diff --git a/mobile/src/ARViewer/ARViewer.js b/mobile/src/ARViewer/ARViewer.js
index 3080cbb..ada58b5 100644
--- a/mobile/src/ARViewer/ARViewer.js
+++ b/mobile/src/ARViewer/ARViewer.js
@@ -105,8 +105,6 @@ class WorkItemSceneAR extends React.Component {
             position: hitResultPosition || defaultPosition,
           })
 
-          console.log(hitResultPosition || defaultPosition)
-
           setTimeout(() => {
             this.updateInitialRotation()
           }, 200)
diff --git a/mobile/src/Activity/Activity.js b/mobile/src/Activity/Activity.js
index 86c2124..d03fee7 100644
--- a/mobile/src/Activity/Activity.js
+++ b/mobile/src/Activity/Activity.js
@@ -294,7 +294,12 @@ export class Activity extends React.Component {
         />
         <ScrollView style={styles.container}>
           <View style={styles.panel}>
-            <BoundInput binder={binder} name="resolution" label="Resolution:" />
+            <BoundInput
+              binder={binder}
+              name="resolution"
+              label="Resolution:"
+              message="You must supply a resolution for the activity"
+            />
           </View>
           <View style={styles.panel}>
             <BoundOptionStrip
@@ -307,10 +312,16 @@ export class Activity extends React.Component {
               ]}
               label="Status:"
               name="status"
+              message="You must supply a status for the activity"
             />
           </View>
           <View style={styles.panel}>
-            <BoundInput binder={binder} name="notes" label="Notes:" />
+            <BoundInput
+              binder={binder}
+              name="notes"
+              label="Notes:"
+              message="You must supply notes for the activity"
+            />
           </View>
           <View style={styles.panel}>
             <FormStaticInput label="Date &amp; Time:" value={dateTime} />
diff --git a/mobile/src/WorkItem/WorkItem.js b/mobile/src/WorkItem/WorkItem.js
index dbc267a..f58f508 100644
--- a/mobile/src/WorkItem/WorkItem.js
+++ b/mobile/src/WorkItem/WorkItem.js
@@ -209,6 +209,11 @@ export class WorkItem extends React.Component {
   }
 
   handleRegionChange(region) {
+    if (!this.isMapReady) {
+      // On iOS we get this after setting the initial region, before the map declared as ready!
+      return
+    }
+
     const { latitude, longitude } = region
 
     this.region = region
diff --git a/server/nginx.conf b/server/nginx.conf
index 22c86d1..bbf1b79 100644
--- a/server/nginx.conf
+++ b/server/nginx.conf
@@ -12,7 +12,7 @@ server {
 
   # Any route that starts with /api/ is for the backend
   location /api/ {
-    error_page 502 503 $scheme://$server_name/500.json;
+    error_page 502 503 504 $scheme://$server_name/500.json;
 
     proxy_pass http://127.0.0.1:3006/;
     proxy_buffering off;
diff --git a/server/src/api/routes/ActivityRoutes.js b/server/src/api/routes/ActivityRoutes.js
index c59d520..1a89289 100644
--- a/server/src/api/routes/ActivityRoutes.js
+++ b/server/src/api/routes/ActivityRoutes.js
@@ -6,7 +6,11 @@ import { catchAll, TeamRoutes, BaseRoutes } from "."
 @autobind
 export class ActivityRoutes extends BaseRoutes {
   constructor(container) {
-    super(container, container.db.Activity)
+    super({
+      container,
+      model: container.db.Activity,
+      nonAdmin: { listItems: true, createItem: true, getItem: true },
+    })
 
     const app = container.app
 
@@ -19,6 +23,12 @@ export class ActivityRoutes extends BaseRoutes {
   }
 
   async deleteAllActivities(req, res, next) {
+    const isAdmin = !!req.user.administrator
+
+    if (!isAdmin) {
+      throw createError.Forbidden()
+    }
+
     const Activity = this.db.Activity
     const Team = this.db.Team
 
diff --git a/server/src/api/routes/BaseRoutes.js b/server/src/api/routes/BaseRoutes.js
index c4779bf..4e7a465 100644
--- a/server/src/api/routes/BaseRoutes.js
+++ b/server/src/api/routes/BaseRoutes.js
@@ -3,14 +3,23 @@ import createError from "http-errors"
 import autobind from "autobind-decorator"
 import { catchAll } from "."
 
+// The list of functions you can list in options.nonAdmin is:
+//
+// listItems
+// createItem
+// updateItem
+// getItem
+// deleteItem
+
 @autobind
 export class BaseRoutes {
-  constructor(container, model) {
-    this.model = model
+  constructor(options) {
+    const { container } = options
+    this.options = options
     this.log = container.log
     this.db = container.db
 
-    const basePath = "/" + model.collection.collectionName
+    const basePath = "/" + options.model.collection.collectionName
     const app = container.app
 
     app
@@ -41,7 +50,13 @@ export class BaseRoutes {
   }
 
   async listItems(req, res, next) {
-    const ItemModel = this.model
+    const isAdmin = !!req.user.administrator
+
+    if (!this.options.nonAdmin.listItems && !isAdmin) {
+      throw createError.Forbidden()
+    }
+
+    const ItemModel = this.options.model
     const limit = req.query.limit || 20
     const skip = req.query.skip || 0
     const partial = !!req.query.partial
@@ -74,14 +89,14 @@ export class BaseRoutes {
     })
   }
 
-  async createItem(req, res, next) {
-    const isAdmin = req.user.administrator
+  async createItem(req, res) {
+    const isAdmin = !!req.user.administrator
 
-    if (!isAdmin) {
-      return new createError.Forbidden()
+    if (!this.options.nonAdmin.createItem && !isAdmin) {
+      throw createError.Forbidden()
     }
 
-    const ItemModel = this.model
+    const ItemModel = this.options.model
     let item = new ItemModel(req.body)
 
     const newItem = await item.save()
@@ -89,11 +104,11 @@ export class BaseRoutes {
     res.json(newItem.toClient())
   }
 
-  async updateItem(req, res, next) {
-    const isAdmin = req.user.administrator
+  async updateItem(req, res) {
+    const isAdmin = !!req.user.administrator
 
-    if (!isAdmin) {
-      return new createError.Forbidden()
+    if (!this.options.nonAdmin.updateItem && !isAdmin) {
+      throw createError.Forbidden()
     }
 
     // Do this here because Mongoose will add it automatically otherwise
@@ -101,11 +116,11 @@ export class BaseRoutes {
       throw createError.BadRequest("No _id given in body")
     }
 
-    let ItemModel = this.model
+    let ItemModel = this.options.model
     let item = await ItemModel.findById(req.body._id)
 
     if (!item) {
-      return next(createError.NotFound(`Item with _id ${_id} was not found`))
+      throw createError.NotFound(`Item with _id ${_id} was not found`)
     }
 
     item.merge(new ItemModel(req.body))
@@ -115,8 +130,14 @@ export class BaseRoutes {
     res.json(savedItem.toClient())
   }
 
-  async getItem(req, res, next) {
-    const ItemModel = this.model
+  async getItem(req, res) {
+    const isAdmin = !!req.user.administrator
+
+    if (!this.options.nonAdmin.getItem && !isAdmin) {
+      throw createError.Forbidden()
+    }
+
+    const ItemModel = this.options.model
     const _id = req.params._id
     const item = await ItemModel.findById(_id)
 
@@ -127,14 +148,14 @@ export class BaseRoutes {
     res.json(item.toClient())
   }
 
-  async deleteItem(req, res, next) {
-    const isAdmin = req.user.administrator
+  async deleteItem(req, res) {
+    const isAdmin = !!req.user.administrator
 
-    if (!isAdmin) {
-      return new createError.Forbidden()
+    if (!this.options.nonAdmin.deleteItem && !isAdmin) {
+      throw createError.Forbidden()
     }
 
-    const ItemModel = this.model
+    const ItemModel = this.options.model
     const _id = req.params._id
     const item = await ItemModel.remove({ _id })
 
diff --git a/server/src/api/routes/TeamRoutes.js b/server/src/api/routes/TeamRoutes.js
index 44508d2..b141300 100644
--- a/server/src/api/routes/TeamRoutes.js
+++ b/server/src/api/routes/TeamRoutes.js
@@ -8,7 +8,11 @@ import { catchAll, BaseRoutes } from "."
 @autobind
 export class TeamRoutes extends BaseRoutes {
   constructor(container) {
-    super(container, container.db.Team)
+    super({
+      container,
+      model: container.db.Team,
+      nonAdmin: { listItems: true, getItem: true },
+    })
 
     container.app
       .route("/teams/status")
@@ -19,6 +23,12 @@ export class TeamRoutes extends BaseRoutes {
   }
 
   async getTeamStatus(req, res, next) {
+    const isAdmin = !!req.user.administrator
+
+    if (!isAdmin) {
+      throw createError.Forbidden()
+    }
+
     const Team = this.db.Team
     const Activity = this.db.Activity
     let teams = await Team.find({}).exec()
diff --git a/server/src/api/routes/WorkItemRoutes.js b/server/src/api/routes/WorkItemRoutes.js
index 18d9f1c..bd73a49 100644
--- a/server/src/api/routes/WorkItemRoutes.js
+++ b/server/src/api/routes/WorkItemRoutes.js
@@ -7,7 +7,11 @@ import { catchAll, BaseRoutes } from "."
 @autobind
 export class WorkItemRoutes extends BaseRoutes {
   constructor(container) {
-    super(container, container.db.WorkItem)
+    super({
+      container,
+      model: container.db.WorkItem,
+      nonAdmin: { listItems: true, getItem: true },
+    })
     const app = container.app
 
     app
@@ -63,6 +67,12 @@ export class WorkItemRoutes extends BaseRoutes {
   }
 
   async deleteAllWorkItems(req, res, next) {
+    const isAdmin = !!req.user.administrator
+
+    if (!isAdmin) {
+      throw createError.Forbidden()
+    }
+
     const Activity = this.db.Activity
     const WorkItem = this.db.WorkItem
     const Team = this.db.Team