Fixes for various paths

backend/internal/handlers/projects/AddUserToProject.go

@@ -10,42 +10,33 @@ import (
 
 // AddUserToProjectHandler is a handler that adds a user to a project with a specified role
 func AddUserToProjectHandler(c *fiber.Ctx) error {
-	// Extract necessary parameters from the request
-	var requestData struct {
-		Username    string `json:"username"`
-		ProjectName string `json:"projectName"`
-		Role        string `json:"role"`
-	}
-	if err := c.BodyParser(&requestData); err != nil {
-		log.Info("Error parsing request body:", err)
-		return c.Status(400).SendString("Bad request")
-	}
-
-	// Check if the user adding another user to the project is a site admin
 	user := c.Locals("user").(*jwt.Token)
 	claims := user.Claims.(jwt.MapClaims)
-	adminUsername := claims["name"].(string)
+	pm_name := claims["name"].(string)
-	log.Info("Admin username from claims:", adminUsername)
 
-	isAdmin, err := db.GetDb(c).IsSiteAdmin(adminUsername)
+	project := c.Params("projectName")
+	username := c.Query("userName")
+
+	// Check if the user is a project manager
+	isPM, err := db.GetDb(c).IsProjectManager(pm_name, project)
 	if err != nil {
-		log.Info("Error checking admin status:", err)
+		log.Info("Error checking if user is project manager:", err)
 		return c.Status(500).SendString(err.Error())
 	}
 
-	if !isAdmin {
+	if !isPM {
-		log.Info("User is not a site admin:", adminUsername)
+		log.Info("User: ", pm_name, " is not a project manager in project: ", project)
-		return c.Status(403).SendString("User is not a site admin")
+		return c.Status(403).SendString("User is not a project manager")
 	}
 
 	// Add the user to the project with the specified role
-	err = db.GetDb(c).AddUserToProject(requestData.Username, requestData.ProjectName, requestData.Role)
+	err = db.GetDb(c).AddUserToProject(username, project, "member")
 	if err != nil {
 		log.Info("Error adding user to project:", err)
 		return c.Status(500).SendString(err.Error())
 	}
 
 	// Return success message
-	log.Info("User added to project successfully:", requestData.Username)
+	log.Info("User : ", username, " added to project: ", project)
 	return c.SendStatus(fiber.StatusOK)
 }

backend/internal/handlers/reports/GetWeeklyReport.go

@@ -16,11 +16,17 @@ func GetWeeklyReport(c *fiber.Ctx) error {
 	claims := user.Claims.(jwt.MapClaims)
 	username := claims["name"].(string)
 
-	log.Info("Getting weekly report for: ", username)
-
 	// Extract project name and week from query parameters
 	projectName := c.Query("projectName")
 	week := c.Query("week")
+	target_user := c.Query("targetUser") // The user whose report is being requested
+
+	// If the target user is not empty, use it as the username
+	if target_user == "" {
+		target_user = username
+	}
+
+	log.Info(username, " trying to get weekly report for: ", target_user)
 
 	if projectName == "" || week == "" {
 		log.Info("Missing project name or week number")
@@ -34,8 +40,20 @@ func GetWeeklyReport(c *fiber.Ctx) error {
 		return c.Status(400).SendString("Invalid week number")
 	}
 
+	// If the token user is not an admin, check if the target user is the same as the token user
+	pm, err := db.GetDb(c).IsProjectManager(username, projectName)
+	if err != nil {
+		log.Info("Error checking if user is project manager:", err)
+		return c.Status(500).SendString(err.Error())
+	}
+
+	if pm == false && target_user != username {
+		log.Info("Unauthorized access")
+		return c.Status(403).SendString("Unauthorized access")
+	}
+
 	// Call the database function to get the weekly report
-	report, err := db.GetDb(c).GetWeeklyReport(username, projectName, weekInt)
+	report, err := db.GetDb(c).GetWeeklyReport(target_user, projectName, weekInt)
 	if err != nil {
 		log.Info("Error getting weekly report from db:", err)
 		return c.Status(500).SendString(err.Error())