From 931024572ea84e6883ead8e9e7ba4a83e6b58233 Mon Sep 17 00:00:00 2001
From: Dannon Baker <dannon.baker@gmail.com>
Date: Tue, 12 Sep 2023 10:24:11 -0400
Subject: [PATCH] Only show 'edit' on published pages when viewer is the owner.
  Shared pages don't grant edit permissions, so this is good enough.  All
 actual security is enforced in the API, so this just displays (or not) the
 UI.

---
 client/src/components/PageDisplay/PageDisplay.vue | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/client/src/components/PageDisplay/PageDisplay.vue b/client/src/components/PageDisplay/PageDisplay.vue
index 9994a67a0274..f476a35c7bbd 100644
--- a/client/src/components/PageDisplay/PageDisplay.vue
+++ b/client/src/components/PageDisplay/PageDisplay.vue
@@ -9,6 +9,7 @@
                         :enable_beta_markdown_export="config.enable_beta_markdown_export"
                         :download-endpoint="stsUrl(config)"
                         :export-link="exportUrl"
+                        :read-only="!userOwnsPage"
                         @onEdit="onEdit" />
                     <PageHtml v-else :page="page" />
                 </div>
@@ -25,6 +26,8 @@ import ConfigProvider from "components/providers/ConfigProvider";
 import Markdown from "components/Markdown/Markdown";
 import Published from "components/Common/Published";
 import PageHtml from "./PageHtml";
+import { mapState } from "pinia";
+import { useUserStore } from "@/stores/userStore";
 
 export default {
     components: {
@@ -45,6 +48,10 @@ export default {
         };
     },
     computed: {
+        ...mapState(useUserStore, ["currentUser"]),
+        userOwnsPage() {
+            return this.currentUser.username === this.page.username;
+        },
         dataUrl() {
             return `/api/pages/${this.pageId}`;
         },