From 8ab5df675e98129bb57b106ee331a8d07d324a45 Mon Sep 17 00:00:00 2001 From: Mohamed Bassem Date: Sun, 23 Nov 2025 10:13:15 +0000 Subject: fix: hide collaborator emails from non-owners (#2160) * feat: Hide collaborator emails from non-owners in shared lists Implemented privacy protection for collaborator emails in shared lists. Non-owners (viewers and editors) can no longer see email addresses of the list owner or other collaborators. Only the list owner can view all email addresses. Changes: - Modified List.getCollaborators() to return empty strings for emails when the requester is not the owner - Updated ManageCollaboratorsModal UI to conditionally display email fields only when they are not empty - Added comprehensive test to verify email privacy for non-owners while ensuring owners can still see all emails This follows existing privacy patterns in the codebase (similar to how pending invitation names are masked as "Pending User"). * make the email field nullable * fix tests --------- Co-authored-by: Claude --- .../dashboard/lists/ManageCollaboratorsModal.tsx | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'apps') diff --git a/apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx b/apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx index 232a944b..0a55c5fe 100644 --- a/apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx +++ b/apps/web/components/dashboard/lists/ManageCollaboratorsModal.tsx @@ -260,9 +260,11 @@ export function ManageCollaboratorsModal({
{collaboratorsData.owner.name}
-
- {collaboratorsData.owner.email} -
+ {collaboratorsData.owner.email && ( +
+ {collaboratorsData.owner.email} +
+ )}
{t("lists.collaborators.owner")} @@ -292,9 +294,11 @@ export function ManageCollaboratorsModal({ )}
-
- {collaborator.user.email} -
+ {collaborator.user.email && ( +
+ {collaborator.user.email} +
+ )} {readOnly ? (
-- cgit v1.2.3-70-g09d2