aboutsummaryrefslogtreecommitdiffstats
path: root/apps/calendar/ajax/event/resize.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/calendar/ajax/event/resize.php')
-rw-r--r--apps/calendar/ajax/event/resize.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/calendar/ajax/event/resize.php b/apps/calendar/ajax/event/resize.php
index aa2d420e77d..1136273b706 100644
--- a/apps/calendar/ajax/event/resize.php
+++ b/apps/calendar/ajax/event/resize.php
@@ -10,6 +10,11 @@ OC_JSON::checkLoggedIn();
$id = $_POST['id'];
+if(!OC_Calendar_Share::is_editing_allowed(OC_User::getUser(), $id, OC_Calendar_Share::EVENT) && OC_Calendar_Object::getowner($id) != OC_User::getUser()){
+ OC_JSON::error(array('message'=>'permissiondenied'));
+ exit;
+}
+
$vcalendar = OC_Calendar_App::getVCalendar($id);
$vevent = $vcalendar->VEVENT;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 21:27:09 +0000