diff --git a/backend/internal/handlers/handlers_project_related.go b/backend/internal/handlers/handlers_project_related.go index df9f3e0..2ab5869 100644 --- a/backend/internal/handlers/handlers_project_related.go +++ b/backend/internal/handlers/handlers_project_related.go @@ -49,13 +49,31 @@ func (gs *GState) GetUserProjects(c *fiber.Ctx) error { // ProjectRoleChange is a handler that changes a user's role within a project func (gs *GState) ProjectRoleChange(c *fiber.Ctx) error { + + //check token and get username of current user + user := c.Locals("user").(*jwt.Token) + claims := user.Claims.(jwt.MapClaims) + projectManagerUsername := claims["name"].(string) + log.Info(projectManagerUsername) // Extract the necessary parameters from the request - username := c.Params("username") - projectName := c.Params("projectName") - role := c.Params("role") + data := new(types.RoleChange) + if err := c.BodyParser(data); err != nil { + log.Info("error parsing username, project or role") + return c.Status(400).SendString(err.Error()) + } + + // dubble diping and checcking if current user is + + if ismanager, err := gs.Db.IsProjectManager(projectManagerUsername, data.Projectname); err != nil { + log.Warn("Error checking if projectmanager:", err) + return c.Status(500).SendString(err.Error()) + } else if !ismanager { + log.Warn("tried chaning role when not projectmanager:", err) + return c.Status(401).SendString("you can not change role when not projectManager") + } // Change the user's role within the project in the database - if err := gs.Db.ChangeUserRole(username, projectName, role); err != nil { + if err := gs.Db.ChangeUserRole(data.Username, data.Projectname, data.Role); err != nil { return c.Status(500).SendString(err.Error()) } diff --git a/backend/internal/types/project.go b/backend/internal/types/project.go index 7e1747f..c336bcb 100644 --- a/backend/internal/types/project.go +++ b/backend/internal/types/project.go @@ -13,3 +13,9 @@ type NewProject struct { Name string `json:"name"` Description string `json:"description"` } + +type RoleChange struct { + Role string `json:"role" tstype:"'project_manager' | 'user'"` + Username string `json:"username"` + Projectname string `json:"projectname"` +} diff --git a/backend/main.go b/backend/main.go index abdf0db..60027fd 100644 --- a/backend/main.go +++ b/backend/main.go @@ -96,7 +96,7 @@ func main() { server.Get("/api/users/all", gs.ListAllUsers) server.Get("/api/getWeeklyReportsUser", gs.GetWeeklyReportsUserHandler) server.Get("api/checkIfProjectManager", gs.IsProjectManagerHandler) - + server.Post("/api/ProjectRoleChange", gs.ProjectRoleChange) // Announce the port we are listening on and start the server err = server.Listen(fmt.Sprintf(":%d", conf.Port)) if err != nil { diff --git a/testing.py b/testing.py index 670abcd..0b803f5 100644 --- a/testing.py +++ b/testing.py @@ -39,7 +39,36 @@ promoteToAdminPath = base_url + "/api/promoteToAdmin" getUserProjectsPath = base_url + "/api/getUserProjects" getWeeklyReportsUserPath = base_url + "/api/getWeeklyReportsUser" checkIfProjectManagerPath = base_url + "/api/checkIfProjectManager" +ProjectRoleChangePath = base_url + "/api/ProjectRoleChange" +#ta bort auth i handlern för att få testet att gå igenom +def test_ProjectRoleChange(): + dprint("Testing ProjectRoleChange") + project_manager = randomString() + register(project_manager, "project_manager_password") + + token = login(project_manager, "project_manager_password").json()[ + "token" + ] + response = requests.post( + addProjectPath, + json={"name": projectName, "description": "This is a project"}, + headers={"Authorization": "Bearer " + token}, + ) + response = requests.post( + ProjectRoleChangePath, + headers={"Authorization": "Bearer " + token}, + json={ + "username": username, + "projectName": projectName, + "week": 1 + }, + ) + if response.status_code != 200: + print("auth not working, för att man inte kan få tag på pm token atm, för att få igenom det så ta bort auth i handler") + + assert response.status_code == 200, "change role successfully" + def test_get_user_projects(): @@ -324,3 +353,4 @@ if __name__ == "__main__": test_add_user_to_project() test_get_weekly_reports_user() test_check_if_project_manager() + test_ProjectRoleChange()