activate user control for stexaminer and root page

diff --git a/lib/stemmaweb/Controller/Stexaminer.pm b/lib/stemmaweb/Controller/Stexaminer.pm
index 16c515f..72f8fc8 100644 (file)
--- a/lib/stemmaweb/Controller/Stexaminer.pm
+++ b/lib/stemmaweb/Controller/Stexaminer.pm
@@ -33,6 +33,8 @@ sub index :Path :Args(1) {
     my( $self, $c, $textid ) = @_;
     my $m = $c->model('Directory');
        my $tradition = $m->tradition( $textid );
+       my $ok = _check_permission( $c, $tradition );
+       return unless $ok;
        if( $tradition->stemma_count ) {
                my $stemma = $tradition->stemma(0);
                $c->stash->{svg} = $stemma->as_svg( { size => [ 600, 350 ] } );
@@ -92,6 +94,25 @@ sub _stringify_element {
        }
 }
 
+sub _check_permission {
+       my( $c, $tradition ) = @_;
+    my $user = $c->user_exists ? $c->user->get_object : undef;
+    if( $user ) {
+       $c->stash->{'permission'} = 'full'
+               if( $user->is_admin || $tradition->user->id eq $user->id );
+       return 1;
+    } elsif( $tradition->public ) {
+       $c->stash->{'permission'} = 'readonly';
+       return 1;
+    } else {
+       # Forbidden!
+       $c->response->status( 403 );
+       $c->response->body( 'You do not have permission to view this tradition.' );
+       $c->detach( 'View::Plain' );
+       return 0;
+    }
+}
+
 =head2 graphsvg
 
   POST stexaminer/graphsvg