Changed GetUserProjects so that you have to get username from params. Now admin can choose a user and see what projects the user belongs to

backend/internal/handlers/handlers_project_related.go

@@ -44,10 +44,11 @@ func (gs *GState) DeleteProject(c *fiber.Ctx) error {
 
 // GetUserProjects returns all projects that the user is a member of
 func (gs *GState) GetUserProjects(c *fiber.Ctx) error {
-	// First we get the username from the token
+	username := c.Params("username")
-	user := c.Locals("user").(*jwt.Token)
+	if username == "" {
-	claims := user.Claims.(jwt.MapClaims)
+		log.Info("No username provided")
-	username := claims["name"].(string)
+		return c.Status(400).SendString("No username provided")
+	}
 
 	// Then dip into the database to get the projects
 	projects, err := gs.Db.GetProjectsForUser(username)

backend/main.go

@@ -84,7 +84,7 @@ func main() {
 
 	// Protected routes (require a valid JWT bearer token authentication header)
 	server.Post("/api/submitWeeklyReport", gs.SubmitWeeklyReport)
-	server.Get("/api/getUserProjects", gs.GetUserProjects)
+	server.Get("/api/getUserProjects/:username", gs.GetUserProjects)
 	server.Post("/api/loginrenew", gs.LoginRenew)
 	server.Delete("/api/userdelete/:username", gs.UserDelete) // Perhaps just use POST to avoid headaches
 	server.Delete("api/project/:projectID", gs.DeleteProject) // WIP