diff --git a/backend/internal/handlers/reports/Statistics.go b/backend/internal/handlers/reports/Statistics.go index 8afa0f0..32f8a7e 100644 --- a/backend/internal/handlers/reports/Statistics.go +++ b/backend/internal/handlers/reports/Statistics.go @@ -16,6 +16,7 @@ func GetStatistics(c *fiber.Ctx) error { // Extract project name from query parameters projectName := c.Query("projectName") + userNameParam := c.Query("userName") log.Info(username, " trying to get statistics for project: ", projectName) @@ -24,18 +25,24 @@ func GetStatistics(c *fiber.Ctx) error { return c.Status(400).SendString("Missing project name") } - // If the user is not a project manager, they can't view statistics + // Check if the user is a project manager pm, err := db.GetDb(c).IsProjectManager(username, projectName) if err != nil { log.Info("Error checking if user is project manager:", err) return c.Status(500).SendString(err.Error()) } - if !pm { - log.Info("Unauthorized access") + if userNameParam == "" { + userNameParam = username + } + + if !pm || userNameParam != username { + log.Info("Unauthorized access for user:", username, "trying to access project:", projectName, "statistics for user:", userNameParam) return c.Status(403).SendString("Unauthorized access") } + username = userNameParam + // Retrieve statistics for the project from the database statistics, err := db.GetDb(c).ReportStatistics(username, projectName) if err != nil { diff --git a/frontend/src/API/API.ts b/frontend/src/API/API.ts index 6215064..04164d6 100644 --- a/frontend/src/API/API.ts +++ b/frontend/src/API/API.ts @@ -269,6 +269,7 @@ interface API { getStatistics( projectName: string, token: string, + userName?: string, ): Promise>; } @@ -980,11 +981,11 @@ export const api: API = { }, async getStatistics( projectName: string, - token: string, + userName?: string, ): Promise> { try { const response = await fetch( - `/api/getStatistics/?projectName=${projectName}`, + `/api/getStatistics/?projectName=${projectName}?userName=${userName ?? ""}`, { method: "GET", headers: {