When PUTing an update to a plot/tree the values are being passed for fields that the user does not have permission to update

[jwalgran]

The dictionary that is PUT to the plot update API should be stripped of any fields that the user does not have permission to edit. This would avoid edit saving failures due to an AuthorizeException being raised.

This may be the root cause #218

[maurizi]

I would think this is a server-side issue. If the fields are not changed, it shouldn't trigger an AuthorizeException if those fields are present.

[jwalgran]

The server-side does handle "diffing" to find only the changed values. The actual issue may be that the application is inadvertently passing a changed value when it should not be.

We are specifically seeing AuthorizeException: Can't edit field readonly on Plot in the logs. I suspect that PUTing null instead of the the current field value may be the problem.

[jwalgran]

I have not recreated this in development yet, but this it my current understanding of what is happening:

Booleans in iOS are NSNumbers. When we get tree/plot data as JSON from the server, the boolean value of readonly is deserialized as an NSNumber with the value 0 or 1. When the app serializes the data and sends it back, it is 0/1 instead of false/true, which the server interprets as an attempt to change the field value.

[RickMohr]

@jwalgran wrote in Slack:
If you log into the iOS app as a “Public” user on the Carson City map, “Edit” a tree, and then “Save” without actually changing anything it will trigger this error, whether or not you select a photo.

[RickMohr]

I'm seeing False passed correctly for the readonly field.
For me it's failing with "AuthorizeException: Can't edit field geom on Plot" because the coordinates differ in the 9th decimal place.

[jwalgran]

I do think I was mistaken about serialization being the source of the issue, but there are errors related to the readonly field that I triggered and were logged to Rollbar. It may be the case where multiple fields are triggering the issue, but only one is reported.

Making a copy of the data dictionary that only includes editable fields and PUTing that to the API is an option.