summaryrefslogtreecommitdiffstats
path: root/apps/calendar/ajax/event/move.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/calendar/ajax/event/move.php')
-rw-r--r--apps/calendar/ajax/event/move.php9
1 files changed, 6 insertions, 3 deletions
diff --git a/apps/calendar/ajax/event/move.php b/apps/calendar/ajax/event/move.php
index 37420e2a876..63995602de2 100644
--- a/apps/calendar/ajax/event/move.php
+++ b/apps/calendar/ajax/event/move.php
@@ -9,15 +9,18 @@ require_once('../../../../lib/base.php');
OC_JSON::checkLoggedIn();
$id = $_POST['id'];
-
-$vcalendar = OC_Calendar_App::getVCalendar($id);
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+ OC_JSON::error(array('message'=>'permission denied'));
+ exit;
+}
+$vcalendar = OC_Calendar_App::getVCalendar($id, false, false);
$vevent = $vcalendar->VEVENT;
$allday = $_POST['allDay'];
$delta = new DateInterval('P0D');
$delta->d = $_POST['dayDelta'];
$delta->i = $_POST['minuteDelta'];
-
OC_Calendar_App::isNotModified($vevent, $_POST['lastmodified']);
$dtstart = $vevent->DTSTART;
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-01 12:22:15 +0000