discourse/app/serializers/invite_serializer.rb
Robin Ward c7634d56f6 SECURITY: Add more restrictions on invite emails
They could be filtered and returned in some circumstances where they
shouldn't have been.
2020-03-05 09:55:54 -05:00

22 lines
413 B
Ruby

# frozen_string_literal: true
class InviteSerializer < ApplicationSerializer
attributes :email, :updated_at, :redeemed_at, :expired, :user
def include_email?
options[:show_emails] && !object.redeemed?
end
def expired
object.expired?
end
def user
ser = InvitedUserSerializer.new(object.user, scope: scope, root: false)
ser.invited_by = object.invited_by
ser.as_json
end
end