diff --git a/action.php b/action.php
index b734f07..f3442c0 100644
--- a/action.php
+++ b/action.php
@@ -33,6 +33,9 @@ switch ($VARS['action']) {
         } else {
             if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
                 $insert = false;
+                if ($database->get("publications", 'uid', ['pubid' => $VARS['pubid']]) != $_SESSION['uid']) {
+                    returnToSender("no_permission");
+                }
             } else {
                 returnToSender("invalid_pubid");
             }
@@ -98,6 +101,9 @@ switch ($VARS['action']) {
         returnToSender("pub_saved");
     case "deletepub":
         if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
+            if ($database->get("publications", 'uid', ['pubid' => $VARS['pubid']]) != $_SESSION['uid']) {
+                returnToSender("no_permission");
+            }
             $database->delete('tiles', ['pubid' => $VARS['pubid']]);
             $database->delete('publications', ['pubid' => $VARS['pubid']]);
             returnToSender("pub_deleted");
@@ -109,6 +115,10 @@ switch ($VARS['action']) {
             die(json_encode(["status" => "ERROR", "msg" => lang("invalid pubid", false)]));
         }
 
+        if ($database->get("publications", 'uid', ['pubid' => $VARS['pubid']]) != $_SESSION['uid']) {
+            die(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)]));
+        }
+
         $data = [
             "pubid" => $VARS['pubid'],
             "page" => $VARS['page'],
@@ -130,6 +140,10 @@ switch ($VARS['action']) {
             die(json_encode(["status" => "ERROR", "msg" => lang("invalid tileid", false)]));
         }
 
+        if ($database->get("publications", 'uid', ['pubid' => $VARS['pubid']]) != $_SESSION['uid']) {
+            die(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)]));
+        }
+
         $database->delete('tiles', ["tileid" => $VARS['tileid']]);
         exit(json_encode(["status" => "OK"]));
     case "signout":
diff --git a/lang/en_us.php b/lang/en_us.php
index 0b585fc..5142794 100644
--- a/lang/en_us.php
+++ b/lang/en_us.php
@@ -60,5 +60,6 @@ define("STRINGS", [
     "edit content" => "Edit Content",
     "delete" => "Delete",
     "open" => "Open",
-    "page" => "Page"
+    "page" => "Page",
+    "no permission" => "You don't have permission to do that."
 ]);
\ No newline at end of file
diff --git a/lang/messages.php b/lang/messages.php
index 4128300..f59da3d 100644
--- a/lang/messages.php
+++ b/lang/messages.php
@@ -25,4 +25,8 @@ define("MESSAGES", [
         "string" => "invalid pubid",
         "type" => "danger"
     ],
+    "no_permission" => [
+        "string" => "no permission",
+        "type" => "danger"
+    ],
 ]);
diff --git a/lib/gencontent.php b/lib/gencontent.php
index 149057c..3d35a8d 100644
--- a/lib/gencontent.php
+++ b/lib/gencontent.php
@@ -1,12 +1,19 @@
 <?php
 require_once __DIR__ . "/../required.php";
-dieifnotloggedin();
 
 if (!defined("IN_NEWSPEN")) {
     if (is_numeric($VARS['pubid'])) {
         if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
             $pub = $VARS['pubid'];
-            $pubdata = $database->get("publications", ["pubname", "pubdate", "styleid", "columns", "page_size", "landscape"], ["pubid" => $pub]);
+            $pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname"], ["pubid" => $pub]);
+            if ($pubdata["permname"] != "LINK") {
+                dieifnotloggedin();
+            }
+            if ($pubdata["uid"] != $_SESSION['uid']) {
+                if ($pubdata["permname"] == "OWNER") {
+                    die(lang("no permission"));
+                }
+            }
         } else {
             die(lang("invalid parameters", false));
         }
diff --git a/lib/getpubtable.php b/lib/getpubtable.php
index 3b705e8..3df6b99 100644
--- a/lib/getpubtable.php
+++ b/lib/getpubtable.php
@@ -62,6 +62,13 @@ if (!is_null($order)) {
     $where["ORDER"] = $order;
 }
 
+$where["OR #perms"] = [
+    "uid" => $_SESSION['uid'],
+    "permname #logg" => "LOGGEDIN",
+    "permname #link" => "LINK"
+];
+
+//var_dump($where);
 
 $pubs = $database->select('publications', [
     '[>]pub_styles' => ['styleid' => 'styleid'],
@@ -82,7 +89,6 @@ $pubs = $database->select('publications', [
         ], $where);
 
 
-
 $out['status'] = "OK";
 if ($filter) {
     $recordsFiltered = $database->count('publications', [
@@ -96,8 +102,12 @@ $out['recordsFiltered'] = $recordsFiltered;
 
 $usercache = [];
 for ($i = 0; $i < count($pubs); $i++) {
-    $pubs[$i]["editbtn"] = '<a class="btn btn-blue btn-xs" href="app.php?page=editpub&id=' . $pubs[$i]['pubid'] . '"><i class="fa fa-pencil-square-o"></i> ' . lang("edit", false) . '</a>';
-    $pubs[$i]["clonebtn"] = '<a class="btn btn-green btn-xs" href="app.php?page=editpub&id=' . $pubs[$i]['pubid'] . '&clone=1"><i class="fa fa-clone"></i> ' . lang("clone", false) . '</a>';
+    if ($pubs[$i]["uid"] == $_SESSION['uid']) {
+        $pubs[$i]["editbtn"] = '<a class="btn btn-primary btn-xs" href="app.php?page=editpub&id=' . $pubs[$i]['pubid'] . '"><i class="fa fa-pencil-square-o"></i> ' . lang("edit", false) . '</a>';
+    } else {
+        $pubs[$i]["editbtn"] = '<a class="btn btn-purple btn-xs" href="app.php?page=content&pubid=' . $pubs[$i]['pubid'] . '"><i class="fa fa-eye"></i> ' . lang("view", false) . '</a>';
+    }
+    $pubs[$i]["clonebtn"] = '<a class="btn btn-success btn-xs" href="app.php?page=editpub&id=' . $pubs[$i]['pubid'] . '&clone=1"><i class="fa fa-clone"></i> ' . lang("clone", false) . '</a>';
     $pubs[$i]["pubdate"] = date(DATETIME_FORMAT, strtotime($pubs[$i]["pubdate"]));
     if (is_null($pubs[$i]['uid'])) {
         $pubs[$i]["username"] = "";
diff --git a/pages/content.php b/pages/content.php
index 2b90d2d..fe3c71a 100644
--- a/pages/content.php
+++ b/pages/content.php
@@ -7,10 +7,20 @@ $pub = false;
 
 $pubdata = [];
 
+$edit = false;
+
 if (is_numeric($VARS['pubid'])) {
     if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
         $pub = $VARS['pubid'];
-        $pubdata = $database->get("publications", ["pubname", "pubdate", "styleid", "columns", "page_size", "landscape"], ["pubid" => $pub]);
+        $pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname"], ["pubid" => $pub]);
+        if ($pubdata["uid"] == $_SESSION['uid']) {
+            $edit = true;
+        } else {
+            if ($pubdata["permname"] == "OWNER") {
+                header("Location: app.php?page=content&msg=no_permission");
+                die();
+            }
+        }
     } else {
         header("Location: app.php?page=content&msg=invalid_pubid");
         die();
@@ -33,107 +43,111 @@ if ($pub === false) {
                 ?>
             </select>
             <input type="hidden" name="page" value="content" />
-            <button type="submit" class="btn btn-success"><i class="fa fa-arrow-right"></i> <?php lang("open"); ?></button>
+            <button type="submit" class="btn btn-success"><i class="fa fa-folder-open-o"></i> <?php lang("open"); ?></button>
         </form>
     </div>
     <?php
 } else {
     ?>
-
-    <div class="modal fade" id="tile-options-modal" tabindex="-1" role="dialog" aria-labelledby="tile-options-title">
-        <div class="modal-dialog" role="document">
-            <div class="modal-content">
-                <div class="modal-header">
-                    <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-                    <h4 class="modal-title" id="tile-options-title"><?php lang("edit tile"); ?></h4>
-                </div>
-                <div class="modal-body">
-                    <div class="form-group">
-                        <label for="width" class="control-label"><i class="fa fa-text-width"></i> <?php lang("width"); ?></label>
-                        <input type="number" class="form-control" id="width">
+    <?php if ($edit) { ?>
+        <div class="modal fade" id="tile-options-modal" tabindex="-1" role="dialog" aria-labelledby="tile-options-title">
+            <div class="modal-dialog" role="document">
+                <div class="modal-content">
+                    <div class="modal-header">
+                        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+                        <h4 class="modal-title" id="tile-options-title"><?php lang("edit tile"); ?></h4>
                     </div>
-                    <div class="form-group">
-                        <label for="order" class="control-label"><i class="fa fa-sort"></i> <?php lang("order"); ?></label>
-                        <input type="number" class="form-control" id="order">
+                    <div class="modal-body">
+                        <div class="form-group">
+                            <label for="width" class="control-label"><i class="fa fa-text-width"></i> <?php lang("width"); ?></label>
+                            <input type="number" class="form-control" id="width">
+                        </div>
+                        <div class="form-group">
+                            <label for="order" class="control-label"><i class="fa fa-sort"></i> <?php lang("order"); ?></label>
+                            <input type="number" class="form-control" id="order">
+                        </div>
+                        <div class="form-group">
+                            <label for="page" class="control-label"><i class="fa fa-file-o"></i> <?php lang("page"); ?></label>
+                            <input type="number" class="form-control" id="page">
+                        </div>
+                        <div class="form-group">
+                            <label for="style" class="control-label"><i class="fa fa-star"></i> <?php lang("style"); ?></label>
+                            <select id="style" class="form-control">
+                                <?php
+                                $styles = $database->select("tile_styles", ['styleid', 'stylename']);
+                                foreach ($styles as $s) {
+                                    $si = $s['styleid'];
+                                    $sn = $s['stylename'];
+                                    echo "<option value=\"$si\">$sn</option>\n";
+                                }
+                                ?>
+                            </select>
+                        </div>
                     </div>
-                    <div class="form-group">
-                        <label for="page" class="control-label"><i class="fa fa-file-o"></i> <?php lang("page"); ?></label>
-                        <input type="number" class="form-control" id="page">
+                    <div class="modal-footer">
+                        <button type="button" class="btn btn-danger btn-xs" id="edit-tile-del-btn"><?php lang("delete"); ?></button>
+                        <button type="button" class="btn btn-default" data-dismiss="modal"><?php lang("close"); ?></button>
+                        <button type="button" class="btn btn-primary" id="edit-tile-save-btn" data-tile=""><?php lang("save"); ?></button>
                     </div>
-                    <div class="form-group">
-                        <label for="style" class="control-label"><i class="fa fa-star"></i> <?php lang("style"); ?></label>
-                        <select id="style" class="form-control">
-                            <?php
-                            $styles = $database->select("tile_styles", ['styleid', 'stylename']);
-                            foreach ($styles as $s) {
-                                $si = $s['styleid'];
-                                $sn = $s['stylename'];
-                                echo "<option value=\"$si\">$sn</option>\n";
-                            }
-                            ?>
-                        </select>
-                    </div>
-                </div>
-                <div class="modal-footer">
-                    <button type="button" class="btn btn-danger btn-xs" id="edit-tile-del-btn"><?php lang("delete"); ?></button>
-                    <button type="button" class="btn btn-default" data-dismiss="modal"><?php lang("close"); ?></button>
-                    <button type="button" class="btn btn-primary" id="edit-tile-save-btn" data-tile=""><?php lang("save"); ?></button>
                 </div>
             </div>
         </div>
-    </div>
 
-    <div class="modal fade" id="new-tile-modal" tabindex="-1" role="dialog" aria-labelledby="new-tile-title">
-        <div class="modal-dialog" role="document">
-            <div class="modal-content">
-                <div class="modal-header">
-                    <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-                    <h4 class="modal-title" id="new-tile-title"><?php lang("new tile"); ?></h4>
-                </div>
-                <div class="modal-body">
-                    <div class="form-group">
-                        <label for="width" class="control-label"><i class="fa fa-text-width"></i> <?php lang("width"); ?></label>
-                        <input type="number" class="form-control" id="newwidth" value="1">
-                    </div>
-                    <div class="form-group">
-                        <label for="order" class="control-label"><i class="fa fa-sort"></i> <?php lang("order"); ?></label>
-                        <input type="number" class="form-control" id="neworder" value="1">
+        <div class="modal fade" id="new-tile-modal" tabindex="-1" role="dialog" aria-labelledby="new-tile-title">
+            <div class="modal-dialog" role="document">
+                <div class="modal-content">
+                    <div class="modal-header">
+                        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+                        <h4 class="modal-title" id="new-tile-title"><?php lang("new tile"); ?></h4>
                     </div>
-                    <div class="form-group">
-                        <label for="page" class="control-label"><i class="fa fa-file-o"></i> <?php lang("page"); ?></label>
-                        <input type="number" class="form-control" id="newpage" value="1">
+                    <div class="modal-body">
+                        <div class="form-group">
+                            <label for="width" class="control-label"><i class="fa fa-text-width"></i> <?php lang("width"); ?></label>
+                            <input type="number" class="form-control" id="newwidth" value="1">
+                        </div>
+                        <div class="form-group">
+                            <label for="order" class="control-label"><i class="fa fa-sort"></i> <?php lang("order"); ?></label>
+                            <input type="number" class="form-control" id="neworder" value="1">
+                        </div>
+                        <div class="form-group">
+                            <label for="page" class="control-label"><i class="fa fa-file-o"></i> <?php lang("page"); ?></label>
+                            <input type="number" class="form-control" id="newpage" value="1">
+                        </div>
+                        <div class="form-group">
+                            <label for="style" class="control-label"><i class="fa fa-star"></i> <?php lang("style"); ?></label>
+                            <select id="newstyle" class="form-control">
+                                <?php
+                                $styles = $database->select("tile_styles", ['styleid', 'stylename']);
+                                foreach ($styles as $s) {
+                                    $si = $s['styleid'];
+                                    $sn = $s['stylename'];
+                                    echo "<option value=\"$si\">$sn</option>\n";
+                                }
+                                ?>
+                            </select>
+                        </div>
                     </div>
-                    <div class="form-group">
-                        <label for="style" class="control-label"><i class="fa fa-star"></i> <?php lang("style"); ?></label>
-                        <select id="newstyle" class="form-control">
-                            <?php
-                            $styles = $database->select("tile_styles", ['styleid', 'stylename']);
-                            foreach ($styles as $s) {
-                                $si = $s['styleid'];
-                                $sn = $s['stylename'];
-                                echo "<option value=\"$si\">$sn</option>\n";
-                            }
-                            ?>
-                        </select>
+                    <div class="modal-footer">
+                        <button type="button" class="btn btn-default" data-dismiss="modal"><?php lang("close"); ?></button>
+                        <button type="button" class="btn btn-primary" id="new-tile-save-btn" data-tile=""><?php lang("new tile"); ?></button>
                     </div>
                 </div>
-                <div class="modal-footer">
-                    <button type="button" class="btn btn-default" data-dismiss="modal"><?php lang("close"); ?></button>
-                    <button type="button" class="btn btn-primary" id="new-tile-save-btn" data-tile=""><?php lang("new tile"); ?></button>
-                </div>
             </div>
         </div>
-    </div>
+
+    <?php } ?>
 
     <div class="btn-group mgn-btm-10px">
-        <div class="btn btn-success" id="new_tile_btn" data-toggle="modal" data-target="#new-tile-modal"><i class="fa fa-plus"></i> <?php lang("new tile"); ?></div>
+        <?php if ($edit) { ?>
+            <div class="btn btn-success" id="new_tile_btn" data-toggle="modal" data-target="#new-tile-modal"><i class="fa fa-plus"></i> <?php lang("new tile"); ?></div>
+        <?php } ?>
         <a class="btn btn-primary" id="preview_btn" href="lib/gencontent.php?pubid=<?php echo $pub; ?>" target="_BLANK"><i class="fa fa-search"></i> <?php lang("preview"); ?></a>
     </div>
 
     <div class="pages-box">
         <?php
         define("IN_NEWSPEN", true);
-        define("EDIT_MODE", true);
+        define("EDIT_MODE", $edit);
         require_once __DIR__ . "/../lib/gencontent.php";
         echo $content;
         ?>
diff --git a/pages/editpub.php b/pages/editpub.php
index cab9070..09ebd0b 100644
--- a/pages/editpub.php
+++ b/pages/editpub.php
@@ -43,7 +43,7 @@ if (!is_empty($VARS['id'])) {
 ?>
 
 <form role="form" action="action.php" method="POST">
-    <div class="panel panel-blue">
+    <div class="panel panel-primary">
         <div class="panel-heading">
             <h3 class="panel-title">
                 <?php