From: Tara L Andrews Date: Fri, 31 Aug 2012 22:04:01 +0000 (+0200) Subject: another ACL logic fix X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=75ce4f7a218ab238ec516bf24871d54c8f826bc2;p=scpubgit%2Fstemmatology.git another ACL logic fix --- diff --git a/script/dblookup.pl b/script/dblookup.pl index 2346fde..16ee440 100755 --- a/script/dblookup.pl +++ b/script/dblookup.pl @@ -67,7 +67,8 @@ if( $list ) { next unless grep { $_ eq $tid } @uuids; } my $t = $kdb->lookup( $tid ); - print STDERR "$tid: Tradition '" . $t->name . "'\n"; + my $tstr = $t->public ? 'Public tradition' : 'Tradition'; + print STDERR "$tid: $tstr '" . $t->name . "'\n"; my @wits = map { $_->sigil } $t->witnesses; print STDERR "...with witnesses @wits\n"; my $c = $t->collation; diff --git a/stemmaweb/lib/stemmaweb/Controller/Relation.pm b/stemmaweb/lib/stemmaweb/Controller/Relation.pm index 961cfa1..357b9ca 100644 --- a/stemmaweb/lib/stemmaweb/Controller/Relation.pm +++ b/stemmaweb/lib/stemmaweb/Controller/Relation.pm @@ -383,16 +383,17 @@ sub _check_permission { $c->stash->{'permission'} = 'full' if( $user->is_admin || $tradition->user->id eq $user->id ); return 1; - } elsif( $tradition->public ) { + } + # Is it public? + if( $tradition->public ) { $c->stash->{'permission'} = 'readonly'; return 1; - } else { - # Forbidden! - $c->response->status( 403 ); - $c->response->body( 'You do not have permission to view this tradition.' ); - $c->detach( 'View::Plain' ); - return 0; - } + } + # Forbidden! + $c->response->status( 403 ); + $c->response->body( 'You do not have permission to view this tradition.' ); + $c->detach( 'View::Plain' ); + return 0; } sub _clean_booleans { diff --git a/stemmaweb/lib/stemmaweb/Controller/Root.pm b/stemmaweb/lib/stemmaweb/Controller/Root.pm index 7e9ff2b..3ff836f 100644 --- a/stemmaweb/lib/stemmaweb/Controller/Root.pm +++ b/stemmaweb/lib/stemmaweb/Controller/Root.pm @@ -291,10 +291,11 @@ sub _check_permission { if( $user ) { return 'full' if ( $user->is_admin || ( $tradition->has_user && $tradition->user->id eq $user->id ) ); - } elsif( $tradition->public ) { - return 'readonly'; - } - # else Forbidden! + } + # Text doesn't belong to us, so maybe it's public? + return 'readonly' if $tradition->public; + + # ...nope. Forbidden! $c->response->status( 403 ); $c->response->body( 'You do not have permission to view this tradition.' ); $c->detach( 'View::Plain' ); diff --git a/stemmaweb/lib/stemmaweb/Controller/Stexaminer.pm b/stemmaweb/lib/stemmaweb/Controller/Stexaminer.pm index d40ecbc..86020a1 100644 --- a/stemmaweb/lib/stemmaweb/Controller/Stexaminer.pm +++ b/stemmaweb/lib/stemmaweb/Controller/Stexaminer.pm @@ -104,16 +104,17 @@ sub _check_permission { $c->stash->{'permission'} = 'full' if( $user->is_admin || $tradition->user->id eq $user->id ); return 1; - } elsif( $tradition->public ) { + } + # Is it public? + if( $tradition->public ) { $c->stash->{'permission'} = 'readonly'; return 1; - } else { - # Forbidden! - $c->response->status( 403 ); - $c->response->body( 'You do not have permission to view this tradition.' ); - $c->detach( 'View::Plain' ); - return 0; - } + } + # Forbidden! + $c->response->status( 403 ); + $c->response->body( 'You do not have permission to view this tradition.' ); + $c->detach( 'View::Plain' ); + return 0; } =head2 graphsvg