From: Tara L Andrews <tla@mit.edu>
Date: Fri, 31 Aug 2012 22:04:01 +0000 (+0200)
Subject: another ACL logic fix
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=080f8a02e4af4c545e8ecff2166931e31b687683;p=scpubgit%2Fstemmaweb.git

another ACL logic fix
---

diff --git a/lib/stemmaweb/Controller/Relation.pm b/lib/stemmaweb/Controller/Relation.pm
index 961cfa1..357b9ca 100644
--- a/lib/stemmaweb/Controller/Relation.pm
+++ b/lib/stemmaweb/Controller/Relation.pm
@@ -383,16 +383,17 @@ sub _check_permission {
     	$c->stash->{'permission'} = 'full'
     		if( $user->is_admin || $tradition->user->id eq $user->id );
     	return 1;
-    } elsif( $tradition->public ) {
+    } 
+    # Is it public?
+    if( $tradition->public ) {
     	$c->stash->{'permission'} = 'readonly';
     	return 1;
-    } else {
-    	# Forbidden!
-    	$c->response->status( 403 );
-    	$c->response->body( 'You do not have permission to view this tradition.' );
-    	$c->detach( 'View::Plain' );
-    	return 0;
-    }
+    } 
+	# Forbidden!
+	$c->response->status( 403 );
+	$c->response->body( 'You do not have permission to view this tradition.' );
+	$c->detach( 'View::Plain' );
+	return 0;
 }
 
 sub _clean_booleans {
diff --git a/lib/stemmaweb/Controller/Root.pm b/lib/stemmaweb/Controller/Root.pm
index 7e9ff2b..3ff836f 100644
--- a/lib/stemmaweb/Controller/Root.pm
+++ b/lib/stemmaweb/Controller/Root.pm
@@ -291,10 +291,11 @@ sub _check_permission {
     if( $user ) {
     	return 'full' if ( $user->is_admin || 
     		( $tradition->has_user && $tradition->user->id eq $user->id ) );
-    } elsif( $tradition->public ) {
-    	return 'readonly';
-    } 
-	# else Forbidden!
+    }
+	# Text doesn't belong to us, so maybe it's public?
+	return 'readonly' if $tradition->public;
+
+	# ...nope. Forbidden!
 	$c->response->status( 403 );
 	$c->response->body( 'You do not have permission to view this tradition.' );
 	$c->detach( 'View::Plain' );
diff --git a/lib/stemmaweb/Controller/Stexaminer.pm b/lib/stemmaweb/Controller/Stexaminer.pm
index d40ecbc..86020a1 100644
--- a/lib/stemmaweb/Controller/Stexaminer.pm
+++ b/lib/stemmaweb/Controller/Stexaminer.pm
@@ -104,16 +104,17 @@ sub _check_permission {
     	$c->stash->{'permission'} = 'full'
     		if( $user->is_admin || $tradition->user->id eq $user->id );
     	return 1;
-    } elsif( $tradition->public ) {
+    } 
+    # Is it public?
+    if( $tradition->public ) {
     	$c->stash->{'permission'} = 'readonly';
     	return 1;
-    } else {
-    	# Forbidden!
-    	$c->response->status( 403 );
-    	$c->response->body( 'You do not have permission to view this tradition.' );
-    	$c->detach( 'View::Plain' );
-    	return 0;
-    }
+    } 
+	# Forbidden!
+	$c->response->status( 403 );
+	$c->response->body( 'You do not have permission to view this tradition.' );
+	$c->detach( 'View::Plain' );
+	return 0;
 }
 
 =head2 graphsvg