OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
$calendarid = $_POST['calendarid'];
-$calendar = OC_Calendar_App::getCalendar($calendarid);//access check
+$calendar = OC_Calendar_App::getCalendar($calendarid, true);
+if(!$calendar){
+ OCP\JSON::error(array('message'=>'permission denied'));
+ exit;
+}
OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']);
$calendar = OC_Calendar_App::getCalendar($calendarid);
OCP\JSON::success(array(
OCP\JSON::checkAppEnabled('calendar');
$cal = $_POST["calendarid"];
-$calendar = OC_Calendar_App::getCalendar($cal);
+$calendar = OC_Calendar_App::getCalendar($cal, true);
+if(!$calendar){
+ OCP\JSON::error(array('message'=>'permission denied'));
+ exit;
+}
$del = OC_Calendar_Calendar::deleteCalendar($cal);
if($del == true){
OCP\JSON::success();
OCP\JSON::checkAppEnabled('calendar');
$calendarcolor_options = OC_Calendar_Calendar::getCalendarColorOptions();
-$calendar = OC_Calendar_App::getCalendar($_GET['calendarid']);
+$calendar = OC_Calendar_App::getCalendar($_GET['calendarid'], true);
+if(!$calendar){
+ OCP\JSON::error(array('message'=>'permission denied'));
+ exit;
+}
$tmpl = new OCP\Template("calendar", "part.editcalendar");
$tmpl->assign('new', false);
$tmpl->assign('calendarcolor_options', $calendarcolor_options);
}
$calendarid = $_POST['id'];
-$calendar = OC_Calendar_App::getCalendar($calendarid);//access check
+$calendar = OC_Calendar_App::getCalendar($calendarid, true);
+if(!$calendar){
+ OCP\JSON::error(array('message'=>'permission denied'));
+ exit;
+}
OC_Calendar_Calendar::editCalendar($calendarid, strip_tags($_POST['name']), null, null, null, $_POST['color']);
OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']);