diff options
| author | Mohamed Bassem <me@mbassem.com> | 2025-11-23 10:13:15 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-11-23 10:13:15 +0000 |
| commit | 8ab5df675e98129bb57b106ee331a8d07d324a45 (patch) | |
| tree | 4fbaac37954d0995817431ab7bb4dc007fb47b4a /apps/web | |
| parent | 5f0934acc0f7dde119be9f0a42a42742ec128377 (diff) | |
| download | karakeep-8ab5df675e98129bb57b106ee331a8d07d324a45.tar.zst | |
fix: hide collaborator emails from non-owners (#2160)
* feat: Hide collaborator emails from non-owners in shared lists
Implemented privacy protection for collaborator emails in shared lists.
Non-owners (viewers and editors) can no longer see email addresses of
the list owner or other collaborators. Only the list owner can view
all email addresses.
Changes:
- Modified List.getCollaborators() to return empty strings for emails
when the requester is not the owner
- Updated ManageCollaboratorsModal UI to conditionally display email
fields only when they are not empty
- Added comprehensive test to verify email privacy for non-owners while
ensuring owners can still see all emails
This follows existing privacy patterns in the codebase (similar to how
pending invitation names are masked as "Pending User").
* make the email field nullable
* fix tests
---------
Co-authored-by: Claude <noreply@anthropic.com>
Diffstat (limited to 'apps/web')
| -rw-r--r-- | apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx b/apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx index 232a944b..0a55c5fe 100644 --- a/apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx +++ b/apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx @@ -260,9 +260,11 @@ export function ManageCollaboratorsModal({ <div className="font-medium"> {collaboratorsData.owner.name} </div> - <div className="text-sm text-muted-foreground"> - {collaboratorsData.owner.email} - </div> + {collaboratorsData.owner.email && ( + <div className="text-sm text-muted-foreground"> + {collaboratorsData.owner.email} + </div> + )} </div> <div className="text-sm capitalize text-muted-foreground"> {t("lists.collaborators.owner")} @@ -292,9 +294,11 @@ export function ManageCollaboratorsModal({ </Badge> )} </div> - <div className="text-sm text-muted-foreground"> - {collaborator.user.email} - </div> + {collaborator.user.email && ( + <div className="text-sm text-muted-foreground"> + {collaborator.user.email} + </div> + )} </div> {readOnly ? ( <div className="text-sm capitalize text-muted-foreground"> |