diff --git a/calendar/inc/class.calendar_bo.inc.php b/calendar/inc/class.calendar_bo.inc.php index 415a1456a1..298165ad6f 100644 --- a/calendar/inc/class.calendar_bo.inc.php +++ b/calendar/inc/class.calendar_bo.inc.php @@ -473,16 +473,13 @@ class calendar_bo } if ($is_private || (!$event['public'] && $filter == 'hideprivate')) { - if($params['query'] && !$this->check_perms(EGW_ACL_FREEBUSY,$event)) + if($filter == 'hideprivate') { unset($events[$id]); $this->total--; continue; } - else - { - $this->clear_private_infos($events[$id],$users); - } + $this->clear_private_infos($events[$id],$users); } } diff --git a/calendar/inc/class.calendar_so.inc.php b/calendar/inc/class.calendar_so.inc.php index 8a8f1fa8f7..112db5116f 100644 --- a/calendar/inc/class.calendar_so.inc.php +++ b/calendar/inc/class.calendar_so.inc.php @@ -342,6 +342,13 @@ class calendar_so $to_or[] = $col.' '.$this->db->capabilities[egw_db::CAPABILITY_CASE_INSENSITIV_LIKE].' '.$this->db->quote('%'.$params['query'].'%'); } $where[] = '('.implode(' OR ',$to_or).')'; + + // Searching - restrict private to own or private grant + $private_grants = $GLOBALS['egw']->acl->get_ids_for_location($GLOBALS['egw_info']['user']['account_id'], EGW_ACL_PRIVATE, 'calendar'); + $private_filter = '(cal_public OR cal_owner = ' . $GLOBALS['egw_info']['user']['account_id']; + if($private_grants) $private_filter .= ' OR !cal_public AND cal_owner IN (' . implode(',',$private_grants) . ')'; + $private_filter .= ')'; + $where[] = $private_filter; } if (!empty($params['sql_filter']) && is_string($params['sql_filter'])) {