Resolve "auto_author gives permission to everybody???"

Closes #99 (closed)

djangoldp/serializers.py

@@ -206,9 +206,11 @@ class LDPSerializer(HyperlinkedModelSerializer):
 
         if self.context['request'].user.is_anonymous:
             data['permissions'] += permissions.AnonymousReadOnly.anonymous_perms
-        elif self.context['request'].user.is_authenticated:
+        elif self.context['request'].user.is_authenticated and hasattr(obj._meta, 'auto_author'):
             if hasattr(obj._meta, 'auto_author'):
-                data['permissions'] += permissions.AnonymousReadOnly.author_perms
+                author = getattr(obj, obj._meta.auto_author)
+                if author == self.context['request'].user:
+                    data['permissions'] += permissions.AnonymousReadOnly.author_perms
             else:
                 data['permissions'] += permissions.AnonymousReadOnly.authenticated_perms