From 457e6c7b37a66553325ef13e579585b2270ef410 Mon Sep 17 00:00:00 2001
From: Gerhard Schlager <mail@gerhard-schlager.at>
Date: Fri, 18 Jan 2019 15:26:44 +0100
Subject: [PATCH] FIX: Mods weren't able to see emails in admin user list

---
 app/controllers/admin/users_controller.rb           |  2 +-
 app/serializers/admin_user_list_serializer.rb       |  2 +-
 spec/serializers/admin_user_list_serializer_spec.rb | 11 ++++++++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 20dafe43e07..8f0afd99885 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -34,7 +34,7 @@ class Admin::UsersController < Admin::AdminController
 
     opts = {}
     if params[:show_emails] == "true"
-      StaffActionLogger.new(current_user).log_show_emails(users)
+      StaffActionLogger.new(current_user).log_show_emails(users, context: request.path)
       opts[:emails_desired] = true
     end
 
diff --git a/app/serializers/admin_user_list_serializer.rb b/app/serializers/admin_user_list_serializer.rb
index 81d953a0e1d..4bf2c17482f 100644
--- a/app/serializers/admin_user_list_serializer.rb
+++ b/app/serializers/admin_user_list_serializer.rb
@@ -39,7 +39,7 @@ class AdminUserListSerializer < BasicUserSerializer
   def include_email?
     # staff members can always see their email
     (scope.is_staff? && (object.id == scope.user.id || object.staged?)) ||
-      (scope.is_admin? && @options[:emails_desired])
+      (@options[:emails_desired] && scope.can_check_emails?(object))
   end
 
   alias_method :include_secondary_emails?, :include_email?
diff --git a/spec/serializers/admin_user_list_serializer_spec.rb b/spec/serializers/admin_user_list_serializer_spec.rb
index 60c7dac3c9a..7f50c378310 100644
--- a/spec/serializers/admin_user_list_serializer_spec.rb
+++ b/spec/serializers/admin_user_list_serializer_spec.rb
@@ -41,13 +41,22 @@ describe AdminUserListSerializer do
       expect(json[:secondary_emails]).to eq(nil)
     end
 
-    it "doesn't return emails for a moderator request" do
+    it "doesn't return emails for a moderator request when show_email_on_profile is disabled" do
+      SiteSetting.show_email_on_profile = false
       fabricate_secondary_emails_for(user)
       json = serialize(user, moderator, emails_desired: true)
       expect(json[:email]).to eq(nil)
       expect(json[:secondary_emails]).to eq(nil)
     end
 
+    it "returns emails for a moderator request when show_email_on_profile is enabled" do
+      SiteSetting.show_email_on_profile = true
+      fabricate_secondary_emails_for(user)
+      json = serialize(user, moderator, emails_desired: true)
+      expect(json[:email]).to eq("user@email.com")
+      expect(json[:secondary_emails]).to contain_exactly("first@email.com", "second@email.com")
+    end
+
     it "returns emails for admins when emails_desired is true" do
       fabricate_secondary_emails_for(user)
       json = serialize(user, admin, emails_desired: true)