From c391ca85c3264554c1437742a43864ad0c51a8bb Mon Sep 17 00:00:00 2001 From: paoloar77 Date: Fri, 28 Jan 2022 18:15:56 +0100 Subject: [PATCH] - fix QSelect - permessi none/friends/all --- src/server/models/user.js | 94 +++++++++++++++++++++++++++++-- src/server/router/users_router.js | 2 +- 2 files changed, 90 insertions(+), 6 deletions(-) diff --git a/src/server/models/user.js b/src/server/models/user.js index 1e1aec5..8455303 100755 --- a/src/server/models/user.js +++ b/src/server/models/user.js @@ -426,6 +426,22 @@ UserSchema.statics.setZoomPresenza = async function(idapp, id, presenza) { }; +UserSchema.statics.canHavePower = function(perm) { + const User = this; + + try { + let consentito = false; + if (User.isAdmin(perm) || User.isManager(perm) || + User.isEditor(perm) || User.isTutor(perm)) { + consentito = true; + } + + return consentito; + } catch (e) { + return false; + } +}; + UserSchema.statics.isAdmin = function(perm) { try { return ((perm & shared_consts.Permissions.Admin) === @@ -1185,13 +1201,82 @@ UserSchema.statics.getUserById = function(idapp, id) { }); }; -UserSchema.statics.getUserProfileByUsername = async function(idapp, username) { +UserSchema.statics.isMyFriend = async function(idapp, username, myusername) { - let perm = tools.Perm.PERM_ALL; //++Todo: sistemare + const myfriends = await User.getUsernameFriendsByUsername(idapp, myusername); + if (myfriends) { + return myfriends.includes(username); + } else { + return false; + } + + +}; + +UserSchema.statics.getUserProfileByUsername = async function(idapp, username, myusername, usaSuperPower, myperm = '') { + const User = this; + // If is my Friend, then can show all + + const ismyfriend = await User.isMyFriend(idapp, username, myusername); + + let perm = tools.Perm.PERM_NONE; + + if (ismyfriend) { + perm = tools.Perm.PERM_FRIEND; + } + + if (username === myusername) { + perm = tools.Perm.PERM_ALL; + } else { + if (await User.canHavePower(myperm) && usaSuperPower) { + perm = tools.Perm.PERM_ALL; + } + } let whatToShow = {}; - if (perm === tools.Perm.PERM_ALL) { + if (perm === tools.Perm.PERM_NONE) { + whatToShow = { + lang: 1, + index: 1, + username: 1, + deleted: 1, + sospeso: 1, + verified_email: 1, + verified_by_aportador: 1, + date_reg: 1, + 'profile.img': 1, + }; + + } else if (perm === tools.Perm.PERM_FRIEND) { + whatToShow = { + lang: 1, + index: 1, + username: 1, + aportador_solidario: 1, + name: 1, + surname: 1, + deleted: 1, + sospeso: 1, + verified_email: 1, + verified_by_aportador: 1, + 'profile.nationality': 1, + 'profile.qualifica': 1, + 'profile.biografia': 1, + 'profile.teleg_id': 1, + 'profile.username_telegram': 1, + 'profile.website': 1, + 'profile.img': 1, + 'profile.sex': 1, + 'profile.dateofbirth': 1, + 'profile.born_city': 1, + 'profile.born_province': 1, + 'profile.born_country': 1, + email: 1, + date_reg: 1, + }; + + } else if (perm === tools.Perm.PERM_ALL) { whatToShow = { lang: 1, index: 1, @@ -1217,7 +1302,6 @@ UserSchema.statics.getUserProfileByUsername = async function(idapp, username) { 'profile.born_country': 1, email: 1, date_reg: 1, - img: 1, }; } @@ -1345,7 +1429,7 @@ UserSchema.statics.setFriendsCmd = async function( ris = await User.getInfoFriendByUsername(idapp, usernameDest); } } else if (cmd === shared_consts.FRIENDSCMD.REQFRIEND) { - // Aggiungo l'Amicizia a me + // Aggiungo la richiesta di Amicizia a me const foundIfAlreadyAskFriend = await User.findOne({ idapp, username: usernameDest, diff --git a/src/server/router/users_router.js b/src/server/router/users_router.js index e12c606..66db61f 100755 --- a/src/server/router/users_router.js +++ b/src/server/router/users_router.js @@ -333,7 +333,7 @@ router.post('/profile', authenticate, (req, res) => { //++Todo: controlla che tipo di dati ha il permesso di leggere - return User.getUserProfileByUsername(idapp, username).then((ris) => { + return User.getUserProfileByUsername(idapp, username, req.user.username, false, req.user.perm).then((ris) => { res.send(ris); }).catch((e) => { tools.mylog('ERRORE IN Profile: ' + e.message);