extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-26 00:29:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix calendar invitations of resources

Browse Source 
Used to prevent anyone from inviting when general access was disabled
now it only prevents users who don't have direct booking permission.

see #38
This commit is contained in:
Marcel Klehr 2018-06-27 15:44:47 +02:00
parent 65aca7c311
commit 75572b64c8
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
calendar/inc/class.calendar_boupdate.inc.php
View File

@ -80,6 +80,12 @@ class calendar_boupdate extends calendar_bo
*/ */
protected static $tz_cache = array(); protected static $tz_cache = array();
/**
* The resources storage object
* @var resources_so $resources_so
*/
protected $resources_so;
/** /**
* Constructor * Constructor
*/ */
@ -89,6 +95,8 @@ class calendar_boupdate extends calendar_bo
parent::__construct(); // calling the parent constructor parent::__construct(); // calling the parent constructor
$this->resources_so = new resources_so();
if ($this->debug > 0) $this->debug_message('calendar_boupdate::__construct() finished',True); if ($this->debug > 0) $this->debug_message('calendar_boupdate::__construct() finished',True);
} }
@ -511,7 +519,8 @@ class calendar_boupdate extends calendar_bo
{ {
$resources_config = Api\Config::read('resources'); $resources_config = Api\Config::read('resources');
if ($resources_config['bookingrequests'] === 'disabled') { if ($resources_config['bookingrequests'] === 'disabled') {
$ret = $this->check_perms(resources_acl_bo::DIRECT_BOOKING, 0, $uid); $cat_id = $this->resources_so->get_value('cat_id', intval(substr($uid, 1)));
return resources_acl_bo::is_permitted($cat_id, resources_acl_bo::DIRECT_BOOKING);
} }
else else
{ {