Contacts: Document usage of OC_Contacts_App::getAddressbook

Remove redundant access checks and add comments to the calls to
OC_Contacts_App::getAddressbook that are access checks

5 files changed, 4 insertions, 13 deletions

diff --git a/apps/contacts/ajax/addcard.php b/apps/contacts/ajax/addcard.php
index f15a1685840..fbf5b57ae7c 100644
--- a/apps/contacts/ajax/addcard.php
+++ b/apps/contacts/ajax/addcard.php
@@ -34,7 +34,7 @@ OC_JSON::checkAppEnabled('contacts');
 $l=new OC_L10N('contacts');
 
 $aid = $_POST['id'];
-$addressbook = OC_Contacts_App::getAddressbook( $aid );
+OC_Contacts_App::getAddressbook( $aid ); // is owner access check
 
 $fn = trim($_POST['fn']);
 $values = $_POST['value'];
diff --git a/apps/contacts/ajax/addcontact.php b/apps/contacts/ajax/addcontact.php
index c39d75eff88..9b4e68ac272 100644
--- a/apps/contacts/ajax/addcontact.php
+++ b/apps/contacts/ajax/addcontact.php
@@ -40,7 +40,7 @@ OC_JSON::checkAppEnabled('contacts');
 $l=new OC_L10N('contacts');
 
 $aid = $_POST['aid'];
-$addressbook = OC_Contacts_App::getAddressbook( $aid );
+OC_Contacts_App::getAddressbook( $aid ); // is owner access check
 
 $fn = trim($_POST['fn']);
 $n = trim($_POST['n']);
diff --git a/apps/contacts/ajax/deletebook.php b/apps/contacts/ajax/deletebook.php
index a89c00575e9..d782c9dfb8d 100644
--- a/apps/contacts/ajax/deletebook.php
+++ b/apps/contacts/ajax/deletebook.php
@@ -30,7 +30,7 @@ OC_JSON::checkAppEnabled('contacts');
 
 //$id = $_GET['id'];
 $id = $_POST['id'];
-$addressbook = OC_Contacts_App::getAddressbook( $id );
+OC_Contacts_App::getAddressbook( $id ); // is owner access check
 
 OC_Contacts_Addressbook::delete($id);
 OC_JSON::success(array('data' => array( 'id' => $id )));
diff --git a/apps/contacts/ajax/updateaddressbook.php b/apps/contacts/ajax/updateaddressbook.php
index 7d9e2aea917..d6c1ad179bb 100644
--- a/apps/contacts/ajax/updateaddressbook.php
+++ b/apps/contacts/ajax/updateaddressbook.php
@@ -15,6 +15,7 @@ OC_JSON::checkLoggedIn();
 OC_JSON::checkAppEnabled('contacts');
 
 $bookid = $_POST['id'];
+OC_Contacts_App::getAddressbook($bookid); // is owner access check
 
 if(!OC_Contacts_Addressbook::edit($bookid, $_POST['name'], null)) {
 	OC_JSON::error(array('data' => array('message' => $l->t('Error updating addressbook.'))));
diff --git a/apps/contacts/export.php b/apps/contacts/export.php
index fc2aa86500f..750d77bcac8 100644
--- a/apps/contacts/export.php
+++ b/apps/contacts/export.php
@@ -14,10 +14,6 @@ $contact = isset($_GET['contactid']) ? $_GET['contactid'] : NULL;
 $nl = "\n";
 if(isset($book)){
 	$addressbook = OC_Contacts_App::getAddressbook($book);
-	if($addressbook['userid'] != OC_User::getUser()){
-		OC_JSON::error();
-		exit;
-	}
 	$cardobjects = OC_Contacts_VCard::all($book);
 	header('Content-Type: text/directory');
 	header('Content-Disposition: inline; filename=' . str_replace(' ', '_', $addressbook['displayname']) . '.vcf'); 
@@ -27,12 +23,6 @@ if(isset($book)){
 	}
 }elseif(isset($contact)){	
 	$data = OC_Contacts_App::getContactObject($contact);
-	$addressbookid = $data['addressbookid'];
-	$addressbook = OC_Contacts_App::getAddressbook($addressbookid);
-	if($addressbook['userid'] != OC_User::getUser()){
-		OC_JSON::error();
-		exit;
-	}
 	header('Content-Type: text/directory');
 	header('Content-Disposition: inline; filename=' . str_replace(' ', '_', $data['fullname']) . '.vcf'); 
 	echo $data['carddata'];