fix merge conflicts

author: Georg Ehrke <dev@georgswebsite.de> 2012-04-22 13:19:12 +0200
committer: Georg Ehrke <dev@georgswebsite.de> 2012-04-22 13:19:12 +0200
commit: 4c2cf35050032002d01978f53201723330ebfe16 (patch)
tree: cb931972aae1381d0d46aa934fa56f462e4c873a /apps/calendar/ajax/event
parent: 711aa229b882d3fc5e2fa8c22e6db2ec05642984 (diff)
parent: 1bba4456420d1824ab6d58f3d9bb523fcde5c4c2 (diff)
download: nextcloud-server-4c2cf35050032002d01978f53201723330ebfe16.tar.gz
nextcloud-server-4c2cf35050032002d01978f53201723330ebfe16.zip
6 files changed, 58 insertions, 16 deletions
diff --git a/apps/calendar/ajax/event/delete.php b/apps/calendar/ajax/event/delete.php
index 49b740656de..3b726651641 100644
--- a/apps/calendar/ajax/event/delete.php
+++ b/apps/calendar/ajax/event/delete.php
@@ -11,7 +11,10 @@ OC_JSON::checkLoggedIn();
 OC_JSON::checkAppEnabled('calendar');
 
 $id = $_POST['id'];
-$event_object = OC_Calendar_App::getEventObject($id);
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+	OC_JSON::error(array('message'=>'permission denied'));
+	exit;
+}
 $result = OC_Calendar_Object::delete($id);
 OC_JSON::success();
-?> 
diff --git a/apps/calendar/ajax/event/edit.form.php b/apps/calendar/ajax/event/edit.form.php
index 1634e7ea416..ec50b78be6f 100644
--- a/apps/calendar/ajax/event/edit.form.php
+++ b/apps/calendar/ajax/event/edit.form.php
@@ -14,7 +14,13 @@ if(!OC_USER::isLoggedIn()) {
 OC_JSON::checkAppEnabled('calendar');
 
 $id = $_GET['id'];
-$data = OC_Calendar_App::getEventObject($id);
+$data = OC_Calendar_App::getEventObject($id, true, true);
+
+if(!$data){
+	OC_JSON::error(array('data' => array('message' => self::$l10n->t('Wrong calendar'))));
+	exit;
+}
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_Share::EVENT);
 $object = OC_VObject::parse($data['calendardata']);
 $vevent = $object->VEVENT;
 
@@ -182,8 +188,12 @@ if($data['repeating'] == 1){
 }else{
 	$repeat['repeat'] = 'doesnotrepeat';
 }
-
-$calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser());
+if($access == 'owner'){
+	$calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser());
+}else{
+	$calendar_options = array(OC_Calendar_App::getCalendar($data['calendarid'], false));
+}
+$category_options = OC_Calendar_App::getCategoryOptions();
 $repeat_options = OC_Calendar_App::getRepeatOptions();
 $repeat_end_options = OC_Calendar_App::getEndOptions();
 $repeat_month_options = OC_Calendar_App::getMonthOptions();
@@ -195,8 +205,14 @@ $repeat_bymonth_options = OC_Calendar_App::getByMonthOptions();
 $repeat_byweekno_options = OC_Calendar_App::getByWeekNoOptions();
 $repeat_bymonthday_options = OC_Calendar_App::getByMonthDayOptions();
 
-$tmpl = new OC_Template('calendar', 'part.editevent');
-$tmpl->assign('id', $id);
+if($access == 'owner' || $access == 'rw'){
+	$tmpl = new OC_Template('calendar', 'part.editevent');
+}elseif($access == 'r'){
+	$tmpl = new OC_Template('calendar', 'part.showevent');
+}
+
+$tmpl->assign('eventid', $id);
+$tmpl->assign('access', $access);
 $tmpl->assign('lastmodified', $lastmodified);
 $tmpl->assign('calendar_options', $calendar_options);
 $tmpl->assign('repeat_options', $repeat_options);
diff --git a/apps/calendar/ajax/event/edit.php b/apps/calendar/ajax/event/edit.php
index 53912cb4c93..172488f6241 100644
--- a/apps/calendar/ajax/event/edit.php
+++ b/apps/calendar/ajax/event/edit.php
@@ -10,21 +10,34 @@
 OC_JSON::checkLoggedIn();
 OC_JSON::checkAppEnabled('calendar');
 
+$id = $_POST['id'];
+
+if(!array_key_exists('calendar', $_POST)){
+	$cal = OC_Calendar_Object::getCalendarid($id);
+	$_POST['calendar'] = $cal;
+}else{
+	$cal = $_POST['calendar'];
+}
+
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+	OC_JSON::error(array('message'=>'permission denied'));
+	exit;
+}
+
 $errarr = OC_Calendar_Object::validateRequest($_POST);
 if($errarr){
 	//show validate errors
 	OC_JSON::error($errarr);
 	exit;
 }else{
-	$id = $_POST['id'];
-	$cal = $_POST['calendar'];
-	$data = OC_Calendar_App::getEventObject($id);
+	$data = OC_Calendar_App::getEventObject($id, false, false);
 	$vcalendar = OC_VObject::parse($data['calendardata']);
 
 	OC_Calendar_App::isNotModified($vcalendar->VEVENT, $_POST['lastmodified']);
 	OC_Calendar_Object::updateVCalendarFromRequest($_POST, $vcalendar);
 
-	$result = OC_Calendar_Object::edit($id, $vcalendar->serialize());
+	OC_Calendar_Object::edit($id, $vcalendar->serialize());
 	if ($data['calendarid'] != $cal) {
 		OC_Calendar_Object::moveToCalendar($id, $cal);
 	}
diff --git a/apps/calendar/ajax/event/move.php b/apps/calendar/ajax/event/move.php
index bfebefb8fe0..0552c7bbc5b 100644
--- a/apps/calendar/ajax/event/move.php
+++ b/apps/calendar/ajax/event/move.php
@@ -9,15 +9,18 @@
 OC_JSON::checkLoggedIn();
 
 $id = $_POST['id'];
-
-$vcalendar = OC_Calendar_App::getVCalendar($id);
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+	OC_JSON::error(array('message'=>'permission denied'));
+	exit;
+}
+$vcalendar = OC_Calendar_App::getVCalendar($id, false, false);
 $vevent = $vcalendar->VEVENT;
 
 $allday = $_POST['allDay'];
 $delta = new DateInterval('P0D');
 $delta->d = $_POST['dayDelta'];
 $delta->i = $_POST['minuteDelta'];
-
 OC_Calendar_App::isNotModified($vevent, $_POST['lastmodified']);
 
 $dtstart = $vevent->DTSTART;
diff --git a/apps/calendar/ajax/event/new.form.php b/apps/calendar/ajax/event/new.form.php
index 2e03c02af27..62087e9a817 100644
--- a/apps/calendar/ajax/event/new.form.php
+++ b/apps/calendar/ajax/event/new.form.php
@@ -44,6 +44,7 @@ $repeat_byweekno_options = OC_Calendar_App::getByWeekNoOptions();
 $repeat_bymonthday_options = OC_Calendar_App::getByMonthDayOptions();
 
 $tmpl = new OC_Template('calendar', 'part.newevent');
+$tmpl->assign('access', 'owner');
 $tmpl->assign('calendar_options', $calendar_options);
 $tmpl->assign('repeat_options', $repeat_options);
 $tmpl->assign('repeat_month_options', $repeat_month_options);
diff --git a/apps/calendar/ajax/event/resize.php b/apps/calendar/ajax/event/resize.php
index 9a9d37ff3d4..593835d86c5 100644
--- a/apps/calendar/ajax/event/resize.php
+++ b/apps/calendar/ajax/event/resize.php
@@ -10,7 +10,13 @@ OC_JSON::checkLoggedIn();
 
 $id = $_POST['id'];
 
-$vcalendar = OC_Calendar_App::getVCalendar($id);
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+	OC_JSON::error(array('message'=>'permission denied'));
+	exit;
+}
+
+$vcalendar = OC_Calendar_App::getVCalendar($id, false, false);
 $vevent = $vcalendar->VEVENT;
 
 $delta = new DateInterval('P0D');
@@ -27,6 +33,6 @@ unset($vevent->DURATION);
 $vevent->setDateTime('LAST-MODIFIED', 'now', Sabre_VObject_Element_DateTime::UTC);
 $vevent->setDateTime('DTSTAMP', 'now', Sabre_VObject_Element_DateTime::UTC);
 
-$result = OC_Calendar_Object::edit($id, $vcalendar->serialize());
+OC_Calendar_Object::edit($id, $vcalendar->serialize());
 $lastmodified = $vevent->__get('LAST-MODIFIED')->getDateTime();
 OC_JSON::success(array('lastmodified'=>(int)$lastmodified->format('U')));
author	Georg Ehrke <dev@georgswebsite.de>	2012-04-22 13:19:12 +0200
committer	Georg Ehrke <dev@georgswebsite.de>	2012-04-22 13:19:12 +0200
commit	4c2cf35050032002d01978f53201723330ebfe16 (patch)
tree	cb931972aae1381d0d46aa934fa56f462e4c873a /apps/calendar/ajax/event
parent	711aa229b882d3fc5e2fa8c22e6db2ec05642984 (diff)
parent	1bba4456420d1824ab6d58f3d9bb523fcde5c4c2 (diff)
download	nextcloud-server-4c2cf35050032002d01978f53201723330ebfe16.tar.gz nextcloud-server-4c2cf35050032002d01978f53201723330ebfe16.zip