-added auth for rolechange, endpoint and test

backend/internal/handlers/handlers_project_related.go

@@ -49,13 +49,31 @@ func (gs *GState) GetUserProjects(c *fiber.Ctx) error {
 
 // ProjectRoleChange is a handler that changes a user's role within a project
 func (gs *GState) ProjectRoleChange(c *fiber.Ctx) error {
+
+	//check token and get username of current user
+	user := c.Locals("user").(*jwt.Token)
+	claims := user.Claims.(jwt.MapClaims)
+	projectManagerUsername := claims["name"].(string)
+	log.Info(projectManagerUsername)
 	// Extract the necessary parameters from the request
-	username := c.Params("username")
-	projectName := c.Params("projectName")
-	role := c.Params("role")
+	data := new(types.RoleChange)
+	if err := c.BodyParser(data); err != nil {
+		log.Info("error parsing username, project or role")
+		return c.Status(400).SendString(err.Error())
+	}
+
+	// dubble diping and checcking if current user is
+
+	if ismanager, err := gs.Db.IsProjectManager(projectManagerUsername, data.Projectname); err != nil {
+		log.Warn("Error checking if projectmanager:", err)
+		return c.Status(500).SendString(err.Error())
+	} else if !ismanager {
+		log.Warn("tried chaning role when not projectmanager:", err)
+		return c.Status(401).SendString("you can not change role when not projectManager")
+	}
 
 	// Change the user's role within the project in the database
-	if err := gs.Db.ChangeUserRole(username, projectName, role); err != nil {
+	if err := gs.Db.ChangeUserRole(data.Username, data.Projectname, data.Role); err != nil {
 		return c.Status(500).SendString(err.Error())
 	}
 

backend/internal/types/project.go

@@ -13,3 +13,9 @@ type NewProject struct {
 	Name        string `json:"name"`
 	Description string `json:"description"`
 }
+
+type RoleChange struct {
+	Role        string `json:"role" tstype:"'project_manager' | 'user'"`
+	Username    string `json:"username"`
+	Projectname string `json:"projectname"`
+}