feat: Fix errors related to user role checks

9a9c021a · Lene Wasskog · 1a0c2235 · 9a9c021a · 9a9c021a · 9a9c021a
Commit 9a9c021a authored 2 months ago by Lene Wasskog
--- a/src/main/java/no/nibio/vips/logic/controller/servlet/ObservationTimeSeriesController.java
+++ b/src/main/java/no/nibio/vips/logic/controller/servlet/ObservationTimeSeriesController.java
@@ -97,6 +97,9 @@ public class ObservationTimeSeriesController extends HttpServlet {
                        .setParameter("observationTimeSeries", observationTimeSeries).getSingleResult();
                    observationCounts.put(String.valueOf(observationTimeSeries.getObservationTimeSeriesId()), count);
                }
+                request.setAttribute("userIsObservationAuthority",
+                    userBean.authorizeUser(user, VipsLogicRole.OBSERVATION_AUTHORITY,
+                        VipsLogicRole.ORGANIZATION_ADMINISTRATOR, VipsLogicRole.SUPERUSER));
                request.setAttribute("observationCounts", observationCounts);
                request.getRequestDispatcher("/observationTimeSeriesList.ftl").forward(request, response);
                return;
@@ -118,6 +121,9 @@ public class ObservationTimeSeriesController extends HttpServlet {

                request.setAttribute("observationTimeSeries", observationTimeSeries);
                request.setAttribute("isEditable", observationCount == 0);
+                request.setAttribute("userIsObservationAuthority",
+                    userBean.authorizeUser(user, VipsLogicRole.OBSERVATION_AUTHORITY,
+                        VipsLogicRole.ORGANIZATION_ADMINISTRATOR, VipsLogicRole.SUPERUSER));
                buildFormRequest(request, user, observationTimeSeries);
                request.setAttribute("observations",
                    observationBean.getObservationsForTimeSeries(observationTimeSeries));

--- a/src/main/webapp/templates/observationTimeSeriesForm.ftl
+++ b/src/main/webapp/templates/observationTimeSeriesForm.ftl
@@ -418,7 +418,7 @@
                    <input type="hidden" name="locationVisibility" value="${locationVisibilityFormValue}">
                <#else>
                    <div class="form-group">
-                        <label for="cropCategoryId">${i18nBundle.listSelectedCropCategoryOnTop}</label>
+                        <label for="cropCategoryIdList">${i18nBundle.listSelectedCropCategoryOnTop}</label>
                        <select class="form-control" id="cropCategoryIdList" name="cropCategoryId"
                                onchange="filterCrops(this.options[this.options.selectedIndex].value);">
                            <option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.cropCategory?lower_case}</option>
@@ -426,26 +426,21 @@
                        </select>
                    </div>
                    <div class="form-group">
-                        <label for="cropOrganismId">${i18nBundle.cropOrganismId}</label>
-                        <select class="form-control" id="cropOrganismIdList" name="cropOrganismId"
-                                <#if observationTimeSeries.observationTimeSeriesId?has_content && !user.isSuperUser() && !user.isOrganizationAdmin()>readonly="readonly" <#else> onblur="validateField(this);" onchange="updateCropPests();"</#if>>
-                            <#if !observationTimeSeries.observationTimeSeriesId?has_content || user.isSuperUser() || user.isOrganizationAdmin()>
+                        <label for="cropOrganismIdList">${i18nBundle.cropOrganismId}</label>
+                        <select class="form-control" id="cropOrganismIdList" name="cropOrganismId" onblur="validateField(this);" onchange="updateCropPests();">
+                            <#if !observationTimeSeries.observationTimeSeriesId?has_content>
                                <option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.cropOrganismId?lower_case}</option>
-                                <option value="-10"
-                                        <#if (observationTimeSeries.cropOrganism?has_content && observationTimeSeries.cropOrganism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
+                                <option value="-10" <#if (observationTimeSeries.cropOrganism?has_content && observationTimeSeries.cropOrganism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
                            </#if>
                        </select>
                        <span class="help-block" id="${formId}_cropOrganismId_validation"></span>
                    </div>
                    <div class="form-group">
                        <label for="organismId">${i18nBundle.organism}</label>
-                        <select class="form-control" id="organismId" name="organismId"
-                                <#if observationTimeSeries.organism?has_content && ! user.isSuperUser() && ! user.isOrganizationAdmin()>readonly="readonly"
-                                onblur="validateField(this);"</#if>>
+                        <select class="form-control" id="organismId" name="organismId" onblur="validateField(this);">
                            <#if !observationTimeSeries.organism?has_content>
                                <option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.organism?lower_case}</option>
-                                <option value="-10"
-                                        <#if (observationTimeSeries.organism?has_content && observationTimeSeries.organism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
+                                <option value="-10" <#if (observationTimeSeries.organism?has_content && observationTimeSeries.organism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
                                <#list allPests as organism>
                                    <option value="${organism.organismId}">${organism.getLocalName(currentLocale.language)!""} (${organism.latinName!""}) ${hierarchyCategories.getName(organism.hierarchyCategoryId)?upper_case}</option>
                                </#list>

--- a/src/main/webapp/templates/observationTimeSeriesList.ftl
+++ b/src/main/webapp/templates/observationTimeSeriesList.ftl
@@ -42,7 +42,7 @@
                        <td><#if timeSeries.locationPointOfInterest?has_content>${timeSeries.locationPointOfInterest.name!""}</#if></td>
                        <td><#if timeSeries.user?has_content>${timeSeries.user.firstName!""} ${timeSeries.user.lastName!""}</#if></td>
                        <td>${observationCounts[timeSeries.observationTimeSeriesId?string]}</td>
-                        <td><#if user.isSuperUser() || user.isOrganizationAdmin() || userIsObservationAuthority || observation.userId == user.userId>
+                        <td><#if userIsObservationAuthority || timeSeries.userId == user.userId>
                                <a
                                href="/observationTimeSeries?action=editObservationTimeSeriesForm&observationTimeSeriesId=${timeSeries.observationTimeSeriesId}"
                                class="btn btn-default" role="button">${i18nBundle.edit}</a></#if></td>