check user permissions in calendar's changepermission.php

diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php
index e4a4f186ab06548457eecb15467e7fd6802b1959..2737420c94ede4c2717f8008cd163c040d401242 100755 (executable)
--- a/apps/calendar/ajax/share/changepermission.php
+++ b/apps/calendar/ajax/share/changepermission.php
@@ -17,6 +17,14 @@ switch($idtype){
                OCP\JSON::error(array('message'=>'unexspected parameter'));
                exit;
 }
+if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){
+       OCP\JSON::error(array('message'=>'permission denied'));
+       exit;
+}
+if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
+       OCP\JSON::error(array('message'=>'permission denied'));
+       exit;
+}
 $sharewith = $_GET['sharewith'];
 $sharetype = strip_tags($_GET['sharetype']);
 switch($sharetype){