From: Tara L Andrews <tla@mit.edu>
Date: Tue, 28 Aug 2012 15:00:10 +0000 (+0200)
Subject: activate user control for stexaminer and root page
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=96eae4403d8d5ce5a11a6733360459ae8e0b1fe6;p=scpubgit%2Fstemmaweb.git

activate user control for stexaminer and root page
---

diff --git a/lib/stemmaweb/Controller/Stexaminer.pm b/lib/stemmaweb/Controller/Stexaminer.pm
index 16c515f..72f8fc8 100644
--- a/lib/stemmaweb/Controller/Stexaminer.pm
+++ b/lib/stemmaweb/Controller/Stexaminer.pm
@@ -33,6 +33,8 @@ sub index :Path :Args(1) {
     my( $self, $c, $textid ) = @_;
     my $m = $c->model('Directory');
 	my $tradition = $m->tradition( $textid );
+	my $ok = _check_permission( $c, $tradition );
+	return unless $ok;
 	if( $tradition->stemma_count ) {
 		my $stemma = $tradition->stemma(0);
 		$c->stash->{svg} = $stemma->as_svg( { size => [ 600, 350 ] } );
@@ -92,6 +94,25 @@ sub _stringify_element {
 	}
 }
 
+sub _check_permission {
+	my( $c, $tradition ) = @_;
+    my $user = $c->user_exists ? $c->user->get_object : undef;
+    if( $user ) {
+    	$c->stash->{'permission'} = 'full'
+    		if( $user->is_admin || $tradition->user->id eq $user->id );
+    	return 1;
+    } elsif( $tradition->public ) {
+    	$c->stash->{'permission'} = 'readonly';
+    	return 1;
+    } else {
+    	# Forbidden!
+    	$c->response->status( 403 );
+    	$c->response->body( 'You do not have permission to view this tradition.' );
+    	$c->detach( 'View::Plain' );
+    	return 0;
+    }
+}
+
 =head2 graphsvg
 
   POST stexaminer/graphsvg