From 435780bbbc060abf7261f43a5ab1c2cabec0a07a Mon Sep 17 00:00:00 2001
From: Tor-Einar Skog <tor-einar.skog@nibio.no>
Date: Thu, 13 Jul 2017 10:59:19 -0700
Subject: [PATCH] Bugfix in fireblight map application: Now alerting users that
 have been logged out that they need to log in in order to edit observations

---
 .../logic/service/ObservationService.java     | 34 +++++++++++++++++--
 .../map_applications/fireblight/js/map.js     | 29 +++++++++++++---
 2 files changed, 56 insertions(+), 7 deletions(-)

diff --git a/src/main/java/no/nibio/vips/logic/service/ObservationService.java b/src/main/java/no/nibio/vips/logic/service/ObservationService.java
index 179666f2..d3237ac9 100755
--- a/src/main/java/no/nibio/vips/logic/service/ObservationService.java
+++ b/src/main/java/no/nibio/vips/logic/service/ObservationService.java
@@ -37,6 +37,7 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 import no.nibio.vips.logic.entity.Observation;
+import no.nibio.vips.logic.entity.VipsLogicRole;
 import no.nibio.vips.logic.entity.VipsLogicUser;
 import no.nibio.vips.logic.util.GISUtil;
 import no.nibio.vips.logic.util.Globals;
@@ -240,12 +241,27 @@ public class ObservationService {
     
     /**
      * Deletes a gis entity and its corresponding observation
-     * TODO Authentication
      */
     @DELETE
     @Path("gisobservation/{gisId}")
     public Response deleteGisObservation(@PathParam("gisId") Integer gisId)
     {
+        VipsLogicUser user = (VipsLogicUser) httpServletRequest.getSession().getAttribute("user");
+        // If no user, send error message back to client
+        if(user == null)
+        {
+            return Response.status(Response.Status.UNAUTHORIZED).build();
+        }
+        if(!SessionControllerGetter.getUserBean().authorizeUser(user, 
+                    VipsLogicRole.OBSERVER, 
+                    VipsLogicRole.OBSERVATION_AUTHORITY, 
+                    VipsLogicRole.ORGANIZATION_ADMINISTRATOR,
+                    VipsLogicRole.SUPERUSER
+                )
+            )
+        {
+            return Response.status(Response.Status.FORBIDDEN).build();
+        }
         SessionControllerGetter.getObservationBean().deleteGisObservationByGis(gisId);
         return Response.noContent().build();
     }
@@ -266,7 +282,21 @@ public class ObservationService {
             // Create the Observation
             Observation observation = SessionControllerGetter.getObservationBean().getObservationFromGeoJSON(geoJSON);
             VipsLogicUser user = (VipsLogicUser) httpServletRequest.getSession().getAttribute("user");
-            //System.out.println("user exists?" + (user != null));
+            // If no user, send error message back to client
+            if(user == null)
+            {
+                return Response.status(Response.Status.UNAUTHORIZED).build();
+            }
+            if(!SessionControllerGetter.getUserBean().authorizeUser(user, 
+                    VipsLogicRole.OBSERVER, 
+                    VipsLogicRole.OBSERVATION_AUTHORITY, 
+                    VipsLogicRole.ORGANIZATION_ADMINISTRATOR,
+                    VipsLogicRole.SUPERUSER
+                )
+            )
+            {
+                return Response.status(Response.Status.FORBIDDEN).build();
+            }
             observation.setUserId(user.getUserId());
             observation.setStatusChangedByUserId(user.getUserId());
             observation.setStatusChangedTime(new Date());
diff --git a/src/main/webapp/map_applications/fireblight/js/map.js b/src/main/webapp/map_applications/fireblight/js/map.js
index b7a89408..8aff3b4e 100755
--- a/src/main/webapp/map_applications/fireblight/js/map.js
+++ b/src/main/webapp/map_applications/fireblight/js/map.js
@@ -408,7 +408,6 @@ var storeFeature = function(featureId)
             var format = new ol.format.GeoJSON();
 
             var drawnfeatures = format.readFeatures(geoData, {
-              //dataProjection: "EPSG:32633",
               dataProjection: "EPSG:4326",
               featureProjection: map.getView().getProjection().getCode()
             });
@@ -423,8 +422,18 @@ var storeFeature = function(featureId)
             featureOverlay.getSource().addFeatures(drawnfeatures);
             unFocusForm();
         },
-        failure: function(errMsg) {
-            alert(errMsg);
+        error: function( jqXHR, textStatus, errorThrown) {
+            if(jqXHR.status == 401)
+            {
+                if(confirm("Kan ikke lagre fordi du er logget ut av applikasjonen. Klikk OK for å logge inn."))
+                {
+                    window.location.reload();
+                }
+            }
+            else
+            {
+                alert("Beklager, en feil oppsto. Status = " + jqXHR.status + ", eventuell feilmelding: " + textStatus);
+            }
         }
     });
     
@@ -459,8 +468,18 @@ var deleteFeature = function(featureId)
             }
             unFocusForm();
         },
-        failure: function(errMsg) {
-            alert(errMsg);
+        error: function( jqXHR, textStatus, errorThrown) {
+            if(jqXHR.status == 401)
+            {
+                if(confirm("Kan ikke slette fordi du er logget ut av applikasjonen. Klikk OK for å logge inn."))
+                {
+                    window.location.reload();
+                }
+            }
+            else
+            {
+                alert("Beklager, en feil oppsto. Status = " + jqXHR.status + ", eventuell feilmelding: " + textStatus);
+            }
         }
     });
 }
-- 
GitLab