FIX: do not show SSO external_email to moderators

2018-06-12 13:37:10 +05:30 · 2018-06-12 13:37:10 +05:30 · 57f5f7d755
parent ff7cbf6935
commit 57f5f7d755
3 changed files with 46 additions and 4 deletions
--- a/app/assets/javascripts/admin/templates/user-index.hbs
+++ b/app/assets/javascripts/admin/templates/user-index.hbs
@ -541,10 +541,12 @@
      <div class='field'>{{i18n 'admin.user.sso.external_name'}}</div>
      <div class='value'>{{sso.external_name}}</div>
    </div>
-    <div class='display-row'>
-      <div class='field'>{{i18n 'admin.user.sso.external_email'}}</div>
-      <div class='value'>{{sso.external_email}}</div>
-    </div>
+    {{#if sso.external_email}}
+      <div class='display-row'>
+        <div class='field'>{{i18n 'admin.user.sso.external_email'}}</div>
+        <div class='value'>{{sso.external_email}}</div>
+      </div>
+    {{/if}}
    <div class='display-row'>
      <div class='field'>{{i18n 'admin.user.sso.external_avatar_url'}}</div>
      <div class='value'>{{sso.external_avatar_url}}</div>
--- a/app/serializers/single_sign_on_record_serializer.rb
+++ b/app/serializers/single_sign_on_record_serializer.rb
@ -6,4 +6,8 @@ class SingleSignOnRecordSerializer < ApplicationSerializer
             :external_avatar_url,
             :external_profile_background_url,
             :external_card_background_url
+
+  def include_external_email?
+    scope.is_admin?
+  end
 end
--- a/spec/serializers/single_sign_on_record_serializer_spec.rb
+++ b/spec/serializers/single_sign_on_record_serializer_spec.rb
@ -0,0 +1,36 @@
+require 'rails_helper'
+
+RSpec.describe SingleSignOnRecordSerializer do
+  let(:user) { user = Fabricate(:user) }
+  let :sso do
+    SingleSignOnRecord.create!(user_id: user.id, external_id: '12345', external_email: user.email, last_payload: '')
+  end
+
+  context "admin" do
+    let(:admin) { Fabricate(:admin) }
+    let :serializer do
+      SingleSignOnRecordSerializer.new(sso, scope: Guardian.new(admin), root: false)
+    end
+
+    it "should include user sso info" do
+      payload = serializer.as_json
+      expect(payload[:user_id]).to eq(user.id)
+      expect(payload[:external_id]).to eq('12345')
+      expect(payload[:external_email]).to eq(user.email)
+    end
+  end
+
+  context "moderator" do
+    let(:moderator) { Fabricate(:moderator) }
+    let :serializer do
+      SingleSignOnRecordSerializer.new(sso, scope: Guardian.new(moderator), root: false)
+    end
+
+    it "should include user sso info" do
+      payload = serializer.as_json
+      expect(payload[:user_id]).to eq(user.id)
+      expect(payload[:external_id]).to eq('12345')
+      expect(payload[:external_email]).to be_nil
+    end
+  end
+end