Changed GetUserProjects so that you have to get username from params. Now admin can choose a user and see what projects the user belongs to

2024-03-28 21:25:59 +01:00 · 2024-03-28 21:25:59 +01:00 · 85795f5406
commit 85795f5406
parent 218b0b3ab7
2 changed files with 6 additions and 5 deletions
--- a/backend/internal/handlers/handlers_project_related.go
+++ b/backend/internal/handlers/handlers_project_related.go
@ -44,10 +44,11 @@ func (gs *GState) DeleteProject(c *fiber.Ctx) error {

 // GetUserProjects returns all projects that the user is a member of
 func (gs *GState) GetUserProjects(c *fiber.Ctx) error {
-	// First we get the username from the token
-	user := c.Locals("user").(*jwt.Token)
-	claims := user.Claims.(jwt.MapClaims)
-	username := claims["name"].(string)
+	username := c.Params("username")
+	if username == "" {
+		log.Info("No username provided")
+		return c.Status(400).SendString("No username provided")
+	}

 	// Then dip into the database to get the projects
 	projects, err := gs.Db.GetProjectsForUser(username)
--- a/backend/main.go
+++ b/backend/main.go
@ -84,7 +84,7 @@ func main() {

 	// Protected routes (require a valid JWT bearer token authentication header)
 	server.Post("/api/submitWeeklyReport", gs.SubmitWeeklyReport)
-	server.Get("/api/getUserProjects", gs.GetUserProjects)
+	server.Get("/api/getUserProjects/:username", gs.GetUserProjects)
 	server.Post("/api/loginrenew", gs.LoginRenew)
 	server.Delete("/api/userdelete/:username", gs.UserDelete) // Perhaps just use POST to avoid headaches
 	server.Delete("api/project/:projectID", gs.DeleteProject) // WIP