Index: /trunk/pstamp/scripts/pstampparse.pl
===================================================================
--- /trunk/pstamp/scripts/pstampparse.pl	(revision 38007)
+++ /trunk/pstamp/scripts/pstampparse.pl	(revision 38008)
@@ -18,4 +18,5 @@
 use POSIX;
 use Time::HiRes qw(gettimeofday);
+use Time::Local;
 
 my $verbose;
@@ -569,4 +570,8 @@
     $option_mask |= $PSTAMP_NO_WAIT_FOR_UPDATE if $no_updates_allowed;
 
+    # determine if there is a cut off date for data access for this user
+    my $mjd_max;
+    my $adjustedDateCuts = adjustDateCuts($row, \$mjd_max);
+
     my $roi_string;
 
@@ -612,15 +617,6 @@
 
     my $imagefile = $image->{image};
-    if (($stage ne "stack") and ($need_magic and !$image->{magicked})) {
-        # XXX: should we add a faulted job so the client can know what happened if no images come back?
-        # The test for destreaked is made in locate_images now so this code never runs. This leads to no feedback
-        # to users, but speeds up processing significantly
-        print STDERR "skipping non-magicked image $imagefile\n" if $verbose;
-
-        # for now assume yes.
-
-        insertFakeJobForRow($row, $job_num, $PSTAMP_NOT_DESTREAKED);
-        return 1;
-    } elsif ($stage eq "stack") {
+
+    if ($stage eq "stack") {
         # unconvolved stack images weren't available prior to some point in time.
         # XXX: handle this more correctly by examining the stack run's config dump file.
@@ -633,4 +629,44 @@
             insertFakeJobForRow($row, $job_num, $PSTAMP_NOT_AVAILABLE);
             return 1;
+        }
+    } else { 
+        if ($need_magic and !$image->{magicked}) {
+            # XXX: should we add a faulted job so the client can know what happened if no images come back?
+            # The test for destreaked is made in locate_images now so this code never runs. This leads to no feedback
+            # to users, but speeds up processing significantly
+            print STDERR "skipping non-magicked image $imagefile\n" if $verbose;
+
+            # for now assume yes.
+
+            insertFakeJobForRow($row, $job_num, $PSTAMP_NOT_DESTREAKED);
+            return 1;
+        }
+
+        if ($adjustedDateCuts) {
+            my $mjd = 0;
+            my $exp_id;
+            if ($stage eq 'diff') {
+                # diff stage doesn't have a dateobs so we need to hack it.
+                # Extract dateobs from the exp_name_1
+                if ($row->{PROJECT} eq 'gpc1') {
+                    my $exp_name = $image->{exp_name_1};
+                    if ($exp_name ne 'NULL') {
+                        $mjd = 50000 + (substr($exp_name, 1, 4));
+                        $exp_id = $image->{exp_id_1};
+                    } else {
+                        # it's stack-stack diff just let it go with mjd = 0
+                        # XXX: deal with this
+                    }
+                }
+            } else {
+                $exp_id = $image->{exp_id};
+                $mjd = dateobsToMJD($image->{dateobs});
+            }
+
+            if ($mjd > $mjd_max) {
+                print STDERR "User is not authorized for stamps from this exposure.\n";
+                insertFakeJobForRow($row, $job_num, $PSTAMP_NOT_AUTHORIZED, $exp_id);
+                return 1;
+            }
         }
     }
@@ -863,4 +899,5 @@
     my $job_num = shift;
     my $fault = shift;
+    my $exp_id = shift;
 
     my ($job_type, $rownum);
@@ -885,4 +922,5 @@
     my $command = "$pstamptool -addjob  -req_id $req_id -job_type $job_type"
                         . " -rownum $rownum -state stop -fault $fault";
+    $command .= " -exp_id $exp_id" if $exp_id and $exp_id ne 'NULL';
 
     if (!$no_update) {
@@ -1153,5 +1191,5 @@
         # set the access rights based on the assigned label.
         if ($label eq 'IFA' or $label eq 'QUB' or $label =~ 'MOPS') {
-            $level = 2;
+            $level = 0;
         } else {
             # access rights PS1 data only
@@ -1164,5 +1202,5 @@
             $domain = lc($domain);
             if ($domain eq 'ifa.hawaii.edu' or $domain eq 'qub.ac.uk') {
-                $level = 2;
+                $level = 0;
             } else {
                 # XXX check for special users
@@ -1178,4 +1216,45 @@
 }
 
+
+# determine the latest exposure date that a user may have access to
+# based on the user's accessLevel.
+sub adjustDateCuts {
+    my $row = shift;
+    my $r_mjd_max = shift;
+    my $adjusted = 0;
+
+    my $MJD_PS1_BEGIN = 54922;    # 2009-04-01
+    my $MJD_PS1_END   = 56838;    # 2014-06-30      XXX get the actual date
+
+    if ($row->{accessLevel} == 1) {
+        # User has access to PS1 data only
+        my $mjd_max_user = $row->{MJD_MAX};
+        if (!$mjd_max_user or $mjd_max_user > $MJD_PS1_END) {
+            $$r_mjd_max = $MJD_PS1_END;
+            $adjusted = 1;
+        }
+    }
+    return $adjusted;
+}
+
+sub dateobsToMJD {
+    my $dateobs = shift;
+
+    my ($date, $time) = split "T", $dateobs;
+
+    my ($year, $mon, $day) = split "-", $date;
+
+    my ($hr, $min, $sec) = split ":",   $time;
+    my $fraction = $sec - int($sec);
+    $sec = int($sec);
+
+    my $ticks = timegm($sec, $min, $hr, $day, $mon-1, $year-1900);
+    $ticks += $fraction;
+
+    # I'm not allowing for leap seconds here but for our purposes here that is ok
+    my $mjd = 40587.0 + ($ticks / 86400.);
+    return $mjd;
+}
+
 sub my_die
 {
