diff --git a/calendar/inc/class.calendar_ui.inc.php b/calendar/inc/class.calendar_ui.inc.php
index 7e6d2de9b0..e27b681c26 100644
--- a/calendar/inc/class.calendar_ui.inc.php
+++ b/calendar/inc/class.calendar_ui.inc.php
@@ -47,11 +47,11 @@ class calendar_ui
*/
var $datetime;
/**
- * Reference to global categories class
+ * Instance of categories class
*
* @var categories
*/
- var $cats;
+ var $categories;
/**
* Reference to global uiaccountsel class
*
@@ -145,14 +145,8 @@ class calendar_ui
$this->datetime = $GLOBALS['egw']->datetime;
$this->accountsel = $GLOBALS['egw']->uiaccountsel;
- if ($GLOBALS['egw']->categories->app_name != 'calendar')
- {
- $this->cats = new categories('','calendar'); // we need an own instance to get the calendar cats
- }
- else
- {
- $this->cats = $GLOBALS['egw']->categories;
- }
+ $this->categories = new categories($this->user,'calendar');
+
$this->common_prefs = &$GLOBALS['egw_info']['user']['preferences']['common'];
$this->cal_prefs = &$GLOBALS['egw_info']['user']['preferences']['calendar'];
$this->bo->check_set_default_prefs();
@@ -170,6 +164,35 @@ class calendar_ui
// calendar does not work with hidden sidebox atm.
unset($GLOBALS['egw_info']['user']['preferences']['common']['auto_hide_sidebox']);
}
+
+ /**
+ * Checks category permissions
+ * Takes a commaseparated list of category ids
+ * and truncates it by the ones the user does not have the requested permission on
+ *
+ * @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}
+ * @param string $categories commaseparated list of category ids
+ * @return string truncated commaseparated list of category ids
+ */
+ function check_category_perms($needed, $categories)
+ {
+ if (empty($categories)) return $categories;
+
+ $cat_arr = explode(',',$categories);
+ if (!empty($cat_arr) && is_array($cat_arr) && count($cat_arr) > 0)
+ {
+ foreach($cat_arr as $id=>$cat_id)
+ {
+ if (!$this->categories->check_perms($needed, $cat_id))
+ {
+ unset($cat_arr[$id]);
+ }
+ }
+ $categories = implode(',',$cat_arr);
+ }
+
+ return $categories;
+ }
/**
* Checks and terminates (or returns for home) with a message if $this->owner include a user/resource we have no read-access to
@@ -699,7 +722,7 @@ class calendar_ui
// Category Selection
$file[++$n] = $this->_select_box('Category','cat_id',
''.
- $this->cats->formatted_list('select','all',$this->cat_id,'True'),$baseurl ? $baseurl.'&cat_id=' : '');
+ $this->categories->formatted_list('select','all',$this->cat_id,'True'),$baseurl ? $baseurl.'&cat_id=' : '');
// Filter all or hideprivate
$options = '';
diff --git a/calendar/inc/class.calendar_uiforms.inc.php b/calendar/inc/class.calendar_uiforms.inc.php
index 9edb7a0043..a878725792 100644
--- a/calendar/inc/class.calendar_uiforms.inc.php
+++ b/calendar/inc/class.calendar_uiforms.inc.php
@@ -1046,6 +1046,9 @@ class calendar_uiforms extends calendar_ui
$onclick = str_replace('Delete this event','Delete this series of recuring events',$onclick);
}
$content['participants']['no_add'] = true;
+
+ // respect category ACLs
+ $content['category'] = $this->check_category_perms(EGW_ACL_READ, $event['category']);
}
else
{
diff --git a/calendar/inc/class.calendar_uilist.inc.php b/calendar/inc/class.calendar_uilist.inc.php
index 0fa590bfd8..6d24b95f44 100644
--- a/calendar/inc/class.calendar_uilist.inc.php
+++ b/calendar/inc/class.calendar_uilist.inc.php
@@ -312,6 +312,7 @@ class calendar_uilist extends calendar_ui
}
if (empty($event['description'])) $event['description'] = ' '; // no description screws the titles horz. alignment
if (empty($event['location'])) $event['location'] = ' '; // no location screws the owner horz. alignment
+ $event['category'] = $this->check_category_perms(EGW_ACL_READ, $event['category']);
$rows[] = $event;
}
diff --git a/calendar/inc/class.calendar_uiviews.inc.php b/calendar/inc/class.calendar_uiviews.inc.php
index 4a496892ae..6ab79ef6a1 100644
--- a/calendar/inc/class.calendar_uiviews.inc.php
+++ b/calendar/inc/class.calendar_uiviews.inc.php
@@ -1160,8 +1160,7 @@ class calendar_uiviews extends calendar_ui
$is_private = !$this->bo->check_perms(EGW_ACL_READ,$event);
$icons = !$is_private ? $this->event_icons($event) : array(html::image('calendar','private',lang('private')));
- $cats = $this->bo->categories($event['category'],$color);
-
+ $cats = $this->bo->categories($this->check_category_perms(EGW_ACL_READ, $event['category']),$color);
// these values control varius aspects of the geometry of the eventWidget
$small_trigger_width = 120 + 20*count($icons);
$corner_radius=$width > $small_trigger_width ? 10 : 5;
@@ -1175,7 +1174,7 @@ class calendar_uiviews extends calendar_ui
$bodybgcolor1 = $this->brighter($headerbgcolor,$headerbgcolor == '#808080' ? 100 : 170);
$bodybgcolor2 = $this->brighter($headerbgcolor,220);
- // mark event as invitation, by NOT using category based backgrond color, but plain white
+ // mark event as invitation, by NOT using category based background color, but plain white
if ($event['participants'][$this->user][0] == 'U')
{
$bodybgcolor1 = $bodybgcolor2 = 'white';
@@ -1586,7 +1585,7 @@ class calendar_uiviews extends calendar_ui
if (!is_array($cat2sort))
{
$cat2sort = array();
- foreach((array)$this->cats->return_array('all',0,false,'','','',true) as $data)
+ foreach((array)$this->categories->return_array('all',0,false,'','','',true) as $data)
{
if ($data['parent'] == $this->cat_id || $data['id'] == $this->cat_id) // cat is a direct sub of $this->cat_id
{
@@ -1612,7 +1611,7 @@ class calendar_uiviews extends calendar_ui
$sort2label[0] = lang('none');
$ret[] = 0;
}
- //echo "uiviews::_get_planner_cats($cats=".$this->cats->id2name($cats).") (this->cat_id=$this->cat_id) = ".print_r($ret,true).'='.$this->cats->id2name($ret[0])."
\n";
+ //echo "uiviews::_get_planner_cats($cats=".$this->categories->id2name($cats).") (this->cat_id=$this->cat_id) = ".print_r($ret,true).'='.$this->categories->id2name($ret[0])."
\n";
return $ret;
}
@@ -2033,6 +2032,4 @@ class calendar_uiviews extends calendar_ui
return $dayEvents;
}
-
-
}