From b756ff42bbbb41eecd0327c6a0cff37885499710 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Sat, 28 Dec 2019 13:38:17 +0100 Subject: [PATCH] Ready to return advanced information about a user --- src/controllers/Routes.ts | 5 +++- src/controllers/UserController.ts | 16 ++++++++++++- src/helpers/FriendsHelper.ts | 16 +++++++++++++ src/helpers/UserHelper.ts | 39 +++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 2 deletions(-) diff --git a/src/controllers/Routes.ts b/src/controllers/Routes.ts index 8378d30..2f7fc12 100644 --- a/src/controllers/Routes.ts +++ b/src/controllers/Routes.ts @@ -49,6 +49,9 @@ export const Routes : Route[] = [ {path: "/user/getInfoMultiple", cb: (h) => UserController.GetMultiple(h), needLogin: false}, {path: "/user/getInfosMultiple", cb: (h) => UserController.GetMultiple(h), needLogin: false}, // Legacy + {path: "/user/getAdvancedUserInfo", cb: (h) => UserController.GetAdvancedInfo(h), needLogin: false}, + {path: "/user/getAdvancedUserInfos", cb: (h) => UserController.GetAdvancedInfo(h), needLogin: false}, // Legacy + // Conversations controller {path: "/conversations/create", cb: (h) => ConversationsController.CreateConversation(h)}, @@ -146,5 +149,5 @@ export const Routes : Route[] = [ // Virtual directory controller {path: "/virtualDirectory/find", cb: (h) => VirtualDirectoryController.Find(h)}, - + ] \ No newline at end of file diff --git a/src/controllers/UserController.ts b/src/controllers/UserController.ts index 8ede570..d9278d9 100644 --- a/src/controllers/UserController.ts +++ b/src/controllers/UserController.ts @@ -2,7 +2,6 @@ import { RequestHandler } from "../entities/RequestHandler"; import { UserHelper } from "../helpers/UserHelper"; import { User, UserPageStatus } from "../entities/User"; import { AccountImage, AccountImageVisibilityLevel } from "../entities/AccountImage"; -import { fixEncoding } from "../utils/StringUtils"; /** * User information controller @@ -48,6 +47,21 @@ export class UserController { handler.send(list); } + /** + * Get advanced information about a user + * + * @param h Request handler + */ + public static async GetAdvancedInfo(h: RequestHandler) { + const userID = await h.postUserId("userID"); + + if(!await UserHelper.CanSeeUserPage(h.optionnalUserID, userID)) + h.error(401, "You are not allowed to access these information!"); + + h.send("Go on"); + } + + private static UserToAPI(user : User, handler: RequestHandler) : Object { return { "userID": user.id, diff --git a/src/helpers/FriendsHelper.ts b/src/helpers/FriendsHelper.ts index 3195180..4a3bcf2 100644 --- a/src/helpers/FriendsHelper.ts +++ b/src/helpers/FriendsHelper.ts @@ -26,4 +26,20 @@ export class FriendsHelper { }); } + /** + * Check out whether two users are friend or not + * + * @param userOne First user + * @param userTwo Second user + */ + public static async AreFriend(userOne: number, userTwo: number) : Promise { + return await DatabaseHelper.Count({ + table: FRIENDS_TABLE, + where: { + ID_personne: userOne, + ID_amis: userTwo, + actif: 1 + } + }) > 0; + } } \ No newline at end of file diff --git a/src/helpers/UserHelper.ts b/src/helpers/UserHelper.ts index 96c3518..1481a4c 100644 --- a/src/helpers/UserHelper.ts +++ b/src/helpers/UserHelper.ts @@ -1,6 +1,7 @@ import { User, UserPageStatus } from "../entities/User"; import { DatabaseHelper } from "./DatabaseHelper"; import { AccountImageHelper } from "./AccountImageHelper"; +import { FriendsHelper } from "./FriendsHelper"; /** * User helper @@ -86,6 +87,44 @@ export class UserHelper { return result == null ? -1 : Number(result.ID); } + /** + * Check out whether a user is allowed to access another + * user's page + * + * @param userID The ID of the user making the request + * @param targetUser The target user page + */ + public static async CanSeeUserPage(userID: number, targetUser: number) : Promise { + + if(userID == targetUser) + return true; + + const visibility = await this.GetVisibility(targetUser); + + // Open page = OK + if(visibility == UserPageStatus.OPEN) return true; + + // Else the user must be signed in + if(userID <= 0) return false; + + // Public page = OK for signed in users + if(visibility == UserPageStatus.PUBLIC) return true; + + // Check if the two users are friend + if(!await FriendsHelper.AreFriend(userID, targetUser)) return false; + + return true; + } + + /** + * Convenience method to get the visibility level of a user + * + * @param userID ID of the target user + */ + private static async GetVisibility(userID: number) : Promise { + return (await this.GetUserInfo(userID)).pageStatus; + } + private static async DbToUser(row: any) : Promise { return new User({