Skip to content

Don't return email address in the PUT call for invite #464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vikasrohit opened this issue Feb 6, 2020 · 9 comments
Closed

Don't return email address in the PUT call for invite #464

vikasrohit opened this issue Feb 6, 2020 · 9 comments
Milestone

Comments

@vikasrohit
Copy link

Seems like right now we are returning the email of the invited user always, no matter if calling user is admin or not.

@maxceem
Copy link
Contributor

maxceem commented Feb 6, 2020

How to reproduce

Invite some user by handle using non-admin who should not see emails. For example, using pshah_manager invite pshah_customer to some project. In the tooltip the pshah_manger would see the email of invited pshah_customer:

image

Expected behavior

Non-admin users should not see emails of invited users if user is invited by handle. If user is invited by email any user still can see the email (for now).

@maxceem
Copy link
Contributor

maxceem commented Feb 6, 2020

Note, that we return email not only when PUT, but also when GET one or several invites, so all the cases should be fixed.

@maxceem
Copy link
Contributor

maxceem commented Feb 6, 2020

Hot to verify

We should verify several things:

  1. Admin users can see email in the invite tooltips when invited existent Topcoder user.

    image

  2. Non-admin users should not see the email in the invite tooltips when invited existent Topcoder user.

  3. Any user can see email in the tooltip if we invite non-registered user (no topcoder account), because we don't have anything except of email.

  4. Test for regressions.
    We should be able to remove the invitation:

    • when an existent user is invited by the handle
    • when an existent user is invited by email
    • when a non-registered user is invited by email

@vikasrohit
Copy link
Author

@maxceem I deployed the hotfix to the production as I didn't want to delay the hotfix till next week. However, after the deploy, as you suspected, I am, as customer, not able to remove the invited member.

@vikasrohit
Copy link
Author

One more observation @maxceem, right now system is allowing inviting people even after project is cancelled. Do you remember if we had that as feature.

@maxceem
Copy link
Contributor

maxceem commented Feb 7, 2020

@maxceem I deployed the hotfix to the production as I didn't want to delay the hotfix till next week. However, after the deploy, as you suspected, I am, as customer, not able to remove the invited member.

@vikasrohit there is a hotfix for Connect App to fix the issue with removing the invitations appirio-tech/connect-app#3700

@maxceem
Copy link
Contributor

maxceem commented Feb 7, 2020

One more observation @maxceem, right now system is allowing inviting people even after project is cancelled. Do you remember if we had that as feature.

I don't remember making any special cases for canceled projects differently. So I guess most of the operations for canceled projects would work the same as for other statuses.

@vikasrohit
Copy link
Author

Okay.

@maxceem
Copy link
Contributor

maxceem commented Apr 3, 2020

@vikasrohit We've finished invites refactoring and took care of email in the latest 2.2 release, so I think this can be closed.

@vikasrohit vikasrohit modified the milestones: 2.0.0, 2.2 Apr 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants