Add permissions for book view

reader/views.py

 from django.contrib.auth.decorators import login_required
+from django.core.exceptions import PermissionDenied
 from django.shortcuts import render, redirect, get_object_or_404
 
 from reader.forms import BookForm
@@ -54,6 +55,19 @@ def view_book(request, book_id):
     # Get book
     book = get_object_or_404(Book, id=book_id)
 
+    # Check user has permission to access this book
+    has_permission = False
+    if book.public:
+        has_permission = True
+    elif book.owner == request.user:
+        has_permission = True
+    elif request.user.is_authenticated:
+        has_permission = (request.user.has_perm("reader.book_view_others", book)
+                          or request.user.has_perm("reader.book_view_others"))
+
+    if not has_permission:
+        raise PermissionDenied
+
     # Get the user's book stats for this book
     user_book_q = None
     if request.user.is_authenticated: