From e4cca3a41bd53fd1e5dcca3c9e132645823079f6 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Wed, 14 Oct 2015 16:40:03 +0000
Subject: [PATCH] * Calendar/CalDAV/iMip: only include replying participant in
 iMip REPLY messages

---
 calendar/inc/class.calendar_boupdate.inc.php | 15 ++++++--
 calendar/inc/class.calendar_ical.inc.php     |  8 +++-
 calendar/inc/class.calendar_uiforms.inc.php  | 39 ++++++++++----------
 3 files changed, 38 insertions(+), 24 deletions(-)

diff --git a/calendar/inc/class.calendar_boupdate.inc.php b/calendar/inc/class.calendar_boupdate.inc.php
index d543b641ab..f19db63935 100644
--- a/calendar/inc/class.calendar_boupdate.inc.php
+++ b/calendar/inc/class.calendar_boupdate.inc.php
@@ -911,7 +911,8 @@ class calendar_boupdate extends calendar_bo
 							$calendar_ical->setSupportedFields('full');	// full iCal fields+event TZ
 							// we need to pass $event[id] so iCal class reads event again,
 							// as event is in user TZ, but iCal class expects server TZ!
-							$ics = $calendar_ical->exportVCal(array(isset($cleared_event) ? $cleared_event : $event['id']),'2.0',$method);
+							$ics = $calendar_ical->exportVCal(array(isset($cleared_event) ? $cleared_event : $event['id']),
+								'2.0', $method, 0, '', 'utf-8', $method == 'REPLY' ? $user : 0);
 							unset($calendar_ical);
 						}
 						$attachment = array(
@@ -1067,10 +1068,12 @@ class calendar_boupdate extends calendar_bo
 	 * @param array $event
 	 * @param boolean $ignore_acl =false should we ignore the acl
 	 * @param boolean $updateTS =true update the content history of the event
+	 * DEPRECATED: we allways (have to) update timestamp, as they are required for sync!
 	 * @return int|boolean $cal_id > 0 or false on error (eg. permission denied)
 	 */
 	function save($event,$ignore_acl=false,$updateTS=true)
 	{
+		unset($updateTS);
 		//error_log(__METHOD__.'('.array2string($event).", $ignore_acl, $updateTS)");
 
 		// check if user has the permission to update / create the event
@@ -1417,13 +1420,17 @@ class calendar_boupdate extends calendar_bo
 	 * @param int|array $event event-array or id of the event
 	 * @param string|int $uid account_id or 1-char type-identifer plus id (eg. c15 for addressbook entry #15)
 	 * @param int|char $status numeric status (defines) or 1-char code: 'R', 'U', 'T' or 'A'
-	 * @param int $recur_date=0 date to change, or 0 = all since now
-	 * @param boolean $ignore_acl=false do not check the permisions for the $uid, if true
-	 * @param boolean $updateTS=true update the content history of the event
+	 * @param int $recur_date =0 date to change, or 0 = all since now
+	 * @param boolean $ignore_acl =false do not check the permisions for the $uid, if true
+	 * @param boolean $updateTS =true update the content history of the event
+	 * DEPRECATED: we allways (have to) update timestamp, as they are required for sync!
+	 * @param boolean $skip_notification =false true: do not send notification messages
 	 * @return int number of changed recurrences
 	 */
 	function set_status($event,$uid,$status,$recur_date=0,$ignore_acl=false,$updateTS=true,$skip_notification=false)
 	{
+		unset($updateTS);
+
 		$cal_id = is_array($event) ? $event['id'] : $event;
 		//echo "<p>calendar_boupdate::set_status($cal_id,$uid,$status,$recur_date)</p>\n";
 		if (!$cal_id || (!$ignore_acl && !$this->check_status_perms($uid,$event)))
diff --git a/calendar/inc/class.calendar_ical.inc.php b/calendar/inc/class.calendar_ical.inc.php
index f61c085d39..4d4e0153fc 100644
--- a/calendar/inc/class.calendar_ical.inc.php
+++ b/calendar/inc/class.calendar_ical.inc.php
@@ -191,9 +191,10 @@ class calendar_ical extends calendar_boupdate
 	 *                          default 0 => export whole series (or events, if not recurring)
 	 * @param string $principalURL ='' Used for CalDAV exports
 	 * @param string $charset ='UTF-8' encoding of the vcalendar, default UTF-8
+	 * @param int|string $current_user =0 uid of current user to only export that one as participant for method=REPLY
 	 * @return string|boolean string with iCal or false on error (e.g. no permission to read the event)
 	 */
-	function &exportVCal($events, $version='1.0', $method='PUBLISH', $recur_date=0, $principalURL='', $charset='UTF-8')
+	function &exportVCal($events, $version='1.0', $method='PUBLISH', $recur_date=0, $principalURL='', $charset='UTF-8', $current_user=0)
 	{
 		if ($this->log)
 		{
@@ -461,6 +462,11 @@ class calendar_ical extends calendar_boupdate
 								$organizerCN = $participantCN;
 								$organizerUID = ($info['type'] != 'e' ? (string)$uid : '');
 							}
+							// iCal method=REPLY only exports replying / current user, except external organiser / chair above
+							if ($method == 'REPLY' && $current_user && (string)$current_user !== (string)$uid)
+							{
+								continue;
+							}
 							// PARTSTAT={NEEDS-ACTION|ACCEPTED|DECLINED|TENTATIVE|DELEGATED|COMPLETED|IN-PROGRESS} everything from delegated is NOT used by eGW atm.
 							$status = $this->status_egw2ical[$status];
 							// CUTYPE={INDIVIDUAL|GROUP|RESOURCE|ROOM|UNKNOWN}
diff --git a/calendar/inc/class.calendar_uiforms.inc.php b/calendar/inc/class.calendar_uiforms.inc.php
index b66b9dace5..a92a94bdd5 100644
--- a/calendar/inc/class.calendar_uiforms.inc.php
+++ b/calendar/inc/class.calendar_uiforms.inc.php
@@ -1736,7 +1736,6 @@ class calendar_uiforms extends calendar_ui
 				$ical_string = $session_data['attachment'];
 				$ical_charset = $session_data['charset'];
 				$ical_method = $session_data['method'];
-				$ical_sender = $session_data['sender'];
 				unset($session_data);
 			}
 			$ical = new calendar_ical();
@@ -1757,13 +1756,15 @@ class calendar_uiforms extends calendar_ui
 				switch(strtolower($ical_method))
 				{
 					case 'reply':
-						if ($ical_sender && ($event['ical_sender_uid'] = groupdav_principals::url2uid('mailto:'.$ical_sender)) &&
-							isset($existing_event['participants'][$event['ical_sender_uid']]) &&
-							$this->bo->check_status_perms($event['ical_sender_uid'], $existing_event))
+						// first participant is the one replying (our iCal parser adds owner first!)
+						$parts = $event['participants'];
+						unset($parts[$existing_event['owner']]);
+						list($event['ical_sender_uid'], $event['ical_sender_status']) = each($parts);
+						$quantity = $role = null;
+						calendar_so::split_status($event['ical_sender_status'], $quantity, $role);
+
+						if ($event['ical_sender_uid'] && $this->bo->check_status_perms($event['ical_sender_uid'], $existing_event))
 						{
-							$event['ical_sender_status'] = $event['participants'][$event['ical_sender_uid']];
-							$quantity = $role = null;
-							calendar_so::split_status($event['ical_sender_status'], $quantity, $role);
 							$existing_status = $existing_event['participants'][$event['ical_sender_uid']];
 							calendar_so::split_status($existing_status, $quantity, $role);
 							if ($existing_status != $event['ical_sender_status'])
@@ -1789,6 +1790,17 @@ class calendar_uiforms extends calendar_ui
 						{
 							$msg = lang('Using already existing event on server.');
 						}
+						$user_and_memberships = $GLOBALS['egw']->accounts->memberships($user, true);
+						$user_and_memberships[] = $user;
+						if (!array_intersect(array_keys($event['participants']), $user_and_memberships))
+						{
+							$msg .= ($msg ? "\n" : '').lang('You are not invited to that event!');
+							if ($event['id'])
+							{
+								$readonlys['button[accept]'] = $readonlys['button[tentativ]'] =
+									$readonlys['button[reject]'] = $readonlys['button[cancel]'] = true;
+							}
+						}
 						break;
 				}
 				$event['id'] = $existing_event['id'];
@@ -1809,17 +1821,6 @@ class calendar_uiforms extends calendar_ui
 			$event['recure'] = $this->bo->recure2string($event);
 			$event['all_participants'] = implode(",\n",$this->bo->participants($event, true));
 
-			$user_and_memberships = $GLOBALS['egw']->accounts->memberships($user, true);
-			$user_and_memberships[] = $user;
-			if (!array_intersect(array_keys($event['participants']), $user_and_memberships))
-			{
-				$msg .= ($msg ? "\n" : '').lang('You are not invited to that event!');
-				if ($event['id'])
-				{
-					$readonlys['button[accept]'] = $readonlys['button[tentativ]'] =
-						$readonlys['button[reject]'] = $readonlys['button[cancel]'] = true;
-				}
-			}
 			// ignore events in the past (for recurring events check enddate!)
 			if ($this->bo->date2ts($event['start']) < $this->bo->now_su &&
 				(!$event['recur_type'] || $event['recur_enddate'] && $event['recur_enddate'] < $this->bo->now_su))
@@ -1897,7 +1898,7 @@ class calendar_uiforms extends calendar_ui
 			// add notification-errors, if we have some
 			$msg = array_merge((array)$msg, notifications::errors(true));
 		}
-		$event['msg'] = implode("\n",(array)$msg);
+		egw_framework::message(implode("\n", (array)$msg));
 		$readonlys['button[edit]'] = !$event['id'];
 		$event['ics_method'] = $readonlys['ics_method'] = strtolower($ical_method);
 		switch(strtolower($ical_method))