show some attributes in API based on permissions. #687

app/models/ability.rb

@@ -24,19 +24,19 @@ def initialize(user)
       can :export, :organizations
       can :export, :repositories
     elsif user.role_id == "staff_user"
-      can :read, :all
+      can %i[read read_billing_information read_contact_information], :all
     elsif user.role_id == "consortium_admin" && user.provider_id.present?
-      can %i[manage read_billing_information], Provider do |provider|
+      can %i[manage read_billing_information read_contact_information], Provider do |provider|
         user.provider_id.casecmp(provider.consortium_id)
       end
-      can %i[update read read_billing_information],
+      can %i[update read read_billing_information read_contact_information],
           Provider,
           symbol: user.provider_id.upcase
       can %i[manage], ProviderPrefix do |provider_prefix|
         provider_prefix.provider &&
           user.provider_id.casecmp(provider_prefix.provider.consortium_id)
       end
-      can %i[manage transfer], Client do |client|
+      can %i[manage transfer read_contact_information], Client do |client|
         client.provider &&
           user.provider_id.casecmp(client.provider.consortium_id)
       end
@@ -60,11 +60,11 @@ def initialize(user)
             user.provider_id.casecmp(activity.doi.provider.consortium_id)
       end
     elsif user.role_id == "provider_admin" && user.provider_id.present?
-      can %i[update read read_billing_information],
+      can %i[update read read_billing_information read_contact_information],
           Provider,
           symbol: user.provider_id.upcase
       can %i[manage], ProviderPrefix, provider_id: user.provider_id
-      can %i[manage], Client, provider_id: user.provider_id
+      can %i[manage read_contact_information], Client, provider_id: user.provider_id
       cannot %i[transfer], Client
       can %i[manage], ClientPrefix # , :client_id => user.provider_id
 
@@ -84,12 +84,12 @@ def initialize(user)
         activity.doi.findable? || activity.doi.provider_id == user.provider_id
       end
     elsif user.role_id == "provider_user" && user.provider_id.present?
-      can %i[read read_billing_information],
+      can %i[read read_billing_information read_contact_information],
           Provider,
           symbol: user.provider_id.upcase
       can %i[read], Provider
       can %i[read], ProviderPrefix, provider_id: user.provider_id
-      can %i[read], Client, provider_id: user.provider_id
+      can %i[read read_contact_information], Client, provider_id: user.provider_id
       can %i[read], ClientPrefix # , :client_id => user.client_id
       can %i[read get_url read_landing_page_results],
           Doi,
@@ -102,7 +102,7 @@ def initialize(user)
       end
     elsif user.role_id == "client_admin" && user.client_id.present?
       can %i[read], Provider
-      can %i[read update], Client, symbol: user.client_id.upcase
+      can %i[read update read_contact_information], Client, symbol: user.client_id.upcase
       can %i[read], ClientPrefix, client_id: user.client_id
 
       # if Flipper[:delete_doi].enabled?(user)
@@ -136,7 +136,7 @@ def initialize(user)
       end
     elsif user.role_id == "client_user" && user.client_id.present?
       can %i[read], Provider
-      can %i[read], Client, symbol: user.client_id.upcase
+      can %i[read read_contact_information], Client, symbol: user.client_id.upcase
       can %i[read], ClientPrefix, client_id: user.client_id
       can %i[read get_url read_landing_page_results],
           Doi,

app/models/client.rb

@@ -2,6 +2,8 @@
 
 class Client < ApplicationRecord
   audited except: %i[
+    system_email
+    service_contact
     globus_uuid
     salesforce_id
     password

app/models/provider.rb

@@ -5,6 +5,14 @@
 class Provider < ApplicationRecord
   audited except: %i[
     globus_uuid
+    system_email
+    technical_contact
+    secondary_technical_contact
+    service_contact
+    secondary_service_contact
+    billing_contact
+    secondary_billing_contact
+    voting_contact
     salesforce_id
     password
     updated

app/serializers/client_serializer.rb

@@ -35,11 +35,31 @@ class ClientSerializer
     object.is_active.getbyte(0) == 1
   end
 
-  attribute :has_password do |object|
+  attribute :has_password,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     object.password.present?
   end
 
-  attribute :contact_email, &:system_email
+  attribute :contact_email,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
+    object.system_email
+  end
 
   attribute :salesforce_id,
             if:

app/serializers/member_serializer.rb

@@ -27,7 +27,18 @@ class MemberSerializer
 
   attribute :display_title, &:display_name
 
-  attribute :email, &:group_email
+  attribute :email,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
+    object.group_email
+  end
 
   attribute :country, &:country_code
 end

app/serializers/provider_serializer.rb

@@ -56,7 +56,16 @@ class ProviderSerializer
     object.is_active.getbyte(0) == 1
   end
 
-  attribute :has_password do |object|
+  attribute :has_password,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     object.password.present?
   end
 
@@ -103,8 +112,43 @@ class ProviderSerializer
               },
             &:globus_uuid
 
+  attribute :system_email,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
+    object.system_email
+  end
+
+  attribute :group_email,
+    if:
+      Proc.new { |object, params|
+        params[:current_ability] &&
+          params[:current_ability].can?(
+            :read_contact_information,
+            object,
+          ) ==
+            true
+      } do |object|
+    object.group_email
+  end
+
   # Convert all contacts json models back to json style camelCase
-  attribute :technical_contact do |object|
+  attribute :technical_contact,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     if object.technical_contact.present?
       object.technical_contact.transform_keys! do |key|
         key.to_s.camelcase(:lower)
@@ -114,7 +158,16 @@ class ProviderSerializer
     end
   end
 
-  attribute :secondary_technical_contact do |object|
+  attribute :secondary_technical_contact,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     if object.secondary_technical_contact.present?
       object.secondary_technical_contact.transform_keys! do |key|
         key.to_s.camelcase(:lower)
@@ -124,7 +177,16 @@ class ProviderSerializer
     end
   end
 
-  attribute :billing_contact do |object|
+  attribute :billing_contact,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     if object.billing_contact.present?
       object.billing_contact.transform_keys! do |key|
         key.to_s.camelcase(:lower)
@@ -134,7 +196,16 @@ class ProviderSerializer
     end
   end
 
-  attribute :secondary_billing_contact do |object|
+  attribute :secondary_billing_contact,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     if object.secondary_billing_contact.present?
       object.secondary_billing_contact.transform_keys! do |key|
         key.to_s.camelcase(:lower)
@@ -144,7 +215,16 @@ class ProviderSerializer
     end
   end
 
-  attribute :service_contact do |object|
+  attribute :service_contact,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     if object.service_contact.present?
       object.service_contact.transform_keys! do |key|
         key.to_s.camelcase(:lower)
@@ -154,7 +234,16 @@ class ProviderSerializer
     end
   end
 
-  attribute :secondary_service_contact do |object|
+  attribute :secondary_service_contact,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     if object.secondary_service_contact.present?
       object.secondary_service_contact.transform_keys! do |key|
         key.to_s.camelcase(:lower)
@@ -164,7 +253,16 @@ class ProviderSerializer
     end
   end
 
-  attribute :voting_contact do |object|
+  attribute :voting_contact,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     if object.voting_contact.present?
       object.voting_contact.transform_keys! { |key| key.to_s.camelcase(:lower) }
     else

app/serializers/repository_serializer.rb

@@ -43,11 +43,29 @@ class RepositorySerializer
     object.is_active.getbyte(0) == 1
   end
 
-  attribute :has_password do |object|
+  attribute :has_password,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     object.password.present?
   end
 
-  attribute :service_contact do |object|
+  attribute :service_email,
+            if:
+              Proc.new { |object, params|
+                params[:current_ability] &&
+                  params[:current_ability].can?(
+                    :read_contact_information,
+                    object,
+                  ) ==
+                    true
+              } do |object|
     if object.service_contact.present?
       object.service_contact.transform_keys! do |key|
         key.to_s.camelcase(:lower)