Ready to return advanced information about a user

src/controllers/Routes.ts

@@ -49,6 +49,9 @@ export const Routes : Route[] = [
 	{path: "/user/getInfoMultiple", cb: (h) => UserController.GetMultiple(h), needLogin: false},
 	{path: "/user/getInfosMultiple", cb: (h) => UserController.GetMultiple(h), needLogin: false}, // Legacy
 
+	{path: "/user/getAdvancedUserInfo", cb: (h) => UserController.GetAdvancedInfo(h), needLogin: false},
+	{path: "/user/getAdvancedUserInfos", cb: (h) => UserController.GetAdvancedInfo(h), needLogin: false}, // Legacy
+
 
 	// Conversations controller
 	{path: "/conversations/create", cb: (h) => ConversationsController.CreateConversation(h)},

src/controllers/UserController.ts

@@ -2,7 +2,6 @@ import { RequestHandler } from "../entities/RequestHandler";
 import { UserHelper } from "../helpers/UserHelper";
 import { User, UserPageStatus } from "../entities/User";
 import { AccountImage, AccountImageVisibilityLevel } from "../entities/AccountImage";
-import { fixEncoding } from "../utils/StringUtils";
 
 /**
  * User information controller
@@ -48,6 +47,21 @@ export class UserController {
 		handler.send(list);
 	}
 
+	/**
+	 * Get advanced information about a user
+	 * 
+	 * @param h Request handler
+	 */
+	public static async GetAdvancedInfo(h: RequestHandler) {
+		const userID = await h.postUserId("userID");
+
+		if(!await UserHelper.CanSeeUserPage(h.optionnalUserID, userID))
+			h.error(401, "You are not allowed to access these information!");
+		
+		h.send("Go on");
+	}
+
+
 	private static UserToAPI(user : User, handler: RequestHandler) : Object {
 		return {
 			"userID": user.id,

src/helpers/FriendsHelper.ts

@@ -26,4 +26,20 @@ export class FriendsHelper {
 		});
 	}
 
+	/**
+	 * Check out whether two users are friend or not
+	 * 
+	 * @param userOne First user
+	 * @param userTwo Second user
+	 */
+	public static async AreFriend(userOne: number, userTwo: number) : Promise<boolean> {
+		return await DatabaseHelper.Count({
+			table: FRIENDS_TABLE,
+			where: {
+				ID_personne: userOne,
+				ID_amis: userTwo,
+				actif: 1
+			}
+		}) > 0;
+	}
 }

src/helpers/UserHelper.ts

@@ -1,6 +1,7 @@
 import { User, UserPageStatus } from "../entities/User";
 import { DatabaseHelper } from "./DatabaseHelper";
 import { AccountImageHelper } from "./AccountImageHelper";
+import { FriendsHelper } from "./FriendsHelper";
 
 /**
  * User helper
@@ -86,6 +87,44 @@ export class UserHelper {
 		return result == null ? -1 : Number(result.ID);
 	}
 
+	/**
+	 * Check out whether a user is allowed to access another
+	 * user's page
+	 * 
+	 * @param userID The ID of the user making the request
+	 * @param targetUser The target user page
+	 */
+	public static async CanSeeUserPage(userID: number, targetUser: number) : Promise<boolean> {
+		
+		if(userID == targetUser)
+			return true;
+		
+		const visibility = await this.GetVisibility(targetUser);
+		
+		// Open page = OK
+		if(visibility == UserPageStatus.OPEN) return true;
+
+		// Else the user must be signed in
+		if(userID <= 0) return false;
+
+		// Public page = OK for signed in users
+		if(visibility == UserPageStatus.PUBLIC) return true;
+
+		// Check if the two users are friend
+		if(!await FriendsHelper.AreFriend(userID, targetUser)) return false;
+
+		return true;
+	}
+
+	/**
+	 * Convenience method to get the visibility level of a user
+	 * 
+	 * @param userID ID of the target user
+	 */
+	private static async GetVisibility(userID: number) : Promise<UserPageStatus> {
+		return (await this.GetUserInfo(userID)).pageStatus;
+	}
+
 
 	private static async DbToUser(row: any) : Promise<User> {
 		return new User({