holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

do NOT allow users to purge deleted events, if we dont have 'user_purge' enabled

Browse Source
This commit is contained in:
Ralf Becker 2011-04-27 16:28:38 +00:00
parent 633b3da6b4
commit 0a04c20764
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
calendar/inc/class.calendar_bo.inc.php
View File

@ -1142,6 +1142,13 @@ class calendar_bo
$access = $this->user == $owner || $grants & $needed
&& ($needed == EGW_ACL_FREEBUSY || !$private || $grants & EGW_ACL_PRIVATE);
}
// do NOT allow users to purge deleted events, if we dont have 'user_purge' enabled
if ($access && $needed == EGW_ACL_DELETE && $event['deleted'] &&
!$GLOBALS['egw_info']['user']['apps']['admin'] &&
$GLOBALS['egw_info']['server']['calendar_delete_history'] != 'user_purge')
{
$access = false;
}
if ($this->debug && ($this->debug > 2 || $this->debug == 'check_perms'))
{
$this->debug_message('calendar_bo::check_perms(%1,%2,%3)=%4',True,ACL_TYPE_IDENTIFER.$needed,$event,$other,$access);