From fa7a8c5bf1ec53a0802a9cc63993975dda5bc479 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Wed, 9 Nov 2011 09:45:14 +0000 Subject: [PATCH] * Calendar: fixed MyStylite bug #2434: context menu could be used to invite yourself to any event you can read --- calendar/inc/class.calendar_boupdate.inc.php | 4 +++- calendar/inc/class.calendar_uilist.inc.php | 24 ++++++++++++-------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/calendar/inc/class.calendar_boupdate.inc.php b/calendar/inc/class.calendar_boupdate.inc.php index 41ba152f0e..cef7a84c09 100644 --- a/calendar/inc/class.calendar_boupdate.inc.php +++ b/calendar/inc/class.calendar_boupdate.inc.php @@ -1056,8 +1056,10 @@ class calendar_boupdate extends calendar_bo return EGW_ACL_EDIT & $resource['rights']; } + if (!is_array($event) && !($event = $this->read($event))) return false; + // regular user and groups - return $this->check_perms(EGW_ACL_EDIT,0,$uid); + return isset($event['participants'][$uid]) && $this->check_perms(EGW_ACL_EDIT,0,$uid); } /** diff --git a/calendar/inc/class.calendar_uilist.inc.php b/calendar/inc/class.calendar_uilist.inc.php index ba23763b84..00145ef4af 100644 --- a/calendar/inc/class.calendar_uilist.inc.php +++ b/calendar/inc/class.calendar_uilist.inc.php @@ -494,6 +494,7 @@ class calendar_uilist extends calendar_ui { //echo '

' . __METHOD__ . "('$action',".print_r($checked,true).','.(int)$use_all.",...)

\n"; $success = $failed = 0; + $msg = null; // Split out combined values if(strpos($action, 'status') !== false) @@ -573,7 +574,7 @@ class calendar_uilist extends calendar_ui } else { - $failure++; + $failed++; } break; case 'undelete': @@ -588,9 +589,10 @@ class calendar_uilist extends calendar_ui break; } } - $failure++; + $failed++; break; case 'status': + $action_msg = lang('Status changed'); if($id && ($event = $this->bo->read($id, $recur_date))) { $old_status = $event['participants'][$GLOBALS['egw_info']['user']['account_id']]; @@ -599,17 +601,21 @@ class calendar_uilist extends calendar_ui { //echo "

$uid: status changed '$data[old_status]' --> '$status<'/p>\n"; $new_status = calendar_so::combine_status($status, $quantity, $role); - if ($this->bo->set_status($id,$GLOBALS['egw_info']['user']['account_id'],$new_status,$recur_date, + if ($this->bo->set_status($event,$GLOBALS['egw_info']['user']['account_id'],$new_status,$recur_date, false,true,$skip_notification)) { $success++; - $msg = lang('Status changed'); + //$msg = lang('Status changed'); + } + else + { + $failed++; } } } else { - $failure++; + $failed++; } break; case 'timesheet-add': @@ -627,7 +633,7 @@ class calendar_uilist extends calendar_ui } if(!$event) { - $failure++; + $failed++; continue; } $timesheet = array( @@ -670,14 +676,14 @@ class calendar_uilist extends calendar_ui } else { - $failure++; + $failed++; } $msg = lang('Timesheet entries created for '); break; } } - - return ($failure == 0); + //error_log(__METHOD__."('$action', ".array2string($checked).', '.array2string($use_all).") sucess=$success, failed=$failed, action_msg='$action_msg', msg=".array2string($msg).' returning '.array2string(!$failed)); + return !$failed; } /**