Merge branch 'dev' into gruppDM

backend/internal/handlers/reports/Statistics.go

@@ -16,6 +16,7 @@ func GetStatistics(c *fiber.Ctx) error {
 
 	// Extract project name from query parameters
 	projectName := c.Query("projectName")
+	userNameParam := c.Query("userName")
 
 	log.Info(username, " trying to get statistics for project: ", projectName)
 
@@ -24,18 +25,24 @@ func GetStatistics(c *fiber.Ctx) error {
 		return c.Status(400).SendString("Missing project name")
 	}
 
-	// If the user is not a project manager, they can't view statistics
+	// Check if the user is a project manager
 	pm, err := db.GetDb(c).IsProjectManager(username, projectName)
 	if err != nil {
 		log.Info("Error checking if user is project manager:", err)
 		return c.Status(500).SendString(err.Error())
 	}
 
-	if !pm {
+	if userNameParam == "" {
-		log.Info("Unauthorized access")
+		userNameParam = username
+	}
+
+	if !pm || userNameParam != username {
+		log.Info("Unauthorized access for user:", username, "trying to access project:", projectName, "statistics for user:", userNameParam)
 		return c.Status(403).SendString("Unauthorized access")
 	}
 
+	username = userNameParam
+
 	// Retrieve statistics for the project from the database
 	statistics, err := db.GetDb(c).ReportStatistics(username, projectName)
 	if err != nil {

frontend/src/API/API.ts

@@ -269,6 +269,7 @@ interface API {
   getStatistics(
     projectName: string,
     token: string,
+    userName?: string,
   ): Promise<APIResponse<Statistics>>;
 }
 
@@ -980,11 +981,11 @@ export const api: API = {
   },
   async getStatistics(
     projectName: string,
-    token: string,
+    userName?: string,
   ): Promise<APIResponse<Statistics>> {
     try {
       const response = await fetch(
-        `/api/getStatistics/?projectName=${projectName}`,
+        `/api/getStatistics/?projectName=${projectName}?userName=${userName ?? ""}`,
         {
           method: "GET",
           headers: {