4 files changed, 24 insertions, 5 deletions

diff --git a/apps/calendar/ajax/share/activation.php b/apps/calendar/ajax/share/activation.php
new file mode 100644
index 00000000000..a4a3ce48192
--- /dev/null
+++ b/apps/calendar/ajax/share/activation.php
@@ -0,0 +1,12 @@
+<?php
+/**
+ * Copyright (c) 2012 Georg Ehrke <ownclouddev@georgswebsite.de>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+require_once('../../../../lib/base.php');
+$id = strip_tags($_GET['id']);
+$activation = strip_tags($_GET['activation']);
+OC_Calendar_Share::set_active(OC_User::getUser(), $id, $activation);
+OC_JSON::success();
\ No newline at end of file
diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php
index d91f87b613f..41d49e7b521 100644
--- a/apps/calendar/ajax/share/changepermission.php
+++ b/apps/calendar/ajax/share/changepermission.php
@@ -36,5 +36,5 @@ if($sharetype == 'group' && !OC_Group::groupExists($sharewith)){
 	OC_JSON::error(array('message'=>'group not found'));
 	exit;
 }
-$success = OC_Calendar_Share::changepermission($sharewith, $sharetype, $id, $permission, (($idtype=='calendar') ? OC_Calendar_Share::CALENDAR : OC_Calendar_Share::Event));
+$success = OC_Calendar_Share::changepermission($sharewith, $sharetype, $id, $permission, (($idtype=='calendar') ? OC_Calendar_Share::CALENDAR : OC_Calendar_Share::EVENT));
 OC_JSON::success();
\ No newline at end of file
diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php
index d892727701a..2e81040b477 100644
--- a/apps/calendar/ajax/share/share.php
+++ b/apps/calendar/ajax/share/share.php
@@ -16,6 +16,14 @@ switch($idtype){
 		OC_JSON::error(array('message'=>'unexspected parameter'));
 		exit;
 }
+if($idtype == 'calendar' && !OC_Calendar_App::getCalendar($id)){
+	OC_JSON::error(array('message'=>'permission denied'));
+	exit;
+}
+if($idtype == 'event' && !OC_Calendar_App::getEventObject($id)){
+	OC_JSON::error(array('message'=>'permission denied'));
+	exit;
+}
 $sharewith = $_GET['sharewith'];
 $sharetype = strip_tags($_GET['sharetype']);
 switch($sharetype){
@@ -38,7 +46,7 @@ if($sharetype == 'group' && !OC_Group::groupExists($sharewith)){
 if($sharetype == 'user' && OC_User::getUser() == $sharewith){
 	OC_JSON::error(array('meesage'=>'you can not share with yourself'));
 }
-$success = OC_Calendar_Share::share(OC_User::getUser(), $sharewith, $sharetype, $id, (($idtype=='calendar') ? OC_Calendar_Share::CALENDAR : OC_Calendar_Share::Event));
+$success = OC_Calendar_Share::share(OC_User::getUser(), $sharewith, $sharetype, $id, (($idtype=='calendar') ? OC_Calendar_Share::CALENDAR : OC_Calendar_Share::EVENT));
 if($success){
 	if($sharetype == 'public'){
 		OC_JSON::success(array('message'=>$success));
diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php
index ec3150a89aa..5bedbaaf0a6 100644
--- a/apps/calendar/ajax/share/unshare.php
+++ b/apps/calendar/ajax/share/unshare.php
@@ -30,12 +30,11 @@ switch($sharetype){
 if($sharetype == 'user' && !OC_User::userExists($sharewith)){
 	OC_JSON::error(array('message'=>'user not found'));
 	exit;
-}
-if($sharetype == 'group' && !OC_Group::groupExists($sharewith)){
+}elseif($sharetype == 'group' && !OC_Group::groupExists($sharewith)){
 	OC_JSON::error(array('message'=>'group not found'));
 	exit;
 }
-$success = OC_Calendar_Share::unshare(OC_User::getUser(), $sharewith, $sharetype, $id, (($idtype=='calendar') ? OC_Calendar_Share::CALENDAR : OC_Calendar_Share::Event));
+$success = OC_Calendar_Share::unshare(OC_User::getUser(), $sharewith, $sharetype, $id, (($idtype=='calendar') ? OC_Calendar_Share::CALENDAR : OC_Calendar_Share::EVENT));
 if($success){
 	OC_JSON::success();
 }else{