From 9f3e2a9e34d7f652967e00a681b334019244213f Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Fri, 14 Dec 2018 15:47:00 +0000
Subject: [PATCH] FIX: Only serialize group membership domains for
 administrators (#6771)

---
 app/serializers/basic_group_serializer.rb      |  8 ++++++++
 .../serializers/basic_group_serializer_spec.rb | 18 ++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/app/serializers/basic_group_serializer.rb b/app/serializers/basic_group_serializer.rb
index 6ac6f23b490..fdeb1eec1f9 100644
--- a/app/serializers/basic_group_serializer.rb
+++ b/app/serializers/basic_group_serializer.rb
@@ -42,6 +42,14 @@ class BasicGroupSerializer < ApplicationSerializer
     staff?
   end
 
+  def include_automatic_membership_email_domains?
+    scope.is_admin?
+  end
+
+  def include_automatic_membership_retroactive?
+    scope.is_admin?
+  end
+
   def include_has_messages?
     staff? || scope.can_see_group_messages?(object)
   end
diff --git a/spec/serializers/basic_group_serializer_spec.rb b/spec/serializers/basic_group_serializer_spec.rb
index 7b06b2959d6..cdbd5236d6f 100644
--- a/spec/serializers/basic_group_serializer_spec.rb
+++ b/spec/serializers/basic_group_serializer_spec.rb
@@ -43,6 +43,24 @@ describe BasicGroupSerializer do
     end
   end
 
+  describe '#automatic_membership_email_domains' do
+    let(:group) { Fabricate(:group, automatic_membership_email_domains: 'ilovediscourse.com', automatic_membership_retroactive: true) }
+    let(:admin_guardian) { Guardian.new(Fabricate(:admin)) }
+
+    it 'should include email domains for admin' do
+      subject = described_class.new(group, scope: admin_guardian, root: false, owner_group_ids: [group.id])
+      expect(subject.as_json[:automatic_membership_email_domains]).to eq('ilovediscourse.com')
+      expect(subject.as_json[:automatic_membership_retroactive]).to eq(true)
+    end
+
+    it 'should not include email domains for other users' do
+      subject = described_class.new(group, scope: guardian, root: false, owner_group_ids: [group.id])
+      expect(subject.as_json[:automatic_membership_email_domains]).to eq(nil)
+      expect(subject.as_json[:automatic_membership_retroactive]).to eq(nil)
+    end
+
+  end
+
   describe '#has_messages' do
     let(:group) { Fabricate(:group, has_messages: true) }