Merge

backend/internal/handlers/handlers_project_related.go

@@ -118,6 +118,31 @@ func (gs *GState) ListAllUsersProject(c *fiber.Ctx) error {
 		return c.Status(400).SendString("No project name provided")
 	}
 
+	// Get the user token
+	userToken := c.Locals("user").(*jwt.Token)
+	claims := userToken.Claims.(jwt.MapClaims)
+	username := claims["name"].(string)
+
+	// Check if the user is a project manager for the specified project
+	isManager, err := gs.Db.IsProjectManager(username, projectName)
+	if err != nil {
+		log.Info("Error checking project manager status:", err)
+		return c.Status(500).SendString(err.Error())
+	}
+
+	// If the user is not a project manager, check if the user is a site admin
+	if !isManager {
+		isAdmin, err := gs.Db.IsSiteAdmin(username)
+		if err != nil {
+			log.Info("Error checking admin status:", err)
+			return c.Status(500).SendString(err.Error())
+		}
+		if !isAdmin {
+			log.Info("User is neither a project manager nor a site admin:", username)
+			return c.Status(403).SendString("User is neither a project manager nor a site admin")
+		}
+	}
+
 	// Get all users associated with the project from the database
 	users, err := gs.Db.GetAllUsersProject(projectName)
 	if err != nil {

backend/main.go

@@ -97,6 +97,8 @@ func main() {
 	server.Get("/api/getWeeklyReportsUser", gs.GetWeeklyReportsUserHandler)
 	server.Get("api/checkIfProjectManager", gs.IsProjectManagerHandler)
 	server.Post("/api/ProjectRoleChange", gs.ProjectRoleChange)
+	server.Get("/api/getUsersProject/:projectName", gs.ListAllUsersProject)
+
 	// Announce the port we are listening on and start the server
 	err = server.Listen(fmt.Sprintf(":%d", conf.Port))
 	if err != nil {

testing.py

@@ -40,6 +40,7 @@ getUserProjectsPath = base_url + "/api/getUserProjects"
 getWeeklyReportsUserPath = base_url + "/api/getWeeklyReportsUser"
 checkIfProjectManagerPath = base_url + "/api/checkIfProjectManager"
 ProjectRoleChangePath = base_url + "/api/ProjectRoleChange"
+getUsersProjectPath = base_url + "/api/getUsersProject"
 
 #ta bort auth i handlern för att få testet att gå igenom
 def test_ProjectRoleChange():
@@ -338,7 +339,33 @@ def test_check_if_project_manager():
     assert response.status_code == 200, "Check if project manager failed"
     gprint("test_check_if_project_manager successful")
 
+def test_list_all_users_project():
+    # Log in as a user who is a member of the project
+    admin_username = randomString()
+    admin_password = "admin_password2"
+    dprint(
+        "Registering with username: ", admin_username, " and password: ", admin_password
+    )
+    response = requests.post(
+        registerPath, json={"username": admin_username, "password": admin_password}
+    )
+    dprint(response.text)
 
+    # Log in as the admin
+    admin_token = login(admin_username, admin_password).json()["token"]
+    response = requests.post(
+        promoteToAdminPath,
+        json={"username": admin_username},
+        headers={"Authorization": "Bearer " + admin_token},
+    )
+
+    # Make a request to list all users associated with the project
+    response = requests.get(
+        getUsersProjectPath + "/" + projectName,
+        headers={"Authorization": "Bearer " + admin_token},
+    )
+    assert response.status_code == 200, "List all users project failed"
+    gprint("test_list_all_users_project sucessful")
 
 
 if __name__ == "__main__":
@@ -354,3 +381,4 @@ if __name__ == "__main__":
     test_get_weekly_reports_user()
     test_check_if_project_manager()
     test_ProjectRoleChange()
+    test_list_all_users_project()