload[:external_email]).to eq(user.email)
+ end
+ end
+
+ context "moderator" do
+ let(:moderator) { Fabricate(:moderator) }
+ let :serializer do
+ SingleSignOnRecordSerializer.new(sso, scope: Guardian.new(moderator), root: false)
+ end
+
+ it "should include user sso info" do
+ payload = serializer.as_json
+ expect(payload[:user_id]).to eq(user.id)
+ expect(payload[:external_id]).to eq('12345')
+ expect(payload[:external_email]).to be_nil
+ end
+ end
+end