diff --git a/src/server/models/orderscart.js b/src/server/models/orderscart.js
index 72c0929..52e76f7 100755
--- a/src/server/models/orderscart.js
+++ b/src/server/models/orderscart.js
@@ -306,7 +306,7 @@ module.exports.getOrdersCartByUserId = async function (uid, idapp, numorder, fil
       query.numorder = numorder;
     }
 
-    if (uid !== 'ALL') {
+    if (uid !== 'ALL' && !!uid) {
       query.userId = uid;
     }
 
diff --git a/src/server/router/products_router.js b/src/server/router/products_router.js
index aa1fe34..d35bde1 100755
--- a/src/server/router/products_router.js
+++ b/src/server/router/products_router.js
@@ -30,17 +30,13 @@ const Cart = require('../models/cart');
 //GET /products
 router.post('/', auth_default, async function (req, res, next) {
   const idapp = req.body.idapp;
-  let userId = req.body.userId;
-
-  const myuser = await User.getUserById(idapp, userId);
-  let ismanager = false;
-  if (myuser && myuser.perm) {
-    ismanager = User.isManager(myuser.perm);
-  }
+  const userId = req.body.userId;
+  
+  let ismanager = await tools.isManagerByReq(req);
 
   let products = await Product.findAllIdApp(idapp, "", undefined, ismanager);
   let orders = null;
-  if (await User.isManagerById(userId)) {
+  if (ismanager) {
     // Prende Tutti gli Ordini !
     orders = await OrdersCart.getOrdersCartByUserId('ALL', idapp, 0, false);
   } else {
@@ -48,24 +44,10 @@ router.post('/', auth_default, async function (req, res, next) {
   }
 
   if (products)
-    res.send({ code: server_constants.RIS_CODE_OK, products, orders });
+    return res.send({ code: server_constants.RIS_CODE_OK, products, orders });
   else
-    res.status(400).send({ code: server_constants.RIS_CODE_OK, products, orders });
-
-  /*
-  const { query, order } = tools.categorizeQueryString(req.query)
-  Product.getAllProducts(query, order, function (e, products) {
-    if (e) {
-      e.status = 406; return next(e);
-    }
-    if (products.length < 1) {
-      // return res.status(404).json({ message: "products not found" })
-      return [];
-    }
-    res.json({ products: products })
-  })
-  */
-
+    return res.status(400).send({ code: server_constants.RIS_CODE_OK, products, orders });
+  
 });
 
 router.post('/:code', auth_default, async function (req, res, next) {
diff --git a/src/server/tools/general.js b/src/server/tools/general.js
index 9ebc645..ec2de27 100755
--- a/src/server/tools/general.js
+++ b/src/server/tools/general.js
@@ -4384,5 +4384,25 @@ module.exports = {
     return unitrec ? unitrec.value : 0
   },
 
+  async isManagerByReq(req) {
+    try {
+      const idapp = req.body.idapp;
+      let userId = '';
+      if (req.body)
+        userId = req.body.userId;
+
+      const myuser = await User.getUserById(idapp, userId);
+      let ismanager = false;
+      if (myuser && myuser.perm) {
+        ismanager = User.isManager(myuser.perm);
+      }
+
+      return ismanager;
+
+    } catch (e) {
+      return false;
+    }
+  },
+
 
 };