summaryrefslogtreecommitdiffstats
path: root/apps/calendar/ajax/event/resize.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/calendar/ajax/event/resize.php')
-rw-r--r--apps/calendar/ajax/event/resize.php10
1 files changed, 8 insertions, 2 deletions
diff --git a/apps/calendar/ajax/event/resize.php b/apps/calendar/ajax/event/resize.php
index 9a9d37ff3d4..593835d86c5 100644
--- a/apps/calendar/ajax/event/resize.php
+++ b/apps/calendar/ajax/event/resize.php
@@ -10,7 +10,13 @@ OC_JSON::checkLoggedIn();
$id = $_POST['id'];
-$vcalendar = OC_Calendar_App::getVCalendar($id);
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+ OC_JSON::error(array('message'=>'permission denied'));
+ exit;
+}
+
+$vcalendar = OC_Calendar_App::getVCalendar($id, false, false);
$vevent = $vcalendar->VEVENT;
$delta = new DateInterval('P0D');
@@ -27,6 +33,6 @@ unset($vevent->DURATION);
$vevent->setDateTime('LAST-MODIFIED', 'now', Sabre_VObject_Element_DateTime::UTC);
$vevent->setDateTime('DTSTAMP', 'now', Sabre_VObject_Element_DateTime::UTC);
-$result = OC_Calendar_Object::edit($id, $vcalendar->serialize());
+OC_Calendar_Object::edit($id, $vcalendar->serialize());
$lastmodified = $vevent->__get('LAST-MODIFIED')->getDateTime();
OC_JSON::success(array('lastmodified'=>(int)$lastmodified->format('U')));
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-15 08:04:57 +0000