From 378dd99592d3d6c1eba3ef503c7d07c88c4484da Mon Sep 17 00:00:00 2001
From: Peter KW <peter.k.w.96@gmail.com>
Date: Mon, 1 Apr 2024 02:08:19 +0200
Subject: [PATCH] Changed so that you can only change other users role

---
 .../internal/handlers/projects/ProjectRoleChange.go    | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/backend/internal/handlers/projects/ProjectRoleChange.go b/backend/internal/handlers/projects/ProjectRoleChange.go
index 266127d..6c5d455 100644
--- a/backend/internal/handlers/projects/ProjectRoleChange.go
+++ b/backend/internal/handlers/projects/ProjectRoleChange.go
@@ -24,7 +24,13 @@ func ProjectRoleChange(c *fiber.Ctx) error {
 		return c.Status(400).SendString(err.Error())
 	}
 
-	log.Info("Changing role for user: ", username, " in project: ", data.Projectname, " to: ", data.Role)
+	// Check if user is trying to change its own role
+	if username == data.UserName {
+		log.Info("Can't change your own role")
+		return c.Status(403).SendString("Can't change your own role")
+	}
+
+	log.Info("Changing role for user: ", data.UserName, " in project: ", data.Projectname, " to: ", data.Role)
 
 	// Dubble diping and checcking if current user is
 	if ismanager, err := db.GetDb(c).IsProjectManager(username, data.Projectname); err != nil {
@@ -36,7 +42,7 @@ func ProjectRoleChange(c *fiber.Ctx) error {
 	}
 
 	// Change the user's role within the project in the database
-	if err := db.GetDb(c).ChangeUserRole(username, data.Projectname, data.Role); err != nil {
+	if err := db.GetDb(c).ChangeUserRole(data.UserName, data.Projectname, data.Role); err != nil {
 		return c.Status(500).SendString(err.Error())
 	}