extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-06 10:12:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed "403 Forbidden" when a participant with a group invitation tried to delete the event from his calendar

Browse Source
This commit is contained in:
Ralf Becker 2011-10-05 07:39:11 +00:00
parent 3f564ac5aa
commit bedafe6c79
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
calendar/inc/class.calendar_groupdav.inc.php
View File

@ -912,15 +912,30 @@ class calendar_groupdav extends groupdav_handler
{ {
if (!$return_no_access) if (!$return_no_access)
{ {
$ret = isset($event['participants'][$this->bo->user]) && // check if user is a participant or one of the groups he is a member of --> reject the meeting request
$this->bo->set_status($event,$this->bo->user,'R') ? true : '403 Forbidden'; $ret = '403 Forbidden';
if ($this->debug) error_log(__METHOD__."(,$id) return_no_access=$return_no_access, event[participants]=".array2string($event['participants']).", user={$this->bo->user} --> return $ret"); $memberships = $GLOBALS['egw']->accounts->memberships($this->bo->user, true);
foreach($event['participants'] as $uid => $status)
{
if ($this->bo->user == $uid || in_array($uid, $memberships))
{
if ($this->bo->set_status($event,$this->bo->user, 'R')) $ret = true;
break;
}
}
}
else
{
$ret = $event;
}
}
else
{
$ret = $this->bo->delete($event['id']);
}
if ($this->debug) error_log(__METHOD__."(,$id) return_no_access=$return_no_access, event[participants]=".array2string(is_array($event)?$event['participants']:null).", user={$this->bo->user} --> return ".array2string($ret));
return $ret; return $ret;
} }
return $event;
}
return $this->bo->delete($event['id']);
}
/** /**
* Read an entry * Read an entry