* Calendar: fixed MyStylite bug #2434: context menu could be used to invite yourself to any event you can read

This commit is contained in:
Ralf Becker 2011-11-09 09:44:28 +00:00
parent 5c12f98c94
commit 684d23326e
2 changed files with 18 additions and 10 deletions

View File

@ -1056,8 +1056,10 @@ class calendar_boupdate extends calendar_bo
return EGW_ACL_EDIT & $resource['rights']; return EGW_ACL_EDIT & $resource['rights'];
} }
if (!is_array($event) && !($event = $this->read($event))) return false;
// regular user and groups // regular user and groups
return $this->check_perms(EGW_ACL_EDIT,0,$uid); return isset($event['participants'][$uid]) && $this->check_perms(EGW_ACL_EDIT,0,$uid);
} }
/** /**

View File

@ -494,6 +494,7 @@ class calendar_uilist extends calendar_ui
{ {
//echo '<p>' . __METHOD__ . "('$action',".print_r($checked,true).','.(int)$use_all.",...)</p>\n"; //echo '<p>' . __METHOD__ . "('$action',".print_r($checked,true).','.(int)$use_all.",...)</p>\n";
$success = $failed = 0; $success = $failed = 0;
$msg = null;
// Split out combined values // Split out combined values
if(strpos($action, 'status') !== false) if(strpos($action, 'status') !== false)
@ -573,7 +574,7 @@ class calendar_uilist extends calendar_ui
} }
else else
{ {
$failure++; $failed++;
} }
break; break;
case 'undelete': case 'undelete':
@ -588,9 +589,10 @@ class calendar_uilist extends calendar_ui
break; break;
} }
} }
$failure++; $failed++;
break; break;
case 'status': case 'status':
$action_msg = lang('Status changed');
if($id && ($event = $this->bo->read($id, $recur_date))) if($id && ($event = $this->bo->read($id, $recur_date)))
{ {
$old_status = $event['participants'][$GLOBALS['egw_info']['user']['account_id']]; $old_status = $event['participants'][$GLOBALS['egw_info']['user']['account_id']];
@ -599,17 +601,21 @@ class calendar_uilist extends calendar_ui
{ {
//echo "<p>$uid: status changed '$data[old_status]' --> '$status<'/p>\n"; //echo "<p>$uid: status changed '$data[old_status]' --> '$status<'/p>\n";
$new_status = calendar_so::combine_status($status, $quantity, $role); $new_status = calendar_so::combine_status($status, $quantity, $role);
if ($this->bo->set_status($id,$GLOBALS['egw_info']['user']['account_id'],$new_status,$recur_date, if ($this->bo->set_status($event,$GLOBALS['egw_info']['user']['account_id'],$new_status,$recur_date,
false,true,$skip_notification)) false,true,$skip_notification))
{ {
$success++; $success++;
$msg = lang('Status changed'); //$msg = lang('Status changed');
}
else
{
$failed++;
} }
} }
} }
else else
{ {
$failure++; $failed++;
} }
break; break;
case 'timesheet-add': case 'timesheet-add':
@ -627,7 +633,7 @@ class calendar_uilist extends calendar_ui
} }
if(!$event) if(!$event)
{ {
$failure++; $failed++;
continue; continue;
} }
$timesheet = array( $timesheet = array(
@ -670,14 +676,14 @@ class calendar_uilist extends calendar_ui
} }
else else
{ {
$failure++; $failed++;
} }
$msg = lang('Timesheet entries created for '); $msg = lang('Timesheet entries created for ');
break; break;
} }
} }
//error_log(__METHOD__."('$action', ".array2string($checked).', '.array2string($use_all).") sucess=$success, failed=$failed, action_msg='$action_msg', msg=".array2string($msg).' returning '.array2string(!$failed));
return ($failure == 0); return !$failed;
} }
/** /**