Protetto le password (al load) che vengono settate in settings

src/server/router/index_router.js

@@ -324,6 +324,15 @@ router.post('/settable', authenticate, (req, res) => {
 
   mydata.idapp = req.user.idapp;
 
+  if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) &&
+      !User.isEditor(req.user.perm) && !User.isTutor(req.user.perm)) &&
+      (req.user._id.toString() !== id) &&
+      !tools.ModificheConsentite(mydata.table, fieldsvalue)) {
+    // If without permissions, exit
+    return res.status(404).
+        send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
+  }
+
   if (shared_consts.TABLES_USER_ID.includes(params.table)) {
     mydata.userId = req.user._id;
   }
@@ -573,6 +582,14 @@ router.patch('/chval', authenticate, async (req, res) => {
     });
   }
 
+  if (mydata.table === shared_consts.TAB_SETTINGS) {
+    if (shared_consts.KEY_TO_CRYPTED.includes(fieldsvalue.key)) {
+      fieldsvalue.crypted = true;
+      fieldsvalue.value_str = tools.cryptdata(fieldsvalue.value_str);
+    }
+
+  }
+
   await mytable.findByIdAndUpdate(id, {$set: fieldsvalue}).then(async (rec) => {
     // tools.mylogshow(' REC TO MODIFY: ', rec);
     if (!rec) {
@@ -1227,9 +1244,9 @@ function load(req, res, version) {
     version = '0';
   }
 
-  let sall = '0';
+  let gestoredelSito = '0';
   if (!!req.user) {
-    sall = (User.isAdmin(req.user.perm) || User.isManager(req.user.perm) ||
+    gestoredelSito = (User.isAdmin(req.user.perm) || User.isManager(req.user.perm) ||
         User.isEditor(req.user.perm)) ? '1' : '0';
   }
 
@@ -1237,6 +1254,7 @@ function load(req, res, version) {
 
   // tools.mylog('loadsite : ', req.params);
 
+
   let bookedevent = [];
   // let msgs = [];
 
@@ -1247,7 +1265,7 @@ function load(req, res, version) {
 
   if (userId !== '0') {
     // LOGGED WITH USERID
-    bookedevent = Booking.findAllByUserIdAndIdApp(userId, idapp, sall);
+    bookedevent = Booking.findAllByUserIdAndIdApp(userId, idapp, gestoredelSito);
   }
 
   // Extract all the todos of the userId only
@@ -1258,7 +1276,7 @@ function load(req, res, version) {
   const contribtype = Contribtype.findAllIdApp(idapp);
   const paymenttype = PaymentType.findAllIdApp(idapp);
   const disciplines = Discipline.findAllIdApp(idapp);
-  const settings = Settings.findAllIdApp(idapp, false);
+  const settings = Settings.findAllIdApp(idapp, false, false);
 
   const permissions = Permission.findAllIdApp();
 
@@ -1270,13 +1288,22 @@ function load(req, res, version) {
   else
     mypage = MyPage.findAllIdApp(idapp);
   let calzoom = CalZoom.findAllIdApp(idapp);
-  let gallery = Gallery.findAllIdApp(idapp);
+
+  let gallery = Promise.resolve([]);
+  if (gestoredelSito) {
+    gallery = Gallery.findAllIdApp(idapp);
+  }
+
   let producers = Producer.findAllIdApp(idapp);
   let groups = Group.findAllIdApp(idapp);
+
+  // ....
   let resps = User.getusersRespList(idapp);
   let workers = User.getusersWorkersList(idapp);
   let storehouses = Storehouse.findAllIdApp(idapp);
   let departments = Department.findAllIdApp(idapp);
+
+  // SKILLS:
   let levels = Level.findAllIdApp(idapp);
   let skills = Skill.findAllIdApp(idapp);
   let statusSkills = StatusSkill.findAllIdApp(idapp);
@@ -1284,7 +1311,7 @@ function load(req, res, version) {
   let cities = City.findAllIdApp(idapp);
   let cart = null;
   let orderscart = null;
-  if (sall) {
+  if (gestoredelSito) {
     newstosent = Newstosent.findAllIdApp(idapp);
   }
 
@@ -1433,6 +1460,8 @@ router.get(process.env.LINK_CHECK_UPDATES, authenticate, async (req, res) => {
       // If User is Admin, then send user Lists
       if (User.isAdmin(req.user.perm) || User.isEditor(req.user.perm) ||
           User.isManager(req.user.perm)) {
+
+
         // Send UsersList
         usersList = User.getUsersList(req.user.idapp);
         // usersList = null;