refactor: implemented privacy checks in the GetProfileByUsername method;

refactor: reworked sql request for privacy-checking profile getter

sqlc/query.sql

@@ -296,29 +296,33 @@ SELECT profiles.* FROM profiles
 JOIN users ON users.id = profiles.user_id
 WHERE users.username = $1;
 
-;-- name: GetProfileByUsernameRestricted :one
+;-- name: GetProfileByUsernameWithPrivacy :one
 SELECT
-  users.username,
-  profiles.name,
-  CASE
-      WHEN profile_settings.hide_birthday OR profile_settings.hide_profile_details THEN NULL 
-      ELSE profiles.birthday
-  END AS birthday,
-  CASE
-      WHEN profile_settings.hide_profile_details THEN NULL 
-      ELSE profiles.bio
-  END AS bio,
-  CASE
-      WHEN profile_settings.hide_profile_details THEN NULL 
-      ELSE profiles.avatar_url
-  END AS avatar_url,
-  profiles.color,
-  profiles.color_grad,
-  profile_settings.hide_profile_details
-FROM profiles
-JOIN users ON users.id = profiles.user_id
-JOIN profile_settings ON profiles.id = profile_settings.profile_id 
-WHERE users.username = $1 AND ($2 IS FALSE OR profile_settings.hide_for_unauthenticated IS FALSE);
+  u.username,
+  p.name,
+  p.bio,
+  p.avatar_url,
+  CASE WHEN ps.hide_birthday THEN NULL ELSE p.birthday END AS birthday,
+  p.color,
+  p.color_grad,
+  NOT (@requester::text = '' AND ps.hide_for_unauthenticated) AS access_allowed
+FROM
+  users AS u
+JOIN profiles AS p ON u.id = p.user_id
+JOIN profile_settings AS ps ON p.id = ps.profile_id
+WHERE
+  u.username = @searched_username::text
+  AND (
+    @searched_username::text = @requester::text
+    OR
+    u.deleted IS FALSE
+    AND u.verified IS TRUE
+    AND NOT EXISTS (
+      SELECT 1
+      FROM banned_users
+      WHERE user_id = u.id
+    )
+  );
 
 ;-- name: GetProfilesRestricted :many
 SELECT