-added auth for rolechange, endpoint and test

backend/internal/handlers/handlers_project_related.go

@@ -49,13 +49,31 @@ func (gs *GState) GetUserProjects(c *fiber.Ctx) error {
 
 // ProjectRoleChange is a handler that changes a user's role within a project
 func (gs *GState) ProjectRoleChange(c *fiber.Ctx) error {
+
+	//check token and get username of current user
+	user := c.Locals("user").(*jwt.Token)
+	claims := user.Claims.(jwt.MapClaims)
+	projectManagerUsername := claims["name"].(string)
+	log.Info(projectManagerUsername)
 	// Extract the necessary parameters from the request
-	username := c.Params("username")
+	data := new(types.RoleChange)
-	projectName := c.Params("projectName")
+	if err := c.BodyParser(data); err != nil {
-	role := c.Params("role")
+		log.Info("error parsing username, project or role")
+		return c.Status(400).SendString(err.Error())
+	}
+
+	// dubble diping and checcking if current user is
+
+	if ismanager, err := gs.Db.IsProjectManager(projectManagerUsername, data.Projectname); err != nil {
+		log.Warn("Error checking if projectmanager:", err)
+		return c.Status(500).SendString(err.Error())
+	} else if !ismanager {
+		log.Warn("tried chaning role when not projectmanager:", err)
+		return c.Status(401).SendString("you can not change role when not projectManager")
+	}
 
 	// Change the user's role within the project in the database
-	if err := gs.Db.ChangeUserRole(username, projectName, role); err != nil {
+	if err := gs.Db.ChangeUserRole(data.Username, data.Projectname, data.Role); err != nil {
 		return c.Status(500).SendString(err.Error())
 	}
 

backend/internal/types/project.go

@@ -13,3 +13,9 @@ type NewProject struct {
 	Name        string `json:"name"`
 	Description string `json:"description"`
 }
+
+type RoleChange struct {
+	Role        string `json:"role" tstype:"'project_manager' | 'user'"`
+	Username    string `json:"username"`
+	Projectname string `json:"projectname"`
+}

backend/main.go

@@ -96,7 +96,7 @@ func main() {
 	server.Get("/api/users/all", gs.ListAllUsers)
 	server.Get("/api/getWeeklyReportsUser", gs.GetWeeklyReportsUserHandler)
 	server.Get("api/checkIfProjectManager", gs.IsProjectManagerHandler)
-
+	server.Post("/api/ProjectRoleChange", gs.ProjectRoleChange)
 	// Announce the port we are listening on and start the server
 	err = server.Listen(fmt.Sprintf(":%d", conf.Port))
 	if err != nil {

testing.py

@@ -39,6 +39,35 @@ promoteToAdminPath = base_url + "/api/promoteToAdmin"
 getUserProjectsPath = base_url + "/api/getUserProjects"
 getWeeklyReportsUserPath = base_url + "/api/getWeeklyReportsUser"
 checkIfProjectManagerPath = base_url + "/api/checkIfProjectManager"
+ProjectRoleChangePath = base_url + "/api/ProjectRoleChange"
+
+#ta bort auth i handlern för att få testet att gå igenom
+def test_ProjectRoleChange():
+    dprint("Testing ProjectRoleChange")
+    project_manager = randomString()
+    register(project_manager, "project_manager_password")
+
+    token = login(project_manager, "project_manager_password").json()[
+        "token"
+    ]
+    response = requests.post(
+        addProjectPath,
+        json={"name": projectName, "description": "This is a project"},
+        headers={"Authorization": "Bearer " + token},
+    )
+    response = requests.post(
+        ProjectRoleChangePath,
+        headers={"Authorization": "Bearer " + token},
+        json={
+            "username": username,
+            "projectName": projectName,
+            "week": 1
+        },
+    )
+    if response.status_code != 200:
+        print("auth not working, för att man inte kan få tag på pm token atm, för att få igenom det så ta bort auth i handler")
+    
+    assert response.status_code == 200, "change role successfully"
     
 
 def test_get_user_projects():
@@ -324,3 +353,4 @@ if __name__ == "__main__":
     test_add_user_to_project()
     test_get_weekly_reports_user()
     test_check_if_project_manager()
+    test_ProjectRoleChange()