Statistics path rework

backend/internal/handlers/reports/Statistics.go

@@ -16,6 +16,7 @@ func GetStatistics(c *fiber.Ctx) error {
 
 	// Extract project name from query parameters
 	projectName := c.Query("projectName")
+	userNameParam := c.Query("userName")
 
 	log.Info(username, " trying to get statistics for project: ", projectName)
 
@@ -24,18 +25,24 @@ func GetStatistics(c *fiber.Ctx) error {
 		return c.Status(400).SendString("Missing project name")
 	}
 
-	// If the user is not a project manager, they can't view statistics
+	// Check if the user is a project manager
 	pm, err := db.GetDb(c).IsProjectManager(username, projectName)
 	if err != nil {
 		log.Info("Error checking if user is project manager:", err)
 		return c.Status(500).SendString(err.Error())
 	}
 
-	if !pm {
-		log.Info("Unauthorized access")
+	if userNameParam == "" {
+		userNameParam = username
+	}
+
+	if !pm || userNameParam != username {
+		log.Info("Unauthorized access for user:", username, "trying to access project:", projectName, "statistics for user:", userNameParam)
 		return c.Status(403).SendString("Unauthorized access")
 	}
 
+	username = userNameParam
+
 	// Retrieve statistics for the project from the database
 	statistics, err := db.GetDb(c).ReportStatistics(username, projectName)
 	if err != nil {