Skip to content

Commit c72387f

Browse files
author
vikasrohit
authored
Merge pull request #512 from topcoder-platform/hotfix/patch-release-2.1.2-PII-removal
Hotfix/patch release 2.1.2 pii removal
2 parents bb39d13 + 7771df3 commit c72387f

File tree

1 file changed

+13
-2
lines changed

1 file changed

+13
-2
lines changed

src/util.js

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -280,6 +280,8 @@ _.assignIn(util, {
280280

281281
// for non topcoder admins remove emails from the field list
282282
_.assign(fields, { project_members: _.filter(fields.project_members, f => f !== 'email') });
283+
_.assign(fields, { project_members: _.filter(fields.project_members, f => f !== 'firstName') });
284+
_.assign(fields, { project_members: _.filter(fields.project_members, f => f !== 'lastName') });
283285

284286
return fields;
285287
},
@@ -665,11 +667,11 @@ _.assignIn(util, {
665667
return members;
666668
}
667669
const memberTraitFields = ['photoURL', 'workingHourStart', 'workingHourEnd', 'timeZone'];
668-
const memberDetailFields = ['handle', 'firstName', 'lastName'];
670+
let memberDetailFields = ['handle'];
669671

670672
// Only Topcoder admins can get emails for users
671673
if (util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser)) {
672-
memberDetailFields.push('email');
674+
memberDetailFields = memberDetailFields.concat(['email', 'firstName', 'lastName']);
673675
}
674676

675677
let allMemberDetails = [];
@@ -727,6 +729,8 @@ _.assignIn(util, {
727729

728730
// in general, only users with Topcoder administrator privileges can see emails
729731
let canSeeEmail = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
732+
// we also shouldn't return full name to users except of admins
733+
const canSeeFullName = util.hasPermission({ topcoderRoles: [USER_ROLE.TOPCODER_ADMIN] }, req.authUser);
730734

731735
// specially for invite objects, we still have to return email, if invite is for a new user which doesn't have "userId"
732736
if (memberDetails.status) { // we identify that the object is "invite" and not a "member" if object has "status" field
@@ -736,6 +740,13 @@ _.assignIn(util, {
736740
if (!canSeeEmail) {
737741
delete memberDetails.email;
738742
}
743+
744+
// this is a temporary fix as ES also has this data, so we have explicitly remove it
745+
if (!canSeeFullName) {
746+
delete memberDetails.firstName;
747+
delete memberDetails.lastName;
748+
}
749+
739750
return _(memberDetails).pick(fields).defaults(memberDefaults).value();
740751
});
741752
},

0 commit comments

Comments
 (0)