From 9a9c021a6121cf2a2325e5df2bfe246aaab23a62 Mon Sep 17 00:00:00 2001
From: Lene Wasskog <lene.wasskog@nibio.no>
Date: Tue, 13 May 2025 12:53:45 +0200
Subject: [PATCH] feat: Fix errors related to user role checks
---
.../ObservationTimeSeriesController.java | 6 ++++++
.../templates/observationTimeSeriesForm.ftl | 19 +++++++------------
.../templates/observationTimeSeriesList.ftl | 2 +-
3 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/src/main/java/no/nibio/vips/logic/controller/servlet/ObservationTimeSeriesController.java b/src/main/java/no/nibio/vips/logic/controller/servlet/ObservationTimeSeriesController.java
index 12d231bb..bf6f5ef5 100644
--- a/src/main/java/no/nibio/vips/logic/controller/servlet/ObservationTimeSeriesController.java
+++ b/src/main/java/no/nibio/vips/logic/controller/servlet/ObservationTimeSeriesController.java
@@ -97,6 +97,9 @@ public class ObservationTimeSeriesController extends HttpServlet {
.setParameter("observationTimeSeries", observationTimeSeries).getSingleResult();
observationCounts.put(String.valueOf(observationTimeSeries.getObservationTimeSeriesId()), count);
}
+ request.setAttribute("userIsObservationAuthority",
+ userBean.authorizeUser(user, VipsLogicRole.OBSERVATION_AUTHORITY,
+ VipsLogicRole.ORGANIZATION_ADMINISTRATOR, VipsLogicRole.SUPERUSER));
request.setAttribute("observationCounts", observationCounts);
request.getRequestDispatcher("/observationTimeSeriesList.ftl").forward(request, response);
return;
@@ -118,6 +121,9 @@ public class ObservationTimeSeriesController extends HttpServlet {
request.setAttribute("observationTimeSeries", observationTimeSeries);
request.setAttribute("isEditable", observationCount == 0);
+ request.setAttribute("userIsObservationAuthority",
+ userBean.authorizeUser(user, VipsLogicRole.OBSERVATION_AUTHORITY,
+ VipsLogicRole.ORGANIZATION_ADMINISTRATOR, VipsLogicRole.SUPERUSER));
buildFormRequest(request, user, observationTimeSeries);
request.setAttribute("observations",
observationBean.getObservationsForTimeSeries(observationTimeSeries));
diff --git a/src/main/webapp/templates/observationTimeSeriesForm.ftl b/src/main/webapp/templates/observationTimeSeriesForm.ftl
index 9d5794bc..b782178f 100644
--- a/src/main/webapp/templates/observationTimeSeriesForm.ftl
+++ b/src/main/webapp/templates/observationTimeSeriesForm.ftl
@@ -418,7 +418,7 @@
<input type="hidden" name="locationVisibility" value="${locationVisibilityFormValue}">
<#else>
<div class="form-group">
- <label for="cropCategoryId">${i18nBundle.listSelectedCropCategoryOnTop}</label>
+ <label for="cropCategoryIdList">${i18nBundle.listSelectedCropCategoryOnTop}</label>
<select class="form-control" id="cropCategoryIdList" name="cropCategoryId"
onchange="filterCrops(this.options[this.options.selectedIndex].value);">
<option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.cropCategory?lower_case}</option>
@@ -426,26 +426,21 @@
</select>
</div>
<div class="form-group">
- <label for="cropOrganismId">${i18nBundle.cropOrganismId}</label>
- <select class="form-control" id="cropOrganismIdList" name="cropOrganismId"
- <#if observationTimeSeries.observationTimeSeriesId?has_content && !user.isSuperUser() && !user.isOrganizationAdmin()>readonly="readonly" <#else> onblur="validateField(this);" onchange="updateCropPests();"</#if>>
- <#if !observationTimeSeries.observationTimeSeriesId?has_content || user.isSuperUser() || user.isOrganizationAdmin()>
+ <label for="cropOrganismIdList">${i18nBundle.cropOrganismId}</label>
+ <select class="form-control" id="cropOrganismIdList" name="cropOrganismId" onblur="validateField(this);" onchange="updateCropPests();">
+ <#if !observationTimeSeries.observationTimeSeriesId?has_content>
<option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.cropOrganismId?lower_case}</option>
- <option value="-10"
- <#if (observationTimeSeries.cropOrganism?has_content && observationTimeSeries.cropOrganism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
+ <option value="-10" <#if (observationTimeSeries.cropOrganism?has_content && observationTimeSeries.cropOrganism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
</#if>
</select>
<span class="help-block" id="${formId}_cropOrganismId_validation"></span>
</div>
<div class="form-group">
<label for="organismId">${i18nBundle.organism}</label>
- <select class="form-control" id="organismId" name="organismId"
- <#if observationTimeSeries.organism?has_content && ! user.isSuperUser() && ! user.isOrganizationAdmin()>readonly="readonly"
- onblur="validateField(this);"</#if>>
+ <select class="form-control" id="organismId" name="organismId" onblur="validateField(this);">
<#if !observationTimeSeries.organism?has_content>
<option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.organism?lower_case}</option>
- <option value="-10"
- <#if (observationTimeSeries.organism?has_content && observationTimeSeries.organism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
+ <option value="-10" <#if (observationTimeSeries.organism?has_content && observationTimeSeries.organism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
<#list allPests as organism>
<option value="${organism.organismId}">${organism.getLocalName(currentLocale.language)!""} (${organism.latinName!""}) ${hierarchyCategories.getName(organism.hierarchyCategoryId)?upper_case}</option>
</#list>
diff --git a/src/main/webapp/templates/observationTimeSeriesList.ftl b/src/main/webapp/templates/observationTimeSeriesList.ftl
index 6a496e8a..caaa4e25 100644
--- a/src/main/webapp/templates/observationTimeSeriesList.ftl
+++ b/src/main/webapp/templates/observationTimeSeriesList.ftl
@@ -42,7 +42,7 @@
<td><#if timeSeries.locationPointOfInterest?has_content>${timeSeries.locationPointOfInterest.name!""}</#if></td>
<td><#if timeSeries.user?has_content>${timeSeries.user.firstName!""} ${timeSeries.user.lastName!""}</#if></td>
<td>${observationCounts[timeSeries.observationTimeSeriesId?string]}</td>
- <td><#if user.isSuperUser() || user.isOrganizationAdmin() || userIsObservationAuthority || observation.userId == user.userId>
+ <td><#if userIsObservationAuthority || timeSeries.userId == user.userId>
<a
href="/observationTimeSeries?action=editObservationTimeSeriesForm&observationTimeSeriesId=${timeSeries.observationTimeSeriesId}"
class="btn btn-default" role="button">${i18nBundle.edit}</a></#if></td>
--
GitLab