From: Tara L Andrews Date: Fri, 31 Aug 2012 22:04:01 +0000 (+0200) Subject: another ACL logic fix X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=080f8a02e4af4c545e8ecff2166931e31b687683;p=scpubgit%2Fstemmaweb.git another ACL logic fix --- diff --git a/lib/stemmaweb/Controller/Relation.pm b/lib/stemmaweb/Controller/Relation.pm index 961cfa1..357b9ca 100644 --- a/lib/stemmaweb/Controller/Relation.pm +++ b/lib/stemmaweb/Controller/Relation.pm @@ -383,16 +383,17 @@ sub _check_permission { $c->stash->{'permission'} = 'full' if( $user->is_admin || $tradition->user->id eq $user->id ); return 1; - } elsif( $tradition->public ) { + } + # Is it public? + if( $tradition->public ) { $c->stash->{'permission'} = 'readonly'; return 1; - } else { - # Forbidden! - $c->response->status( 403 ); - $c->response->body( 'You do not have permission to view this tradition.' ); - $c->detach( 'View::Plain' ); - return 0; - } + } + # Forbidden! + $c->response->status( 403 ); + $c->response->body( 'You do not have permission to view this tradition.' ); + $c->detach( 'View::Plain' ); + return 0; } sub _clean_booleans { diff --git a/lib/stemmaweb/Controller/Root.pm b/lib/stemmaweb/Controller/Root.pm index 7e9ff2b..3ff836f 100644 --- a/lib/stemmaweb/Controller/Root.pm +++ b/lib/stemmaweb/Controller/Root.pm @@ -291,10 +291,11 @@ sub _check_permission { if( $user ) { return 'full' if ( $user->is_admin || ( $tradition->has_user && $tradition->user->id eq $user->id ) ); - } elsif( $tradition->public ) { - return 'readonly'; - } - # else Forbidden! + } + # Text doesn't belong to us, so maybe it's public? + return 'readonly' if $tradition->public; + + # ...nope. Forbidden! $c->response->status( 403 ); $c->response->body( 'You do not have permission to view this tradition.' ); $c->detach( 'View::Plain' ); diff --git a/lib/stemmaweb/Controller/Stexaminer.pm b/lib/stemmaweb/Controller/Stexaminer.pm index d40ecbc..86020a1 100644 --- a/lib/stemmaweb/Controller/Stexaminer.pm +++ b/lib/stemmaweb/Controller/Stexaminer.pm @@ -104,16 +104,17 @@ sub _check_permission { $c->stash->{'permission'} = 'full' if( $user->is_admin || $tradition->user->id eq $user->id ); return 1; - } elsif( $tradition->public ) { + } + # Is it public? + if( $tradition->public ) { $c->stash->{'permission'} = 'readonly'; return 1; - } else { - # Forbidden! - $c->response->status( 403 ); - $c->response->body( 'You do not have permission to view this tradition.' ); - $c->detach( 'View::Plain' ); - return 0; - } + } + # Forbidden! + $c->response->status( 403 ); + $c->response->body( 'You do not have permission to view this tradition.' ); + $c->detach( 'View::Plain' ); + return 0; } =head2 graphsvg