From bc2b13409334d50775072da0ef57f8e7b77a59a4 Mon Sep 17 00:00:00 2001
From: Alex Dryden <adryden3@illinois.edu>
Date: Thu, 12 Dec 2024 10:23:18 -0500
Subject: [PATCH 1/2] fix: Display error message

---
 .../application/views/arbors/html5_RDFa/js/form-validation.js   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/application/views/arbors/html5_RDFa/js/form-validation.js b/system/application/views/arbors/html5_RDFa/js/form-validation.js
index ddb331171..3e8ea0abc 100644
--- a/system/application/views/arbors/html5_RDFa/js/form-validation.js
+++ b/system/application/views/arbors/html5_RDFa/js/form-validation.js
@@ -298,7 +298,7 @@ function send_form($form, additional_values, success, redirect_url) {
 	}
 
 	var error = function(message) {
-		alert('Something went wrong while attempting to save: '+message);
+		alert('Something went wrong while attempting to save: '+message.responseJSON.error.message[0].value);
 		send_form_hide_loading();
 	}
 

From 871e7c80cf5b0cd43e3ef8e7d6de13f4e3c5097d Mon Sep 17 00:00:00 2001
From: Alex Dryden <adryden3@illinois.edu>
Date: Thu, 12 Dec 2024 10:24:04 -0500
Subject: [PATCH 2/2] fix: Allow super admin to modify any book.

Currently the error message "You do not have permission to modify
this book" only shows up for admins.
---
 system/application/controllers/api.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/system/application/controllers/api.php b/system/application/controllers/api.php
index 0df477fe6..37648a768 100755
--- a/system/application/controllers/api.php
+++ b/system/application/controllers/api.php
@@ -108,8 +108,7 @@ public function __construct(){
  		//Session login first
  		if ($this->data['native']===true || $this->data['native']==='true'){
  			$this->user = $this->api_users->do_session_login($this->data['book']->book_id);
- 			if (!$this->user && $this->api_users->is_super()) $this->_output_error(StatusCodes::HTTP_UNAUTHORIZED, 'You do not have permission to modify this book');
- 			if (!$this->user) $this->_output_error(StatusCodes::HTTP_UNAUTHORIZED, 'You are not logged in');
+ 			if (!$this->user && !$this->api_users->is_super()) $this->_output_error(StatusCodes::HTTP_UNAUTHORIZED, 'You are not logged in or do not have permission to modify this book');
  		// API key login
  		} else if (!$this->user = $this->api_users->do_login($this->data['email'], $this->data['api_key'], $this->data['host'], $this->data['book']->book_id)){
  			$this->_output_error(StatusCodes::HTTP_UNAUTHORIZED, 'Could not log in via API key');