diff --git a/src/main/java/no/nibio/vips/logic/service/ObservationService.java b/src/main/java/no/nibio/vips/logic/service/ObservationService.java index 179666f2fed3648680ad9371de10bb8686d5eeb7..d3237ac9d13180b2c076f30ab8058dceea4d12b8 100755 --- a/src/main/java/no/nibio/vips/logic/service/ObservationService.java +++ b/src/main/java/no/nibio/vips/logic/service/ObservationService.java @@ -37,6 +37,7 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.Response; import no.nibio.vips.logic.entity.Observation; +import no.nibio.vips.logic.entity.VipsLogicRole; import no.nibio.vips.logic.entity.VipsLogicUser; import no.nibio.vips.logic.util.GISUtil; import no.nibio.vips.logic.util.Globals; @@ -240,12 +241,27 @@ public class ObservationService { /** * Deletes a gis entity and its corresponding observation - * TODO Authentication */ @DELETE @Path("gisobservation/{gisId}") public Response deleteGisObservation(@PathParam("gisId") Integer gisId) { + VipsLogicUser user = (VipsLogicUser) httpServletRequest.getSession().getAttribute("user"); + // If no user, send error message back to client + if(user == null) + { + return Response.status(Response.Status.UNAUTHORIZED).build(); + } + if(!SessionControllerGetter.getUserBean().authorizeUser(user, + VipsLogicRole.OBSERVER, + VipsLogicRole.OBSERVATION_AUTHORITY, + VipsLogicRole.ORGANIZATION_ADMINISTRATOR, + VipsLogicRole.SUPERUSER + ) + ) + { + return Response.status(Response.Status.FORBIDDEN).build(); + } SessionControllerGetter.getObservationBean().deleteGisObservationByGis(gisId); return Response.noContent().build(); } @@ -266,7 +282,21 @@ public class ObservationService { // Create the Observation Observation observation = SessionControllerGetter.getObservationBean().getObservationFromGeoJSON(geoJSON); VipsLogicUser user = (VipsLogicUser) httpServletRequest.getSession().getAttribute("user"); - //System.out.println("user exists?" + (user != null)); + // If no user, send error message back to client + if(user == null) + { + return Response.status(Response.Status.UNAUTHORIZED).build(); + } + if(!SessionControllerGetter.getUserBean().authorizeUser(user, + VipsLogicRole.OBSERVER, + VipsLogicRole.OBSERVATION_AUTHORITY, + VipsLogicRole.ORGANIZATION_ADMINISTRATOR, + VipsLogicRole.SUPERUSER + ) + ) + { + return Response.status(Response.Status.FORBIDDEN).build(); + } observation.setUserId(user.getUserId()); observation.setStatusChangedByUserId(user.getUserId()); observation.setStatusChangedTime(new Date()); diff --git a/src/main/webapp/map_applications/fireblight/js/map.js b/src/main/webapp/map_applications/fireblight/js/map.js index b7a894089e6bbcf59408ae32757d3e593388467d..8aff3b4ec277ec7a1c9832b3388a57bf0ebd7550 100755 --- a/src/main/webapp/map_applications/fireblight/js/map.js +++ b/src/main/webapp/map_applications/fireblight/js/map.js @@ -408,7 +408,6 @@ var storeFeature = function(featureId) var format = new ol.format.GeoJSON(); var drawnfeatures = format.readFeatures(geoData, { - //dataProjection: "EPSG:32633", dataProjection: "EPSG:4326", featureProjection: map.getView().getProjection().getCode() }); @@ -423,8 +422,18 @@ var storeFeature = function(featureId) featureOverlay.getSource().addFeatures(drawnfeatures); unFocusForm(); }, - failure: function(errMsg) { - alert(errMsg); + error: function( jqXHR, textStatus, errorThrown) { + if(jqXHR.status == 401) + { + if(confirm("Kan ikke lagre fordi du er logget ut av applikasjonen. Klikk OK for å logge inn.")) + { + window.location.reload(); + } + } + else + { + alert("Beklager, en feil oppsto. Status = " + jqXHR.status + ", eventuell feilmelding: " + textStatus); + } } }); @@ -459,8 +468,18 @@ var deleteFeature = function(featureId) } unFocusForm(); }, - failure: function(errMsg) { - alert(errMsg); + error: function( jqXHR, textStatus, errorThrown) { + if(jqXHR.status == 401) + { + if(confirm("Kan ikke slette fordi du er logget ut av applikasjonen. Klikk OK for å logge inn.")) + { + window.location.reload(); + } + } + else + { + alert("Beklager, en feil oppsto. Status = " + jqXHR.status + ", eventuell feilmelding: " + textStatus); + } } }); }