summaryrefslogtreecommitdiffstats
path: root/apps/calendar/ajax/event/edit.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/calendar/ajax/event/edit.php')
-rw-r--r--apps/calendar/ajax/event/edit.php21
1 files changed, 17 insertions, 4 deletions
diff --git a/apps/calendar/ajax/event/edit.php b/apps/calendar/ajax/event/edit.php
index 64daffddef0..f65b67b84ac 100644
--- a/apps/calendar/ajax/event/edit.php
+++ b/apps/calendar/ajax/event/edit.php
@@ -10,21 +10,34 @@ require_once('../../../../lib/base.php');
OC_JSON::checkLoggedIn();
OC_JSON::checkAppEnabled('calendar');
+$id = $_POST['id'];
+
+if(!array_key_exists('calendar', $_POST)){
+ $cal = OC_Calendar_Object::getCalendarid($id);
+ $_POST['calendar'] = $cal;
+}else{
+ $cal = $_POST['calendar'];
+}
+
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+ OC_JSON::error(array('message'=>'permission denied'));
+ exit;
+}
+
$errarr = OC_Calendar_Object::validateRequest($_POST);
if($errarr){
//show validate errors
OC_JSON::error($errarr);
exit;
}else{
- $id = $_POST['id'];
- $cal = $_POST['calendar'];
- $data = OC_Calendar_App::getEventObject($id);
+ $data = OC_Calendar_App::getEventObject($id, false, false);
$vcalendar = OC_VObject::parse($data['calendardata']);
OC_Calendar_App::isNotModified($vcalendar->VEVENT, $_POST['lastmodified']);
OC_Calendar_Object::updateVCalendarFromRequest($_POST, $vcalendar);
- $result = OC_Calendar_Object::edit($id, $vcalendar->serialize());
+ OC_Calendar_Object::edit($id, $vcalendar->serialize());
if ($data['calendarid'] != $cal) {
OC_Calendar_Object::moveToCalendar($id, $cal);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-01 16:50:58 +0000