3 files changed, 14 insertions, 7 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 592d37d4e..d8c5cdf6d 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -1006,10 +1006,9 @@ sub load_template_body : Private {
     my ($self, $c, $body_id) = @_;
 
     my $zurich_user = $c->user->from_body && $c->cobrand->moniker eq 'zurich';
-    my $has_permission = $c->user->has_body_permission_to('template_edit') &&
-                         $c->user->from_body->id eq $body_id;
+    my $has_permission = $c->user->has_body_permission_to('template_edit', $body_id);
 
-    unless ( $c->user->is_superuser || $zurich_user || $has_permission ) {
+    unless ( $zurich_user || $has_permission ) {
         $c->detach( '/page_error_404_not_found', [] );
     }
 
@@ -1235,7 +1234,7 @@ sub user_edit : Path('user_edit') : Args(1) {
     my $user = $c->cobrand->users->find( { id => $id } );
     $c->detach( '/page_error_404_not_found', [] ) unless $user;
 
-    unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) {
+    unless ( $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) {
         $c->detach('/page_error_403_access_denied', []);
     }
 
diff --git a/perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm b/perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm
index 032e593c6..a6c13c117 100644
--- a/perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin/ResponsePriorities.pm
@@ -92,10 +92,9 @@ sub edit : Path : Args(2) {
 sub load_user_body : Private {
     my ($self, $c, $body_id) = @_;
 
-    my $has_permission = $c->user->has_body_permission_to('responsepriority_edit') &&
-                         $c->user->from_body->id eq $body_id;
+    my $has_permission = $c->user->has_body_permission_to('responsepriority_edit', $body_id);
 
-    unless ( $c->user->is_superuser || $has_permission ) {
+    unless ( $has_permission ) {
         $c->detach( '/page_error_404_not_found' );
     }
 
diff --git a/perllib/FixMyStreet/App/Controller/Offline.pm b/perllib/FixMyStreet/App/Controller/Offline.pm
index 9acb33f7e..5f3b69f2e 100644
--- a/perllib/FixMyStreet/App/Controller/Offline.pm
+++ b/perllib/FixMyStreet/App/Controller/Offline.pm
@@ -11,6 +11,7 @@ FixMyStreet::App::Controller::Offline - Catalyst Controller
 =head1 DESCRIPTION
 
 Offline pages Catalyst Controller.
+On staging site, appcache only for people who want it.
 
 =head1 METHODS
 
@@ -18,6 +19,10 @@ Offline pages Catalyst Controller.
 
 sub manifest : Path("/offline/appcache.manifest") {
     my ($self, $c) = @_;
+    if (FixMyStreet->staging_flag('enable_appcache', 0)) {
+        $c->response->status(404);
+        $c->response->body('NOT FOUND');
+    }
     $c->res->content_type('text/cache-manifest; charset=utf-8');
     $c->res->header(Cache_Control => 'no-cache, no-store');
 }
@@ -25,6 +30,10 @@ sub manifest : Path("/offline/appcache.manifest") {
 sub appcache : Path("/offline/appcache") {
     my ($self, $c) = @_;
     $c->detach('/page_error_404_not_found', []) if keys %{$c->req->params};
+    if (FixMyStreet->staging_flag('enable_appcache', 0)) {
+        $c->response->status(404);
+        $c->response->body('NOT FOUND');
+    }
 }
 
 __PACKAGE__->meta->make_immutable;