fix: hide collaborator emails from non-owners (#2160)

* feat: Hide collaborator emails from non-owners in shared lists

Implemented privacy protection for collaborator emails in shared lists.
Non-owners (viewers and editors) can no longer see email addresses of
the list owner or other collaborators. Only the list owner can view
all email addresses.

Changes:
- Modified List.getCollaborators() to return empty strings for emails
  when the requester is not the owner
- Updated ManageCollaboratorsModal UI to conditionally display email
  fields only when they are not empty
- Added comprehensive test to verify email privacy for non-owners while
  ensuring owners can still see all emails

This follows existing privacy patterns in the codebase (similar to how
pending invitation names are masked as "Pending User").

* make the email field nullable

* fix tests

---------

Co-authored-by: Claude <noreply@anthropic.com>

1 files changed, 4 insertions, 2 deletions

diff --git a/packages/trpc/models/lists.ts b/packages/trpc/models/lists.ts
index a0d9ca23..0968492a 100644
--- a/packages/trpc/models/lists.ts
+++ b/packages/trpc/models/lists.ts
@@ -752,7 +752,8 @@ export abstract class List {
         user: {
           id: c.user.id,
           name: c.user.name,
-          email: c.user.email,
+          // Only show email to the owner for privacy
+          email: isOwner ? c.user.email : null,
         },
       };
     });
@@ -763,7 +764,8 @@ export abstract class List {
         ? {
             id: owner.id,
             name: owner.name,
-            email: owner.email,
+            // Only show owner email to the owner for privacy
+            email: isOwner ? owner.email : null,
           }
         : null,
     };