Fixes for various paths

backend/internal/handlers/reports/GetWeeklyReport.go

@@ -16,11 +16,17 @@ func GetWeeklyReport(c *fiber.Ctx) error {
 	claims := user.Claims.(jwt.MapClaims)
 	username := claims["name"].(string)
 
-	log.Info("Getting weekly report for: ", username)
-
 	// Extract project name and week from query parameters
 	projectName := c.Query("projectName")
 	week := c.Query("week")
+	target_user := c.Query("targetUser") // The user whose report is being requested
+
+	// If the target user is not empty, use it as the username
+	if target_user == "" {
+		target_user = username
+	}
+
+	log.Info(username, " trying to get weekly report for: ", target_user)
 
 	if projectName == "" || week == "" {
 		log.Info("Missing project name or week number")
@@ -34,8 +40,20 @@ func GetWeeklyReport(c *fiber.Ctx) error {
 		return c.Status(400).SendString("Invalid week number")
 	}
 
+	// If the token user is not an admin, check if the target user is the same as the token user
+	pm, err := db.GetDb(c).IsProjectManager(username, projectName)
+	if err != nil {
+		log.Info("Error checking if user is project manager:", err)
+		return c.Status(500).SendString(err.Error())
+	}
+
+	if pm == false && target_user != username {
+		log.Info("Unauthorized access")
+		return c.Status(403).SendString("Unauthorized access")
+	}
+
 	// Call the database function to get the weekly report
-	report, err := db.GetDb(c).GetWeeklyReport(username, projectName, weekInt)
+	report, err := db.GetDb(c).GetWeeklyReport(target_user, projectName, weekInt)
 	if err != nil {
 		log.Info("Error getting weekly report from db:", err)
 		return c.Status(500).SendString(err.Error())