Merge remote-tracking branch 'origin/dev' into gruppPP

2024-04-17 22:29:45 +02:00 · 2024-04-17 22:29:45 +02:00 · 99eb5f17b5
commit 99eb5f17b5
parent b6d9b51865 0176f78067
9 changed files with 333 additions and 5 deletions
--- a/backend/internal/database/db.go
+++ b/backend/internal/database/db.go
@ -47,6 +47,8 @@ type Database interface {
 	GetUserName(id int) (string, error)
 	UnsignWeeklyReport(reportId int, projectManagerId int) error
 	DeleteReport(reportID int) error
+	ChangeProjectName(projectName string, newProjectName string) error
+	ChangeUserPassword(username string, password string) error
 }

 // This struct is a wrapper type that holds the database connection
@ -670,3 +672,14 @@ func (d *Db) DeleteReport(reportID int) error {
 	_, err := d.Exec("DELETE FROM weekly_reports WHERE report_id = ?", reportID)
 	return err
 }
+
+// ChangeProjectName is a handler that changes the name of a project
+func (d *Db) ChangeProjectName(projectName string, newProjectName string) error {
+	_, err := d.Exec("UPDATE projects SET name = ? WHERE name = ?", newProjectName, projectName)
+	return err
+}
+
+func (d *Db) ChangeUserPassword(username string, password string) error {
+	_, err := d.Exec("UPDATE users SET password = ? WHERE username = ?", password, username)
+	return err
+}
--- a/backend/internal/database/db_test.go
+++ b/backend/internal/database/db_test.go
@ -1092,3 +1092,53 @@ func TestDeleteReport(t *testing.T) {
 	}

 }
+
+func TestChangeProjectName(t *testing.T) {
+	db, err := setupAdvancedState()
+	if err != nil {
+		t.Error("setupState failed:", err)
+	}
+
+	// Promote user to Admin
+	err = db.PromoteToAdmin("demouser")
+	if err != nil {
+		t.Error("PromoteToAdmin failed:", err)
+	}
+
+	// Change project name
+	err = db.ChangeProjectName("projecttest", "newprojectname")
+	if err != nil {
+		t.Error("ChangeProjectName failed:", err)
+	}
+
+	// Check if the project name was changed
+	projects, err := db.GetAllProjects()
+	if err != nil {
+		t.Error("GetAllProjects failed:", err)
+	}
+	if projects[0].Name != "newprojectname" {
+		t.Error("ChangeProjectName failed: expected newprojectname, got", projects[0].Name)
+	}
+}
+
+func TestChangeUserPassword(t *testing.T) {
+	db, err := setupState()
+	if err != nil {
+		t.Error("setupState failed:", err)
+	}
+
+	// Add a user
+	_ = db.AddUser("testuser", "password")
+
+	// Change user password
+	err = db.ChangeUserPassword("testuser", "newpassword")
+	if err != nil {
+		t.Error("ChangeUserPassword failed:", err)
+	}
+
+	// Check if the password was changed
+	if !db.CheckUser("testuser", "newpassword") {
+		t.Error("ChangeUserPassword failed: password not changed")
+	}
+
+}
--- a/backend/internal/handlers/projects/ChangeProjectName.go
+++ b/backend/internal/handlers/projects/ChangeProjectName.go
@ -0,0 +1,43 @@
+package projects
+
+import (
+	db "ttime/internal/database"
+
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/log"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// ChangeProjectName is a handler that changes the name of a project
+func ChangeProjectName(c *fiber.Ctx) error {
+
+	//check token and get username of current user
+	user := c.Locals("user").(*jwt.Token)
+	claims := user.Claims.(jwt.MapClaims)
+	username := claims["name"].(string)
+
+	// Extract the necessary parameters from the request
+	projectName := c.Params("projectName")
+	newProjectName := c.Query("newProjectName")
+
+	// Check if user is site admin
+	issiteadmin, err := db.GetDb(c).IsSiteAdmin(username)
+	if err != nil {
+		log.Warn("Error checking if siteadmin:", err)
+		return c.Status(500).SendString(err.Error())
+	} else if !issiteadmin {
+		log.Warn("User is not siteadmin")
+		return c.Status(401).SendString("User is not siteadmin")
+	}
+
+
+	// Perform the project name change
+	err = db.GetDb(c).ChangeProjectName(projectName, newProjectName)
+	if err != nil {
+		log.Warn("Error changing project name:", err)
+		return c.Status(500).SendString(err.Error())
+	}
+
+	// Return a success message
+	return c.Status(200).SendString("Project name changed successfully")
+}
--- a/backend/internal/handlers/reports/Statistics.go
+++ b/backend/internal/handlers/reports/Statistics.go
@ -16,6 +16,7 @@ func GetStatistics(c *fiber.Ctx) error {

 	// Extract project name from query parameters
 	projectName := c.Query("projectName")
+	userNameParam := c.Query("userName")

 	log.Info(username, " trying to get statistics for project: ", projectName)

@ -24,18 +25,23 @@ func GetStatistics(c *fiber.Ctx) error {
 		return c.Status(400).SendString("Missing project name")
 	}

-	// If the user is not a project manager, they can't view statistics
+	// Check if the user is a project manager
 	pm, err := db.GetDb(c).IsProjectManager(username, projectName)
 	if err != nil {
 		log.Info("Error checking if user is project manager:", err)
 		return c.Status(500).SendString(err.Error())
 	}

-	if !pm {
-		log.Info("Unauthorized access")
+	// Bail if the user is not a PM or checking its own statistics
+	if !pm && userNameParam != "" && userNameParam != username {
+		log.Info("Unauthorized access for user: ", username, "trying to access project: ", projectName, "statistics for user: ", userNameParam)
 		return c.Status(403).SendString("Unauthorized access")
 	}

+	if pm && userNameParam != "" {
+		username = userNameParam
+	}
+
 	// Retrieve statistics for the project from the database
 	statistics, err := db.GetDb(c).ReportStatistics(username, projectName)
 	if err != nil {
--- a/backend/internal/handlers/users/ChangeUserPassword.go
+++ b/backend/internal/handlers/users/ChangeUserPassword.go
@ -0,0 +1,42 @@
+package users
+
+import (
+	db "ttime/internal/database"
+
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/log"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// ChangeUserPassword is a handler that changes the password of a user
+func ChangeUserPassword(c *fiber.Ctx) error {
+
+	//Check token and get username of current user
+	user := c.Locals("user").(*jwt.Token)
+	claims := user.Claims.(jwt.MapClaims)
+	admin := claims["name"].(string)
+
+	// Extract the necessary parameters from the request
+	username := c.Params("username")
+	newPassword := c.Query("newPassword")
+
+	// Check if user is site admin
+	issiteadmin, err := db.GetDb(c).IsSiteAdmin(admin)
+	if err != nil {
+		log.Warn("Error checking if siteadmin:", err)
+		return c.Status(500).SendString(err.Error())
+	} else if !issiteadmin {
+		log.Warn("User is not siteadmin")
+		return c.Status(401).SendString("User is not siteadmin")
+	}
+
+	// Perform the password change
+	err = db.GetDb(c).ChangeUserPassword(username, newPassword)
+	if err != nil {
+		log.Warn("Error changing password:", err)
+		return c.Status(500).SendString(err.Error())
+	}
+
+	// Return a success message
+	return c.Status(200).SendString("Password changed successfully")
+}
--- a/backend/main.go
+++ b/backend/main.go
@ -110,6 +110,7 @@ func main() {
 	api.Post("/promoteToAdmin", users.PromoteToAdmin)
 	api.Put("/changeUserName", users.ChangeUserName)
 	api.Delete("/userdelete/:username", users.UserDelete) // Perhaps just use POST to avoid headaches
+	api.Put("/changeUserPassword/:username", users.ChangeUserPassword)

 	// All project related routes
 	// projectGroup := api.Group("/project") // Not currently in use
@ -125,6 +126,7 @@ func main() {
 	api.Delete("/removeUserFromProject/:projectName", projects.RemoveUserFromProject)
 	api.Delete("/removeProject/:projectName", projects.RemoveProject)
 	api.Delete("/project/:projectID", projects.DeleteProject)
+	api.Put("/ChangeProjectName/:projectName", projects.ChangeProjectName)

 	// All report related routes
 	// reportGroup := api.Group("/report") // Not currently in use