$tradition->collation->_set_tradition( $tradition );
$c->model('Directory')->save( $tradition );
}
+ # Check permissions. Will return 403 if denied, otherwise will
+ # put the appropriate value in the stash.
+ my $ok = _check_permission( $c, $tradition );
+ return unless $ok;
+
# See how big the tradition is. Edges are more important than nodes
# when it comes to rendering difficulty.
my $numnodes = scalar $tradition->collation->readings;
$c->stash->{'startseg'} = $startseg if defined $startseg;
$c->stash->{'svg_string'} = $svg_str;
$c->stash->{'text_title'} = $tradition->name;
- $c->stash->{'text_lang'} = $tradition->language;
+ if( $tradition->can('language') ) {
+ $c->stash->{'text_lang'} = $tradition->language;
+ $c->stash->{'can_morphologize'} = 1;
+ } else {
+ $c->stash->{'text_lang'} = 'Default';
+ }
$c->stash->{'template'} = 'relate.tt';
}
sub relationships :Chained('text') :PathPart :Args(0) {
my( $self, $c ) = @_;
my $tradition = delete $c->stash->{'tradition'};
+ my $ok = _check_permission( $c, $tradition );
+ return unless $ok;
my $collation = $tradition->collation;
my $m = $c->model('Directory');
if( $c->request->method eq 'GET' ) {
push( @all_relations, $relhash );
}
$c->stash->{'result'} = \@all_relations;
- } elsif( $c->request->method eq 'POST' ) {
- my $node = $c->request->param('source_id');
- my $target = $c->request->param('target_id');
- my $relation = $c->request->param('rel_type');
- my $note = $c->request->param('note');
- my $scope = $c->request->param('scope');
-
- my $opts = { 'type' => $relation,
- 'scope' => $scope };
- $opts->{'annotation'} = $note if $note;
-
- try {
- my @vectors = $collation->add_relationship( $node, $target, $opts );
- $c->stash->{'result'} = \@vectors;
- $m->save( $tradition );
- } catch( Text::Tradition::Error $e ) {
+ } else {
+ # Check write permissions first of all
+ if( $c->stash->{'permission'} ne 'full' ) {
$c->response->status( '403' );
- $c->stash->{'result'} = { 'error' => $e->message };
+ $c->stash->{'result'} = {
+ 'error' => 'You do not have permission to view this tradition.' };
+ } elsif( $c->request->method eq 'POST' ) {
+ unless( $c->stash->{'permission'} eq 'full' ) {
+ $c->response->status( '403' );
+ $c->stash->{'result'} = {
+ 'error' => 'You do not have permission to view this tradition.' };
+ $c->detach( 'View::JSON' );
+ }
+ my $node = $c->request->param('source_id');
+ my $target = $c->request->param('target_id');
+ my $relation = $c->request->param('rel_type');
+ my $note = $c->request->param('note');
+ my $scope = $c->request->param('scope');
+
+ my $opts = { 'type' => $relation,
+ 'scope' => $scope };
+ $opts->{'annotation'} = $note if $note;
+
+ try {
+ my @vectors = $collation->add_relationship( $node, $target, $opts );
+ $c->stash->{'result'} = \@vectors;
+ $m->save( $tradition );
+ } catch( Text::Tradition::Error $e ) {
+ $c->response->status( '403' );
+ $c->stash->{'result'} = { 'error' => $e->message };
+ }
+ } elsif( $c->request->method eq 'DELETE' ) {
+ my $node = $c->request->param('source_id');
+ my $target = $c->request->param('target_id');
+
+ try {
+ my @vectors = $collation->del_relationship( $node, $target );
+ $m->save( $tradition );
+ $c->stash->{'result'} = \@vectors;
+ } catch( Text::Tradition::Error $e ) {
+ $c->response->status( '403' );
+ $c->stash->{'result'} = { 'error' => $e->message };
+ }
}
- } elsif( $c->request->method eq 'DELETE' ) {
- my $node = $c->request->param('source_id');
- my $target = $c->request->param('target_id');
-
- try {
- my @vectors = $collation->del_relationship( $node, $target );
- $m->save( $tradition );
- $c->stash->{'result'} = \@vectors;
- } catch( Text::Tradition::Error $e ) {
- $c->response->status( '403' );
- $c->stash->{'result'} = { 'error' => $e->message };
- }
}
$c->forward('View::JSON');
}
# Return a JSONable struct of the useful keys. Keys meant to be writable
# have a true value; read-only keys have a false value.
my $struct = {};
- map { $struct->{$_} = $reading->$_ } keys( %read_write_keys );
+ map { $struct->{$_} = $reading->$_ if $reading->can( $_ ) } keys( %read_write_keys );
# Special case
- $struct->{'lexemes'} = [ $reading->lexemes ];
+ $struct->{'lexemes'} = $reading->can( 'lexemes' ) ? [ $reading->lexemes ] : [];
# Look up any words related via spelling or orthography
my $sameword = sub {
my $t = $_[0]->type;
sub readings :Chained('text') :PathPart :Args(0) {
my( $self, $c ) = @_;
my $tradition = delete $c->stash->{'tradition'};
+ my $ok = _check_permission( $c, $tradition );
+ return unless $ok;
my $collation = $tradition->collation;
my $m = $c->model('Directory');
if( $c->request->method eq 'GET' ) {
$c->stash->{'result'} = $rdg ? _reading_struct( $rdg )
: { 'error' => "No reading with ID $reading_id" };
} elsif ( $c->request->method eq 'POST' ) {
+ if( $c->stash->{'permission'} ne 'full' ) {
+ $c->response->status( '403' );
+ $c->stash->{'result'} = {
+ 'error' => 'You do not have permission to view this tradition.' };
+ $c->detach('View::JSON');
+ return;
+ }
my $errmsg;
- # Are we re-lemmatizing?
- if( $c->request->param('relemmatize') ) {
- my $nf = $c->request->param('normal_form');
- # TODO throw error unless $nf
- $rdg->normal_form( $nf );
- # TODO throw error if lemmatization fails
- # TODO skip this if normal form hasn't changed
- $rdg->lemmatize();
- } else {
- # Set all the values that we have for the reading.
- # TODO error handling
- foreach my $p ( keys %{$c->request->params} ) {
- if( $p =~ /^morphology_(\d+)$/ ) {
- # Set the form on the correct lexeme
- my $midx = $1;
- $c->log->debug( "Fetching lexeme $midx" );
- my $lx = $rdg->lexeme( $midx );
- my $strrep = $rdg->language . ' // '
- . $c->request->param( $p );
- my $idx = $lx->has_form( $strrep );
- unless( defined $idx ) {
- # Make the word form and add it to the lexeme.
- $c->log->debug("Adding new form for $strrep");
- try {
- $idx = $lx->add_matching_form( $strrep ) - 1;
- } catch( Text::Tradition::Error $e ) {
- $c->response->status( '403' );
- $errmsg = $e->message;
+ if( $rdg && $rdg->does('Text::Tradition::Morphology') ) {
+ # Are we re-lemmatizing?
+ if( $c->request->param('relemmatize') ) {
+ my $nf = $c->request->param('normal_form');
+ # TODO throw error unless $nf
+ $rdg->normal_form( $nf );
+ # TODO throw error if lemmatization fails
+ # TODO skip this if normal form hasn't changed
+ $rdg->lemmatize();
+ } else {
+ # Set all the values that we have for the reading.
+ # TODO error handling
+ foreach my $p ( keys %{$c->request->params} ) {
+ if( $p =~ /^morphology_(\d+)$/ ) {
+ # Set the form on the correct lexeme
+ my $morphval = $c->request->param( $p );
+ next unless $morphval;
+ my $midx = $1;
+ my $lx = $rdg->lexeme( $midx );
+ my $strrep = $rdg->language . ' // ' . $morphval;
+ my $idx = $lx->has_form( $strrep );
+ unless( defined $idx ) {
+ # Make the word form and add it to the lexeme.
+ try {
+ $idx = $lx->add_matching_form( $strrep ) - 1;
+ } catch( Text::Tradition::Error $e ) {
+ $c->response->status( '403' );
+ $errmsg = $e->message;
+ } catch {
+ # Something else went wrong, probably a Moose error
+ $c->response->status( '403' );
+ $errmsg = 'Something went wrong with the request';
+ }
}
+ $lx->disambiguate( $idx ) if defined $idx;
+ } elsif( $read_write_keys{$p} ) {
+ my $val = _clean_booleans( $rdg, $p, $c->request->param( $p ) );
+ $rdg->$p( $val );
}
- $lx->disambiguate( $idx ) if defined $idx;
- } elsif( $read_write_keys{$p} ) {
- my $val = _clean_booleans( $rdg, $p, $c->request->param( $p ) );
- $rdg->$p( $val );
- }
- }
+ }
+ }
+ $m->save( $rdg );
+ } else {
+ $errmsg = "Reading does not exist or cannot be morphologized";
}
- $m->save( $tradition );
$c->stash->{'result'} = $errmsg ? { 'error' => $errmsg }
: _reading_struct( $rdg );
}
+sub _check_permission {
+ my( $c, $tradition ) = @_;
+ my $user = $c->user_exists ? $c->user->get_object : undef;
+ # Does this user have access?
+ if( $user ) {
+ if( $user->is_admin ||
+ ( $tradition->has_user && $tradition->user->id eq $user->id ) ) {
+ $c->stash->{'permission'} = 'full';
+ return 1;
+ }
+ }
+ # Is it public?
+ if( $tradition->public ) {
+ $c->stash->{'permission'} = 'readonly';
+ return 1;
+ }
+ # Forbidden!
+ $c->response->status( 403 );
+ $c->response->body( 'You do not have permission to view this tradition.' );
+ $c->detach( 'View::Plain' );
+ return 0;
+}
+
sub _clean_booleans {
my( $rdg, $param, $val ) = @_;
if( $rdg->meta->get_attribute( $param )->type_constraint->name eq 'Bool' ) {