From 57f5f7d7552da182d24d79387ab0e2f92641ccad Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Tue, 12 Jun 2018 13:37:10 +0530
Subject: [PATCH] FIX: do not show SSO external_email to moderators

---
 .../admin/templates/user-index.hbs            | 10 +++---
 .../single_sign_on_record_serializer.rb       |  4 +++
 .../single_sign_on_record_serializer_spec.rb  | 36 +++++++++++++++++++
 3 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 spec/serializers/single_sign_on_record_serializer_spec.rb

diff --git a/app/assets/javascripts/admin/templates/user-index.hbs b/app/assets/javascripts/admin/templates/user-index.hbs
index e36f7cd4b5c..a76d764e4a0 100644
--- a/app/assets/javascripts/admin/templates/user-index.hbs
+++ b/app/assets/javascripts/admin/templates/user-index.hbs
@@ -541,10 +541,12 @@
       <div class='field'>{{i18n 'admin.user.sso.external_name'}}</div>
       <div class='value'>{{sso.external_name}}</div>
     </div>
-    <div class='display-row'>
-      <div class='field'>{{i18n 'admin.user.sso.external_email'}}</div>
-      <div class='value'>{{sso.external_email}}</div>
-    </div>
+    {{#if sso.external_email}}
+      <div class='display-row'>
+        <div class='field'>{{i18n 'admin.user.sso.external_email'}}</div>
+        <div class='value'>{{sso.external_email}}</div>
+      </div>
+    {{/if}}
     <div class='display-row'>
       <div class='field'>{{i18n 'admin.user.sso.external_avatar_url'}}</div>
       <div class='value'>{{sso.external_avatar_url}}</div>
diff --git a/app/serializers/single_sign_on_record_serializer.rb b/app/serializers/single_sign_on_record_serializer.rb
index d2e35119b15..d55f6678149 100644
--- a/app/serializers/single_sign_on_record_serializer.rb
+++ b/app/serializers/single_sign_on_record_serializer.rb
@@ -6,4 +6,8 @@ class SingleSignOnRecordSerializer < ApplicationSerializer
              :external_avatar_url,
              :external_profile_background_url,
              :external_card_background_url
+
+  def include_external_email?
+    scope.is_admin?
+  end
 end
diff --git a/spec/serializers/single_sign_on_record_serializer_spec.rb b/spec/serializers/single_sign_on_record_serializer_spec.rb
new file mode 100644
index 00000000000..678ef77c008
--- /dev/null
+++ b/spec/serializers/single_sign_on_record_serializer_spec.rb
@@ -0,0 +1,36 @@
+require 'rails_helper'
+
+RSpec.describe SingleSignOnRecordSerializer do
+  let(:user) { user = Fabricate(:user) }
+  let :sso do
+    SingleSignOnRecord.create!(user_id: user.id, external_id: '12345', external_email: user.email, last_payload: '')
+  end
+
+  context "admin" do
+    let(:admin) { Fabricate(:admin) }
+    let :serializer do
+      SingleSignOnRecordSerializer.new(sso, scope: Guardian.new(admin), root: false)
+    end
+
+    it "should include user sso info" do
+      payload = serializer.as_json
+      expect(payload[:user_id]).to eq(user.id)
+      expect(payload[:external_id]).to eq('12345')
+      expect(payload[:external_email]).to eq(user.email)
+    end
+  end
+
+  context "moderator" do
+    let(:moderator) { Fabricate(:moderator) }
+    let :serializer do
+      SingleSignOnRecordSerializer.new(sso, scope: Guardian.new(moderator), root: false)
+    end
+
+    it "should include user sso info" do
+      payload = serializer.as_json
+      expect(payload[:user_id]).to eq(user.id)
+      expect(payload[:external_id]).to eq('12345')
+      expect(payload[:external_email]).to be_nil
+    end
+  end
+end