Skip to content
Snippets Groups Projects
Commit 9a9c021a authored by Lene Wasskog's avatar Lene Wasskog
Browse files

feat: Fix errors related to user role checks

parent 1a0c2235
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/main/java/no/nibio/vips/logic/controller/servlet/ObservationTimeSeriesController.java
+ 6
0
View file @ 9a9c021a
...@@ -97,6 +97,9 @@ public class ObservationTimeSeriesController extends HttpServlet { ...@@ -97,6 +97,9 @@ public class ObservationTimeSeriesController extends HttpServlet {
.setParameter("observationTimeSeries", observationTimeSeries).getSingleResult(); .setParameter("observationTimeSeries", observationTimeSeries).getSingleResult();
observationCounts.put(String.valueOf(observationTimeSeries.getObservationTimeSeriesId()), count); observationCounts.put(String.valueOf(observationTimeSeries.getObservationTimeSeriesId()), count);
} }
request.setAttribute("userIsObservationAuthority",
userBean.authorizeUser(user, VipsLogicRole.OBSERVATION_AUTHORITY,
VipsLogicRole.ORGANIZATION_ADMINISTRATOR, VipsLogicRole.SUPERUSER));
request.setAttribute("observationCounts", observationCounts); request.setAttribute("observationCounts", observationCounts);
request.getRequestDispatcher("/observationTimeSeriesList.ftl").forward(request, response); request.getRequestDispatcher("/observationTimeSeriesList.ftl").forward(request, response);
return; return;
...@@ -118,6 +121,9 @@ public class ObservationTimeSeriesController extends HttpServlet { ...@@ -118,6 +121,9 @@ public class ObservationTimeSeriesController extends HttpServlet {
request.setAttribute("observationTimeSeries", observationTimeSeries); request.setAttribute("observationTimeSeries", observationTimeSeries);
request.setAttribute("isEditable", observationCount == 0); request.setAttribute("isEditable", observationCount == 0);
request.setAttribute("userIsObservationAuthority",
userBean.authorizeUser(user, VipsLogicRole.OBSERVATION_AUTHORITY,
VipsLogicRole.ORGANIZATION_ADMINISTRATOR, VipsLogicRole.SUPERUSER));
buildFormRequest(request, user, observationTimeSeries); buildFormRequest(request, user, observationTimeSeries);
request.setAttribute("observations", request.setAttribute("observations",
observationBean.getObservationsForTimeSeries(observationTimeSeries)); observationBean.getObservationsForTimeSeries(observationTimeSeries));
......
src/main/webapp/templates/observationTimeSeriesForm.ftl
+ 7
12
View file @ 9a9c021a
...@@ -418,7 +418,7 @@ ...@@ -418,7 +418,7 @@
<input type="hidden" name="locationVisibility" value="${locationVisibilityFormValue}"> <input type="hidden" name="locationVisibility" value="${locationVisibilityFormValue}">
<#else> <#else>
<div class="form-group"> <div class="form-group">
<label for="cropCategoryId">${i18nBundle.listSelectedCropCategoryOnTop}</label> <label for="cropCategoryIdList">${i18nBundle.listSelectedCropCategoryOnTop}</label>
<select class="form-control" id="cropCategoryIdList" name="cropCategoryId" <select class="form-control" id="cropCategoryIdList" name="cropCategoryId"
onchange="filterCrops(this.options[this.options.selectedIndex].value);"> onchange="filterCrops(this.options[this.options.selectedIndex].value);">
<option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.cropCategory?lower_case}</option> <option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.cropCategory?lower_case}</option>
...@@ -426,26 +426,21 @@ ...@@ -426,26 +426,21 @@
</select> </select>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="cropOrganismId">${i18nBundle.cropOrganismId}</label> <label for="cropOrganismIdList">${i18nBundle.cropOrganismId}</label>
<select class="form-control" id="cropOrganismIdList" name="cropOrganismId" <select class="form-control" id="cropOrganismIdList" name="cropOrganismId" onblur="validateField(this);" onchange="updateCropPests();">
<#if observationTimeSeries.observationTimeSeriesId?has_content && !user.isSuperUser() && !user.isOrganizationAdmin()>readonly="readonly" <#else> onblur="validateField(this);" onchange="updateCropPests();"</#if>> <#if !observationTimeSeries.observationTimeSeriesId?has_content>
<#if !observationTimeSeries.observationTimeSeriesId?has_content || user.isSuperUser() || user.isOrganizationAdmin()>
<option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.cropOrganismId?lower_case}</option> <option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.cropOrganismId?lower_case}</option>
<option value="-10" <option value="-10" <#if (observationTimeSeries.cropOrganism?has_content && observationTimeSeries.cropOrganism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
<#if (observationTimeSeries.cropOrganism?has_content && observationTimeSeries.cropOrganism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
</#if> </#if>
</select> </select>
<span class="help-block" id="${formId}_cropOrganismId_validation"></span> <span class="help-block" id="${formId}_cropOrganismId_validation"></span>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="organismId">${i18nBundle.organism}</label> <label for="organismId">${i18nBundle.organism}</label>
<select class="form-control" id="organismId" name="organismId" <select class="form-control" id="organismId" name="organismId" onblur="validateField(this);">
<#if observationTimeSeries.organism?has_content && ! user.isSuperUser() && ! user.isOrganizationAdmin()>readonly="readonly"
onblur="validateField(this);"</#if>>
<#if !observationTimeSeries.organism?has_content> <#if !observationTimeSeries.organism?has_content>
<option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.organism?lower_case}</option> <option value="-1">${i18nBundle.pleaseSelect} ${i18nBundle.organism?lower_case}</option>
<option value="-10" <option value="-10" <#if (observationTimeSeries.organism?has_content && observationTimeSeries.organism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
<#if (observationTimeSeries.organism?has_content && observationTimeSeries.organism.organismId == -10)>selected="selected"</#if>>${i18nBundle.missingInDatabase}</option>
<#list allPests as organism> <#list allPests as organism>
<option value="${organism.organismId}">${organism.getLocalName(currentLocale.language)!""} (${organism.latinName!""}) ${hierarchyCategories.getName(organism.hierarchyCategoryId)?upper_case}</option> <option value="${organism.organismId}">${organism.getLocalName(currentLocale.language)!""} (${organism.latinName!""}) ${hierarchyCategories.getName(organism.hierarchyCategoryId)?upper_case}</option>
</#list> </#list>
......
src/main/webapp/templates/observationTimeSeriesList.ftl
+ 1
1
View file @ 9a9c021a
...@@ -42,7 +42,7 @@ ...@@ -42,7 +42,7 @@
<td><#if timeSeries.locationPointOfInterest?has_content>${timeSeries.locationPointOfInterest.name!""}</#if></td> <td><#if timeSeries.locationPointOfInterest?has_content>${timeSeries.locationPointOfInterest.name!""}</#if></td>
<td><#if timeSeries.user?has_content>${timeSeries.user.firstName!""} ${timeSeries.user.lastName!""}</#if></td> <td><#if timeSeries.user?has_content>${timeSeries.user.firstName!""} ${timeSeries.user.lastName!""}</#if></td>
<td>${observationCounts[timeSeries.observationTimeSeriesId?string]}</td> <td>${observationCounts[timeSeries.observationTimeSeriesId?string]}</td>
<td><#if user.isSuperUser() || user.isOrganizationAdmin() || userIsObservationAuthority || observation.userId == user.userId> <td><#if userIsObservationAuthority || timeSeries.userId == user.userId>
<a <a
href="/observationTimeSeries?action=editObservationTimeSeriesForm&observationTimeSeriesId=${timeSeries.observationTimeSeriesId}" href="/observationTimeSeries?action=editObservationTimeSeriesForm&observationTimeSeriesId=${timeSeries.observationTimeSeriesId}"
class="btn btn-default" role="button">${i18nBundle.edit}</a></#if></td> class="btn btn-default" role="button">${i18nBundle.edit}</a></#if></td>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment