summaryrefslogtreecommitdiffstats
path: root/apps/contacts/lib/addressbook.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/contacts/lib/addressbook.php')
-rw-r--r--apps/contacts/lib/addressbook.php14
1 files changed, 13 insertions, 1 deletions
diff --git a/apps/contacts/lib/addressbook.php b/apps/contacts/lib/addressbook.php
index a81b1f77985..92c5f4da3a7 100644
--- a/apps/contacts/lib/addressbook.php
+++ b/apps/contacts/lib/addressbook.php
@@ -208,7 +208,12 @@ class OC_Contacts_Addressbook {
public static function edit($id,$name,$description) {
// Need these ones for checking uri
$addressbook = self::find($id);
-
+ if ($addressbook['userid'] != OCP\User::getUser()) {
+ $sharedAddressbook = OCP\Share::getItemSharedWithBySource('addressbook', $id);
+ if (!$sharedAddressbook || !($sharedAddressbook['permissions'] & OCP\Share::PERMISSION_UPDATE)) {
+ return false;
+ }
+ }
if(is_null($name)) {
$name = $addressbook['name'];
}
@@ -270,6 +275,13 @@ class OC_Contacts_Addressbook {
* @return boolean
*/
public static function delete($id) {
+ $addressbook = self::find($id);
+ if ($addressbook['userid'] != OCP\User::getUser()) {
+ $sharedAddressbook = OCP\Share::getItemSharedWithBySource('addressbook', $id);
+ if (!$sharedAddressbook || !($sharedAddressbook['permissions'] & OCP\Share::PERMISSION_DELETE)) {
+ return false;
+ }
+ }
self::setActive($id, false);
try {
$stmt = OCP\DB::prepare( 'DELETE FROM *PREFIX*contacts_addressbooks WHERE id = ?' );
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-19 21:25:18 +0000