mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-06 10:12:46 +02:00
fixed "403 Forbidden" when a participant with a group invitation tried to delete the event from his calendar
This commit is contained in:
parent
3f564ac5aa
commit
bedafe6c79
@ -912,15 +912,30 @@ class calendar_groupdav extends groupdav_handler
|
|||||||
{
|
{
|
||||||
if (!$return_no_access)
|
if (!$return_no_access)
|
||||||
{
|
{
|
||||||
$ret = isset($event['participants'][$this->bo->user]) &&
|
// check if user is a participant or one of the groups he is a member of --> reject the meeting request
|
||||||
$this->bo->set_status($event,$this->bo->user,'R') ? true : '403 Forbidden';
|
$ret = '403 Forbidden';
|
||||||
if ($this->debug) error_log(__METHOD__."(,$id) return_no_access=$return_no_access, event[participants]=".array2string($event['participants']).", user={$this->bo->user} --> return $ret");
|
$memberships = $GLOBALS['egw']->accounts->memberships($this->bo->user, true);
|
||||||
|
foreach($event['participants'] as $uid => $status)
|
||||||
|
{
|
||||||
|
if ($this->bo->user == $uid || in_array($uid, $memberships))
|
||||||
|
{
|
||||||
|
if ($this->bo->set_status($event,$this->bo->user, 'R')) $ret = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$ret = $event;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$ret = $this->bo->delete($event['id']);
|
||||||
|
}
|
||||||
|
if ($this->debug) error_log(__METHOD__."(,$id) return_no_access=$return_no_access, event[participants]=".array2string(is_array($event)?$event['participants']:null).", user={$this->bo->user} --> return ".array2string($ret));
|
||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
return $event;
|
|
||||||
}
|
|
||||||
return $this->bo->delete($event['id']);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Read an entry
|
* Read an entry
|
||||||
|
Loading…
Reference in New Issue
Block a user