diff --git a/app/assets/javascripts/admin/controllers/admin-users-list-show.js.es6 b/app/assets/javascripts/admin/controllers/admin-users-list-show.js.es6
index 57a114b68f6..057a9b532b6 100644
--- a/app/assets/javascripts/admin/controllers/admin-users-list-show.js.es6
+++ b/app/assets/javascripts/admin/controllers/admin-users-list-show.js.es6
@@ -2,8 +2,9 @@ import debounce from "discourse/lib/debounce";
import { i18n } from "discourse/lib/computed";
import AdminUser from "admin/models/admin-user";
import { observes } from "ember-addons/ember-computed-decorators";
+import CanCheckEmails from "discourse/mixins/can-check-emails";
-export default Ember.Controller.extend({
+export default Ember.Controller.extend(CanCheckEmails, {
query: null,
queryParams: ["order", "ascending"],
order: null,
diff --git a/app/assets/javascripts/admin/templates/users-list-show.hbs b/app/assets/javascripts/admin/templates/users-list-show.hbs
index e0acb5fc435..a82f4e0432a 100644
--- a/app/assets/javascripts/admin/templates/users-list-show.hbs
+++ b/app/assets/javascripts/admin/templates/users-list-show.hbs
@@ -7,9 +7,9 @@
{{title}}
- {{#unless showEmails}}
+ {{#if canCheckEmails}}
- {{/unless}}
+ {{/if}}
{{text-field value=listFilter placeholder=searchHint}}
diff --git a/app/serializers/admin_user_list_serializer.rb b/app/serializers/admin_user_list_serializer.rb
index 47e5fea86d9..f318cac53a2 100644
--- a/app/serializers/admin_user_list_serializer.rb
+++ b/app/serializers/admin_user_list_serializer.rb
@@ -38,8 +38,8 @@ class AdminUserListSerializer < BasicUserSerializer
def include_email?
# staff members can always see their email
- (scope.is_staff? && object.id == scope.user.id) || scope.can_see_emails? ||
- (scope.is_staff? && object.staged?)
+ (scope.is_staff? && (object.id == scope.user.id || object.staged?)) ||
+ (scope.is_admin? && scope.can_see_emails?)
end
alias_method :include_secondary_emails?, :include_email?
diff --git a/spec/serializers/admin_user_list_serializer_spec.rb b/spec/serializers/admin_user_list_serializer_spec.rb
index a8bf155f39b..63bc97cfd5c 100644
--- a/spec/serializers/admin_user_list_serializer_spec.rb
+++ b/spec/serializers/admin_user_list_serializer_spec.rb
@@ -5,8 +5,10 @@ describe AdminUserListSerializer do
context "emails" do
let(:admin) { Fabricate(:user_single_email, admin: true, email: "admin@email.com") }
+ let(:moderator) { Fabricate(:user_single_email, moderator: true, email: "moderator@email.com") }
let(:user) { Fabricate(:user_single_email, email: "user@email.com") }
let(:guardian) { Guardian.new(admin) }
+ let(:mod_guardian) { Guardian.new(moderator) }
let(:json) do
AdminUserListSerializer.new(user,
@@ -15,6 +17,13 @@ describe AdminUserListSerializer do
).as_json
end
+ let(:mod_json) do
+ AdminUserListSerializer.new(user,
+ scope: mod_guardian,
+ root: false
+ ).as_json
+ end
+
def fabricate_secondary_emails_for(u)
["first", "second"].each do |name|
Fabricate(:secondary_email, user: u, email: "#{name}@email.com")
@@ -57,6 +66,18 @@ describe AdminUserListSerializer do
include_examples "not shown"
end
+ context "when moderator makes a request with show_emails param set to true" do
+ before do
+ mod_guardian.can_see_emails = true
+ fabricate_secondary_emails_for(user)
+ end
+
+ it "doesn't contain emails" do
+ expect(mod_json[:email]).to eq(nil)
+ expect(mod_json[:secondary_emails]).to eq(nil)
+ end
+ end
+
context "with a normal user after clicking 'show emails'" do
before do
guardian.can_see_emails = true