diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb
index 054e5c98..369cea85 100644
--- a/app/controllers/items_controller.rb
+++ b/app/controllers/items_controller.rb
@@ -1,5 +1,5 @@
 class ItemsController < ApplicationController
-
+  
   before_filter :require_user, only: [:new, :create, :edit, :update]
     
   respond_to :html, :js, :json
@@ -8,7 +8,8 @@ class ItemsController < ApplicationController
   def index
 	@user = User.find(params[:user_id])
   	
-	@items = @user.items
+	@current = current_user
+    @items = Item.visibleToUser(@current, @user)
      
     respond_with(@user,@items)
   end
@@ -25,9 +26,14 @@ class ItemsController < ApplicationController
   def show
     @user = User.find(params[:user_id])
   	
-	@item = @user.items.find(params[:id])
+	@current = current_user
+	@item = @user.items.find(params[:id]).authorize_to_show(@current)
 	
-	@relatives = @item.network_as_json.html_safe
+	if @item
+		@relatives = @item.network_as_json(@current).html_safe
+	else
+		redirect_to root_url and return
+	end
 	
 	respond_to do |format|
       format.html { respond_with(@item, @user) }
@@ -69,7 +75,12 @@ class ItemsController < ApplicationController
   def edit
 	@user = User.find(params[:user_id])
   	
-	@item = @user.items.find(params[:id])
+	@current = current_user
+	@item = @user.items.find(params[:id]).authorize_to_edit(@current)
+	
+	if not @item
+		redirect_to root_url and return
+	end
   
 	respond_with(@item)
   end
diff --git a/app/controllers/main_controller.rb b/app/controllers/main_controller.rb
index f3414d0c..682b8e5e 100644
--- a/app/controllers/main_controller.rb
+++ b/app/controllers/main_controller.rb
@@ -4,13 +4,10 @@ class MainController < ApplicationController
   respond_to :html, :js, :json
   
   def home
-    @current_user = current_user
-	
-	@item = Item.all.first
-	
-    if @item
-	  @alljson = @item.all_as_json.html_safe
-    end
+    @current = current_user
+    
+	@item = Item.visibleToUser(@current, nil).first
+	@alljson = all_as_json(@current).html_safe
 	
 	respond_to do |format|
       format.html { respond_with(@item) }
@@ -18,10 +15,9 @@ class MainController < ApplicationController
     end
   end
   
-  def allmaps
-    @current_user = current_user
-	
-	@maps = Map.all
+  def allmaps	
+	@current = current_user
+    @maps = Map.visibleToUser(@current, nil)
 	
 	respond_to do |format|
       format.html { respond_with(@maps) }
diff --git a/app/controllers/maps_controller.rb b/app/controllers/maps_controller.rb
index 4973bce8..fce39278 100644
--- a/app/controllers/maps_controller.rb
+++ b/app/controllers/maps_controller.rb
@@ -1,5 +1,5 @@
 class MapsController < ApplicationController
-
+  
   before_filter :require_user, only: [:new, :create, :edit, :update]
     
   respond_to :html, :js, :json
@@ -7,7 +7,9 @@ class MapsController < ApplicationController
   # GET /users/:user_id/maps
   def index
     @user = User.find(params[:user_id])
-    @maps = @user.maps
+	
+	@current = current_user
+    @maps = Map.visibleToUser(@current, @user)
      
     respond_with(@maps,@user)
   end
@@ -24,9 +26,14 @@ class MapsController < ApplicationController
   def show
     @user = User.find(params[:user_id])
   	
-	@map = @user.maps.find(params[:id])
+	@current = current_user
+	@map = @user.maps.find(params[:id]).authorize_to_show(@current)
 	
-	@mapjson = @map.self_as_json.html_safe
+	if not @map
+	  redirect_to root_url and return
+	end
+		
+	@mapjson = @map.self_as_json(@current).html_safe
 	
 	respond_to do |format|
       format.html { respond_with(@map, @user) }
@@ -53,7 +60,12 @@ class MapsController < ApplicationController
   def edit
 	@user = User.find(params[:user_id])
   	
-	@map = @user.maps.find(params[:id])
+	@current = current_user
+	@map = @user.maps.find(params[:id]).authorize_to_edit(@current)
+	
+	if not @map
+	  redirect_to root_url and return
+	end
   
 	respond_with(@user, @map)
   end
diff --git a/app/controllers/synapses_controller.rb b/app/controllers/synapses_controller.rb
index 43465492..6dbdf5d6 100644
--- a/app/controllers/synapses_controller.rb
+++ b/app/controllers/synapses_controller.rb
@@ -9,7 +9,9 @@ class SynapsesController < ApplicationController
   def index
     @user = User.find(params[:user_id])
   	
-	@synapsesjson = usersynapses_as_json(@user).html_safe
+	@current = current_user
+	@synapses = Synapse.visibleToUser(@current, @user)
+	@synapsesjson = synapses_as_json(@current, @synapses).html_safe
 
     respond_to do |format|
       format.html 
@@ -29,10 +31,15 @@ class SynapsesController < ApplicationController
   def show
   	@user = User.find(params[:user_id])
   	
-	@synapse = @user.synapses.find(params[:id])
+	@current = current_user
+	@synapse = @user.synapses.find(params[:id]).authorize_to_show(@current)
+	@item1 = @synapse.item1.authorize_to_show(@current)
+	@item2 = @synapse.item2.authorize_to_show(@current)
 	
-	if @synapse
+	if @synapse && @item1 && @item2
 		@synapsejson = @synapse.selfplusnodes_as_json.html_safe
+	else
+		redirect_to root_url and return
 	end
 	
 	respond_to do |format|
@@ -91,12 +98,13 @@ class SynapsesController < ApplicationController
   def edit
 	@user = User.find(params[:user_id])
   	
-	@synapse = @user.synapses.find(params[:id])
-	
-	@items = nil
+	@current = current_user
+	@synapse = @user.synapses.find(params[:id]).authorize_to_edit(@current)
 	
 	if @synapse 
-		@items = Item.all
+		@items = Item.visibleToUser(@current)
+	elsif not @synapse
+		redirect_to root_url and return
 	end
   
 	respond_with(@synapse, @items)
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index de6be794..95f6ba29 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,2 +1,2 @@
-module ApplicationHelper
+module ApplicationHelper  
 end
diff --git a/app/helpers/items_helper.rb b/app/helpers/items_helper.rb
index a9e179d9..e7d70498 100644
--- a/app/helpers/items_helper.rb
+++ b/app/helpers/items_helper.rb
@@ -1,5 +1,5 @@
 module ItemsHelper
-
+  
   #find all nodes in any given nodes network
   def network(node, array)
 	# recurse starting with a node to find all connected nodes and return an array of items that constitutes the starting nodes network
@@ -29,18 +29,17 @@ module ItemsHelper
   end
   
   #return a json object containing all of a users added synapses
-  def usersynapses_as_json(user)
+  def synapses_as_json(current, synapses)
     Jbuilder.encode do |json|
-	  @synapses = user.synapses
 	  @items = Array.new
 	  
-	  @synapses.each do |synapse|
-		@items.push(synapse.item1) if not @items.include?(synapse.item1)
-		@items.push(synapse.item2) if not @items.include?(synapse.item2)
+	  synapses.each do |synapse|
+		@items.push(synapse.item1) if (not @items.include?(synapse.item1)) && synapse.item1.authorize_to_view(current)
+		@items.push(synapse.item2) if (not @items.include?(synapse.item2)) && synapse.item2.authorize_to_view(current)
 	  end
 	  
 	  json.array!(@items) do |item|
-	      json.adjacencies item.synapses2.delete_if{|synapse| not synapse.user == user} do |json, synapse|
+	      json.adjacencies item.synapses2.delete_if{|synapse| not @items.include?(Item.find_by_id(synapse.node1_id))} do |json, synapse|
 				json.nodeTo synapse.node1_id
 				json.nodeFrom synapse.node2_id
 				
@@ -62,6 +61,39 @@ module ItemsHelper
 	  end	
     end
   end
+  
+  def all_as_json(current)
+    Jbuilder.encode do |json|
+
+	  @items = Item.visibleToUser(current, nil)
+	  @synapses = Synapse.visibleToUser(current, nil)
+	  
+	  json.array!(@items) do |item|
+	      json.adjacencies item.synapses2.delete_if{|synapse| (not @items.include?(Item.find_by_id(synapse.node1_id))) || (not @synapses.include?(synapse))} do |json, synapse|
+				json.nodeTo synapse.node1_id
+				json.nodeFrom synapse.node2_id
+				
+				@synapsedata = Hash.new
+				@synapsedata['$desc'] = synapse.desc
+				@synapsedata['$category'] = synapse.category
+				@synapsedata['$userid'] = synapse.user.id
+				@synapsedata['$username'] = synapse.user.name
+				json.data @synapsedata
+		  end
+		  
+		  @itemdata = Hash.new
+		  @itemdata['$desc'] = item.desc
+		  @itemdata['$link'] = item.link
+		  @itemdata['$itemcatname'] = item.item_category.name
+		  @itemdata['$userid'] = item.user.id
+		  @itemdata['$username'] = item.user.name
+		  
+		  json.data @itemdata
+		  json.id item.id
+		  json.name item.name
+	  end	
+    end
+  end
 
 
 end
diff --git a/app/models/item.rb b/app/models/item.rb
index 418e57c8..77269502 100644
--- a/app/models/item.rb
+++ b/app/models/item.rb
@@ -21,6 +21,18 @@ has_many :maps, :through => :mappings
 
 belongs_to :item_category
 
+  # has no viewable synapses helper function
+  def has_viewable_synapses(current)
+	result = false
+	self.synapses.each do |synapse|
+		if synapse.authorize_to_view(current)
+			result = true
+		end
+	end
+	return result
+  end
+  
+  ###### JSON ######
   def self_as_json
     Jbuilder.encode do |json|
 		  
@@ -37,66 +49,101 @@ belongs_to :item_category
   end
   
   #build a json object of everything connected to a specified node
-  def network_as_json
+  def network_as_json(current)
     Jbuilder.encode do |json|
 	  @items = network(self,nil)
 	  
-	  json.array!(@items) do |item|
-	      json.adjacencies item.synapses2.delete_if{|synapse| not @items.include?(Item.find_by_id(synapse.node1_id))} do |json, synapse|
-				json.nodeTo synapse.node1_id
-				json.nodeFrom synapse.node2_id
-				
-				@synapsedata = Hash.new
-				@synapsedata['$desc'] = synapse.desc
-				@synapsedata['$category'] = synapse.category
-				@synapsedata['$userid'] = synapse.user.id
-				@synapsedata['$username'] = synapse.user.name
-				json.data @synapsedata
+	    if @items.count > 1
+		  json.array!(@items.delete_if{|item| (not item.authorize_to_view(current)) || (not item.has_viewable_synapses(current))}) do |item|
+			
+			  json.adjacencies item.synapses2.delete_if{|synapse| (not @items.include?(synapse.item1)) || (not synapse.authorize_to_view(current)) || (not synapse.item1.authorize_to_view(current)) } do |json, synapse|
+					json.nodeTo synapse.node1_id
+					json.nodeFrom synapse.node2_id
+					
+					@synapsedata = Hash.new
+					@synapsedata['$desc'] = synapse.desc
+					@synapsedata['$category'] = synapse.category
+					@synapsedata['$userid'] = synapse.user.id
+					@synapsedata['$username'] = synapse.user.name
+					json.data @synapsedata
+			  end
+			  
+			  @itemdata = Hash.new
+			  @itemdata['$desc'] = item.desc
+			  @itemdata['$link'] = item.link
+			  @itemdata['$itemcatname'] = item.item_category.name
+			  @itemdata['$userid'] = item.user.id
+			  @itemdata['$username'] = item.user.name
+			  json.data @itemdata
+			  json.id item.id
+			  json.name item.name
 		  end
-		  
-		  @itemdata = Hash.new
-		  @itemdata['$desc'] = item.desc
-		  @itemdata['$link'] = item.link
-		  @itemdata['$itemcatname'] = item.item_category.name
-		  @itemdata['$userid'] = item.user.id
-		  @itemdata['$username'] = item.user.name
-		  json.data @itemdata
-		  json.id item.id
-		  json.name item.name
-	  end	
+		elsif @items.count == 1
+		    json.array!(@items) do |item|
+			  @itemdata = Hash.new
+			  @itemdata['$desc'] = item.desc
+			  @itemdata['$link'] = item.link
+			  @itemdata['$itemcatname'] = item.item_category.name
+			  @itemdata['$userid'] = item.user.id
+			  @itemdata['$username'] = item.user.name
+			  json.data @itemdata
+			  json.id item.id
+			  json.name item.name
+		    end
+		end
     end
   end
   
-  def all_as_json
-    Jbuilder.encode do |json|
-
-	  @items = Item.all
-	  
-	  json.array!(@items) do |item|
-	      json.adjacencies item.synapses2.delete_if{|synapse| not @items.include?(Item.find_by_id(synapse.node1_id))} do |json, synapse|
-				json.nodeTo synapse.node1_id
-				json.nodeFrom synapse.node2_id
-				
-				@synapsedata = Hash.new
-				@synapsedata['$desc'] = synapse.desc
-				@synapsedata['$category'] = synapse.category
-				@synapsedata['$userid'] = synapse.user.id
-				@synapsedata['$username'] = synapse.user.name
-				json.data @synapsedata
-		  end
-		  
-		  @itemdata = Hash.new
-		  @itemdata['$desc'] = item.desc
-		  @itemdata['$link'] = item.link
-		  @itemdata['$itemcatname'] = item.item_category.name
-		  @itemdata['$userid'] = item.user.id
-		  @itemdata['$username'] = item.user.name
-		  
-		  json.data @itemdata
-		  json.id item.id
-		  json.name item.name
-	  end	
-    end
+  ##### PERMISSIONS ######
+  
+  scope :visibleToUser, lambda { |current, user|  
+    if user != nil
+	   if user != current
+		 Item.find_all_by_user_id_and_permission(user.id, "commons") | Item.find_all_by_user_id_and_permission(user.id, "public")
+	   elsif user ==  current
+	     Item.find_all_by_user_id_and_permission(user.id, "commons") | Item.find_all_by_user_id_and_permission(user.id, "public") | current.items.where(:permission => "private")
+	   end
+	elsif (current != nil &&  user == nil)
+		Item.find_all_by_permission("commons") | Item.find_all_by_permission("public") | current.items.where(:permission => "private")
+	elsif (current == nil) 
+		Item.find_all_by_permission("commons") | Item.find_all_by_permission("public")
+	end
+  }
+  
+  # returns false if user not allowed to 'show' Topic, Synapse, or Map
+  def authorize_to_show(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	end
+	return self
+  end
+  
+  # returns false if user not allowed to 'edit' Topic, Synapse, or Map
+  def authorize_to_edit(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	elsif (self.permission == "public" && self.user != user)
+		return false
+	end
+	return self
+  end
+  
+  # returns Boolean if user allowed to view Topic, Synapse, or Map
+  def authorize_to_view(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	end
+	return true
+  end
+  
+  # returns Boolean based on whether user has permissions to edit or not
+  def authorize_linkto_edit(user)
+    if (self.user == user)
+		return true
+    elsif (self.permission == "commons")
+		return true
+	end
+	return false
   end
 
 end
diff --git a/app/models/map.rb b/app/models/map.rb
index 2d3e6113..cc1b19ad 100644
--- a/app/models/map.rb
+++ b/app/models/map.rb
@@ -10,16 +10,19 @@ has_many :synapses, :through => :synapsemappings
 
 def mappings 
 	itemmappings + synapsemappings
-end 
-
+end
+  
+  
+  ###### JSON ######
   #build a json object of a map
-  def self_as_json
+  def self_as_json(current)
     Jbuilder.encode do |json|
 	  @items = self.items
 	  @synapses = self.synapses
 	  
-	  json.array!(@items) do |item|
-	      json.adjacencies item.synapses2.delete_if{|synapse| not @synapses.include?(synapse)} do |json, synapse|
+	  json.array!(@items.delete_if{|item| not item.authorize_to_view(current)}) do |item|
+		
+	      json.adjacencies item.synapses2.delete_if{|synapse| (not @items.include?(synapse.item1)) || (not @synapses.include?(synapse)) || (not synapse.authorize_to_view(current)) || (not synapse.item1.authorize_to_view(current)) } do |json, synapse|
 				json.nodeTo synapse.node1_id
 				json.nodeFrom synapse.node2_id
 				
@@ -43,5 +46,57 @@ end
 	  end	
     end
   end
+  
+  ##### PERMISSIONS ######
+  
+  scope :visibleToUser, lambda { |current, user|  
+    if user != nil
+	   if user != current
+		 Map.find_all_by_user_id_and_permission(user.id, "commons") | Map.find_all_by_user_id_and_permission(user.id, "public")
+	   elsif user ==  current
+	     Map.find_all_by_user_id_and_permission(user.id, "commons") | Map.find_all_by_user_id_and_permission(user.id, "public") | current.maps.where(:permission => "private")
+	   end
+	elsif (current != nil && user == nil) 
+		Map.find_all_by_permission("commons") | Map.find_all_by_permission("public") | current.maps.where(:permission => "private")
+	elsif (current == nil) 
+		Map.find_all_by_permission("commons") | Map.find_all_by_permission("public")
+	end
+  }
+  
+  # returns false if user not allowed to 'show' Topic, Synapse, or Map
+  def authorize_to_show(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	end
+	return self
+  end
+  
+  # returns false if user not allowed to 'edit' Topic, Synapse, or Map
+  def authorize_to_edit(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	elsif (self.permission == "public" && self.user != user)
+		return false
+	end
+	return self
+  end
+  
+  # returns Boolean if user allowed to view Topic, Synapse, or Map
+  def authorize_to_view(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	end
+	return true
+  end
+  
+  # returns Boolean based on whether user has permissions to edit or not
+  def authorize_linkto_edit(user)
+    if (self.user == user)
+		return true
+    elsif (self.permission == "commons")
+		return true
+	end
+	return false
+  end
 
 end
diff --git a/app/models/synapse.rb b/app/models/synapse.rb
index 29dcecb3..691fe893 100644
--- a/app/models/synapse.rb
+++ b/app/models/synapse.rb
@@ -8,6 +8,8 @@ belongs_to :item2, :class_name => "Item", :foreign_key => "node2_id"
 has_many :mappings
 has_many :maps, :through => :mappings
 
+  ##### JSON ######
+
   def self_as_json
 	Jbuilder.encode do |json|			
 		@synapsedata = Hash.new
@@ -50,5 +52,57 @@ has_many :maps, :through => :mappings
 	  end	
     end
   end
+  
+  ##### PERMISSIONS ######
+  
+  scope :visibleToUser, lambda { |current, user|  
+    if user != nil
+	   if user != current
+		 Synapse.find_all_by_user_id_and_permission(user.id, "commons") | Synapse.find_all_by_user_id_and_permission(user.id, "public")
+	   elsif user ==  current
+	     Synapse.find_all_by_user_id_and_permission(user.id, "commons") | Synapse.find_all_by_user_id_and_permission(user.id, "public") | current.synapses.where(:permission => "private")
+	   end
+	elsif (current != nil &&  user == nil)
+		Synapse.find_all_by_permission("commons") | Synapse.find_all_by_permission("public") | current.synapses.where(:permission => "private")
+	elsif (current == nil) 
+		Synapse.find_all_by_permission("commons") | Synapse.find_all_by_permission("public")
+	end
+  }
+  
+  # returns false if user not allowed to 'show' Topic, Synapse, or Map
+  def authorize_to_show(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	end
+	return self
+  end
+  
+  # returns false if user not allowed to 'edit' Topic, Synapse, or Map
+  def authorize_to_edit(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	elsif (self.permission == "public" && self.user != user)
+		return false
+	end
+	return self
+  end
+  
+  # returns Boolean if user allowed to view Topic, Synapse, or Map
+  def authorize_to_view(user)  
+	if (self.permission == "private" && self.user != user)
+		return false
+	end
+	return true
+  end
+  
+  # returns Boolean based on whether user has permissions to edit or not
+  def authorize_linkto_edit(user)
+    if (self.user == user)
+		return true
+    elsif (self.permission == "commons")
+		return true
+	end
+	return false
+  end
 
 end
diff --git a/app/views/items/edit.html.erb b/app/views/items/edit.html.erb
index 3b02cf38..e4d3ec18 100644
--- a/app/views/items/edit.html.erb
+++ b/app/views/items/edit.html.erb
@@ -9,6 +9,6 @@
   <label for="item_link">Link</label>
   <%= form.text_field :link, class: "link" %> 
   <label for="item_permission">Permission</label>
-  <%= form.select(:permission, options_for_select(['commons', 'public', 'private'])) %>
+  <%= form.select :permission, options_for_select(['commons', 'public', 'private'], @item.permission) %>
   <%= form.submit "Update", class: "update" %>
 <% end %>
\ No newline at end of file
diff --git a/app/views/maps/edit.html.erb b/app/views/maps/edit.html.erb
index 3577aa6c..64c46b3a 100644
--- a/app/views/maps/edit.html.erb
+++ b/app/views/maps/edit.html.erb
@@ -5,6 +5,6 @@
   <label for="map_desc">Description</label>
   <%= form.text_area :desc, class: "description", :rows => 5 %>
   <label for="map_perm">Permission</label>
-  <%= form.select(:permission, options_for_select(['commons', 'public', 'private']), { :selected => @map.permission }) %>
+  <%= form.select :permission, options_for_select(['commons', 'public', 'private'], @map.permission) %>
   <%= form.submit "Update", class: "update" %>
 <% end %>
diff --git a/app/views/synapses/edit.html.erb b/app/views/synapses/edit.html.erb
index e182d4f9..f2ca1d20 100644
--- a/app/views/synapses/edit.html.erb
+++ b/app/views/synapses/edit.html.erb
@@ -11,6 +11,6 @@
 	<%= select "node2_id", "node2", @collection.order("name ASC").map {|p| [ p.name, p.id ] }, { :selected => @synapse.node2_id } %>
   <% end %>
   <label for="synapse_permission">Permission</label>
-  <%= form.select(:permission, options_for_select(['commons', 'public', 'private'])) %>
+  <%= form.select :permission, options_for_select(['commons', 'public', 'private'], @synapse.permission) %>
   <%= form.submit "Update", class: "update" %>
 <% end %>
\ No newline at end of file