* CalDAV: remove "bind" privilege (create new events right) on other users or groups calendar, if invite requires special ACL grant, which current user does NOT have

2013-01-24 12:54:08 +00:00 · 2013-01-24 12:54:08 +00:00 · 0fdd106cc2
commit 0fdd106cc2
parent 83aebbb176
2 changed files with 10 additions and 2 deletions
--- a/calendar/inc/class.calendar_bo.inc.php
+++ b/calendar/inc/class.calendar_bo.inc.php
@ -181,9 +181,9 @@ class calendar_bo
 	/**
 	 * Does a user require an extra invite grant, to be able to invite an other user, default no
 	 *
-	 * @var boolean
+	 * @var string 'all', 'groups' or null
 	 */
-	public $require_acl_invite = false;
+	public $require_acl_invite = null;

 	/**
 	 * if the number of selected users for a view exeeds this number a view is consolidated (5 is set as default)
--- a/calendar/inc/class.calendar_groupdav.inc.php
+++ b/calendar/inc/class.calendar_groupdav.inc.php
@ -1126,6 +1126,14 @@ class calendar_groupdav extends groupdav_handler
 		{
 			$privileges['schedule-deliver'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'schedule-deliver', '');
 		}
+		// remove bind privilege on other users or groups calendars, if calendar config require_acl_invite is set
+		// and current user has no invite grant
+		if ($user && $user != $GLOBALS['egw_info']['user']['account_id'] && isset($privileges['bind']) &&
+			($this->bo->require_acl_invite == 'all' || $this->bo->require_acl_invite == 'groups' && $user < 0) &&
+			!$this->bo->check_perms(EGW_ACL_INVITE, 0, $user))
+		{
+			unset($privileges['bind']);
+		}
 		//error_log(__METHOD__."('$path', $user) returning ".array2string($privileges));
 		return $privileges;
 	}