Removing userId from Member Secure Fields

topcoder-platform · Sep 30, 2020 · 9f22596 · 9f22596
1 parent a82df84
commit 9f22596
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/config/default.js b/config/default.js
@@ -91,26 +91,26 @@ module.exports = {
   // Member identifiable info fields, only admin, M2M, or member himself can get these fields
   MEMBER_SECURE_FIELDS: process.env.MEMBER_SECURE_FIELDS 
     ? process.env.MEMBER_SECURE_FIELDS.split(',') 
-    : ['userId', 'firstName', 'lastName', 'email', 'addresses', 'createdBy', 'updatedBy'],
-  
+    : ['firstName', 'lastName', 'email', 'addresses', 'createdBy', 'updatedBy'],
+
   // Member traits identifiable info fields, only admin, M2M, or member himself can fetch these fields
   MEMBER_TRAIT_SECURE_FIELDS: process.env.MEMBER_TRAIT_SECURE_FIELDS 
     ? process.env.MEMBER_TRAIT_SECURE_FIELDS.split(',') 
-    : ['userId', 'createdBy', 'updatedBy'],
+    : ['createdBy', 'updatedBy'],
 
   // Misc identifiable info fields, only admin, M2M, or member himself can fetch these fields
   MISC_SECURE_FIELDS: process.env.MISC_SECURE_FIELDS 
     ? process.env.MISC_SECURE_FIELDS.split(',') 
-    : ['userId', 'createdBy', 'updatedBy'],
+    : ['createdBy', 'updatedBy'],
 
   // Member Search identifiable info fields, only admin, M2M, or member himself can fetch these fields
   SEARCH_SECURE_FIELDS: process.env.SEARCH_SECURE_FIELDS 
   ? process.env.SEARCH_SECURE_FIELDS.split(',') 
-  : ['userId', 'firstName', 'lastName', 'email', 'addresses', 'createdBy', 'updatedBy'],
+  : ['firstName', 'lastName', 'email', 'addresses', 'createdBy', 'updatedBy'],
 
   // Member Statistics identifiable info fields, only admin, M2M, or member himself can fetch these fields
   STATISTICS_SECURE_FIELDS: process.env.STATISTICS_SECURE_FIELDS
     ? process.env.STATISTICS_SECURE_FIELDS.split(',')
-    : ['userId', 'createdBy', 'updatedBy']
+    : ['createdBy', 'updatedBy']
 
 }
diff --git a/src/common/eshelper.js b/src/common/eshelper.js
@@ -16,10 +16,10 @@ async function getMembers(query, esClient, currentUser) {
   const handleLowers = _.isArray(query.handleLowers) ? query.handleLowers : []
   var userIds = _.isArray(query.userIds) ? query.userIds : []
   // if current user is not admin and not M2M, then exclude the admin/M2M only fields
-  if (!currentUser || (!currentUser.isMachine && !helper.hasAdminRole(currentUser))) {
-    userIds = []
-    query.userId = null
-  }
+  // if (!currentUser || (!currentUser.isMachine && !helper.hasAdminRole(currentUser))) {
+  //   userIds = []
+  //   query.userId = null
+  // }
   // construct ES query for members profile
   let esQueryMembers = {
     index: config.get('ES.MEMBER_PROFILE_ES_INDEX'),