summaryrefslogtreecommitdiffstats
path: root/apps/calendar/ajax/event/delete.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/calendar/ajax/event/delete.php')
-rw-r--r--apps/calendar/ajax/event/delete.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/apps/calendar/ajax/event/delete.php b/apps/calendar/ajax/event/delete.php
index 5fc12900ef3..fd7b709393a 100644
--- a/apps/calendar/ajax/event/delete.php
+++ b/apps/calendar/ajax/event/delete.php
@@ -11,7 +11,10 @@ OC_JSON::checkLoggedIn();
OC_JSON::checkAppEnabled('calendar');
$id = $_POST['id'];
-$event_object = OC_Calendar_App::getEventObject($id);
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+ OC_JSON::error(array('message'=>'permission denied'));
+ exit;
+}
$result = OC_Calendar_Object::delete($id);
OC_JSON::success();
-?>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-30 20:15:02 +0000