Index: trunk/pstamp/scripts/pstampparse.pl
===================================================================
--- trunk/pstamp/scripts/pstampparse.pl	(revision 37997)
+++ trunk/pstamp/scripts/pstampparse.pl	(revision 37998)
@@ -270,4 +270,11 @@
 my $num_jobs = 0;
 
+my $accessLevel = getUsersAccessLevel($email, $label);
+if ($accessLevel < 0) {
+    print STDERR "Data access forbidden.\n";
+    insertFakeJobForRow(undef, 0, $PSTAMP_NOT_AUTHORIZED);
+    exit 0;
+}
+
 foreach my $row (@$rows) {
 
@@ -281,4 +288,5 @@
     $row->{job_num} = 0;
     $row->{error_code} = 0;
+    $row->{accessLevel} = $accessLevel;
 
     $num_jobs += processRow($action, $row);
@@ -1132,4 +1140,42 @@
 }
 
+# Prototype function for setting access level.
+# XXX: Implement something more flexible using the database.
+sub getUsersAccessLevel {
+    my $email = shift;
+    my $label = shift;
+
+    my $level = -1;
+
+    if (!$email) {
+        # No email provided. Eventually this will be forbidden.
+        # For now in order to temporarily continue to support the version 1 request format
+        # set the access rights based on the assigned label.
+        if ($label eq 'IFA' or $label eq 'QUB' or $label =~ 'MOPS') {
+            $level = 2;
+        } else {
+            # access rights PS1 data only
+            $level = 1;
+        }
+    } else {
+        # we've got an email check the domain
+        my ($user, $domain) = split '@', $email;
+        if ($domain) {
+            $domain = lc($domain);
+            if ($domain eq 'ifa.hawaii.edu' or $domain eq 'qub.ac.uk') {
+                $level = 2;
+            } else {
+                # XXX check for special users
+                # access rights PS1 data only
+                $level = 1;
+            }
+        } else {
+            print STDERR "Error: $email is not a valid email address\n";
+        }
+    }
+
+    return $level;
+}
+
 sub my_die
 {
