From a3f16e713a49018e16c07b1d1f7fc4d403b15b0f Mon Sep 17 00:00:00 2001
From: Imbus <>
Date: Mon, 15 Apr 2024 11:44:19 +0200
Subject: [PATCH] Statistics

---
 backend/internal/handlers/reports/Statistics.go | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/backend/internal/handlers/reports/Statistics.go b/backend/internal/handlers/reports/Statistics.go
index 32f8a7e..71d7540 100644
--- a/backend/internal/handlers/reports/Statistics.go
+++ b/backend/internal/handlers/reports/Statistics.go
@@ -32,17 +32,12 @@ func GetStatistics(c *fiber.Ctx) error {
 		return c.Status(500).SendString(err.Error())
 	}
 
-	if userNameParam == "" {
-		userNameParam = username
-	}
-
-	if !pm || userNameParam != username {
-		log.Info("Unauthorized access for user:", username, "trying to access project:", projectName, "statistics for user:", userNameParam)
+	// Bail if the user is not a PM or checking its own statistics
+	if !pm && userNameParam != "" && userNameParam != username {
+		log.Info("Unauthorized access for user: ", username, "trying to access project: ", projectName, "statistics for user: ", userNameParam)
 		return c.Status(403).SendString("Unauthorized access")
 	}
 
-	username = userNameParam
-
 	// Retrieve statistics for the project from the database
 	statistics, err := db.GetDb(c).ReportStatistics(username, projectName)
 	if err != nil {