- fix QSelect

- permessi none/friends/all

src/server/models/user.js

@@ -426,6 +426,22 @@ UserSchema.statics.setZoomPresenza = async function(idapp, id, presenza) {
 
 };
 
+UserSchema.statics.canHavePower = function(perm) {
+  const User = this;
+
+  try {
+    let consentito = false;
+    if (User.isAdmin(perm) || User.isManager(perm) ||
+        User.isEditor(perm) || User.isTutor(perm)) {
+      consentito = true;
+    }
+
+    return consentito;
+  } catch (e) {
+    return false;
+  }
+};
+
 UserSchema.statics.isAdmin = function(perm) {
   try {
     return ((perm & shared_consts.Permissions.Admin) ===
@@ -1185,13 +1201,82 @@ UserSchema.statics.getUserById = function(idapp, id) {
   });
 };
 
-UserSchema.statics.getUserProfileByUsername = async function(idapp, username) {
+UserSchema.statics.isMyFriend = async function(idapp, username, myusername) {
 
-  let perm = tools.Perm.PERM_ALL; //++Todo: sistemare
+  const myfriends = await User.getUsernameFriendsByUsername(idapp, myusername);
+  if (myfriends) {
+    return myfriends.includes(username);
+  } else {
+    return false;
+  }
+
+
+};
+
+UserSchema.statics.getUserProfileByUsername = async function(idapp, username, myusername, usaSuperPower, myperm = '') {
+  const User = this;
+  // If is my Friend, then can show all
+
+  const ismyfriend = await User.isMyFriend(idapp, username, myusername);
+
+  let perm = tools.Perm.PERM_NONE;
+
+  if (ismyfriend) {
+    perm = tools.Perm.PERM_FRIEND;
+  }
+
+  if (username === myusername) {
+    perm = tools.Perm.PERM_ALL;
+  } else {
+    if (await User.canHavePower(myperm) && usaSuperPower) {
+      perm = tools.Perm.PERM_ALL;
+    }
+  }
 
   let whatToShow = {};
 
-  if (perm === tools.Perm.PERM_ALL) {
+  if (perm === tools.Perm.PERM_NONE) {
+    whatToShow = {
+      lang: 1,
+      index: 1,
+      username: 1,
+      deleted: 1,
+      sospeso: 1,
+      verified_email: 1,
+      verified_by_aportador: 1,
+      date_reg: 1,
+      'profile.img': 1,
+    };
+
+  } else if (perm === tools.Perm.PERM_FRIEND) {
+    whatToShow = {
+      lang: 1,
+      index: 1,
+      username: 1,
+      aportador_solidario: 1,
+      name: 1,
+      surname: 1,
+      deleted: 1,
+      sospeso: 1,
+      verified_email: 1,
+      verified_by_aportador: 1,
+      'profile.nationality': 1,
+      'profile.qualifica': 1,
+      'profile.biografia': 1,
+      'profile.teleg_id': 1,
+      'profile.username_telegram': 1,
+      'profile.website': 1,
+      'profile.img': 1,
+      'profile.sex': 1,
+      'profile.dateofbirth': 1,
+      'profile.born_city': 1,
+      'profile.born_province': 1,
+      'profile.born_country': 1,
+      email: 1,
+      date_reg: 1,
+    };
+
+  } else if (perm === tools.Perm.PERM_ALL) {
     whatToShow = {
       lang: 1,
       index: 1,
@@ -1217,7 +1302,6 @@ UserSchema.statics.getUserProfileByUsername = async function(idapp, username) {
       'profile.born_country': 1,
       email: 1,
       date_reg: 1,
-      img: 1,
     };
   }
 
@@ -1345,7 +1429,7 @@ UserSchema.statics.setFriendsCmd = async function(
         ris = await User.getInfoFriendByUsername(idapp, usernameDest);
       }
     } else if (cmd === shared_consts.FRIENDSCMD.REQFRIEND) {
-      // Aggiungo l'Amicizia a me
+      // Aggiungo la richiesta di Amicizia a me
       const foundIfAlreadyAskFriend = await User.findOne({
         idapp,
         username: usernameDest,

src/server/router/users_router.js

@@ -333,7 +333,7 @@ router.post('/profile', authenticate, (req, res) => {
 
   //++Todo: controlla che tipo di dati ha il permesso di leggere
 
-  return User.getUserProfileByUsername(idapp, username).then((ris) => {
+  return User.getUserProfileByUsername(idapp, username, req.user.username, false, req.user.perm).then((ris) => {
     res.send(ris);
   }).catch((e) => {
     tools.mylog('ERRORE IN Profile: ' + e.message);