diff options
Diffstat (limited to 'apps/calendar/ajax/event/edit.php')
| -rwxr-xr-x[-rw-r--r--] | apps/calendar/ajax/event/edit.php | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/apps/calendar/ajax/event/edit.php b/apps/calendar/ajax/event/edit.php index 64daffddef0..e615fb093de 100644..100755 --- a/apps/calendar/ajax/event/edit.php +++ b/apps/calendar/ajax/event/edit.php @@ -6,28 +6,41 @@ * See the COPYING-README file. */ -require_once('../../../../lib/base.php'); -OC_JSON::checkLoggedIn(); -OC_JSON::checkAppEnabled('calendar'); + +OCP\JSON::checkLoggedIn(); +OCP\JSON::checkAppEnabled('calendar'); + +$id = $_POST['id']; + +if(!array_key_exists('calendar', $_POST)){ + $cal = OC_Calendar_Object::getCalendarid($id); + $_POST['calendar'] = $cal; +}else{ + $cal = $_POST['calendar']; +} + +$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT); +if($access != 'owner' && $access != 'rw'){ + OCP\JSON::error(array('message'=>'permission denied')); + exit; +} $errarr = OC_Calendar_Object::validateRequest($_POST); if($errarr){ //show validate errors - OC_JSON::error($errarr); + OCP\JSON::error($errarr); exit; }else{ - $id = $_POST['id']; - $cal = $_POST['calendar']; - $data = OC_Calendar_App::getEventObject($id); + $data = OC_Calendar_App::getEventObject($id, false, false); $vcalendar = OC_VObject::parse($data['calendardata']); OC_Calendar_App::isNotModified($vcalendar->VEVENT, $_POST['lastmodified']); OC_Calendar_Object::updateVCalendarFromRequest($_POST, $vcalendar); - $result = OC_Calendar_Object::edit($id, $vcalendar->serialize()); + OC_Calendar_Object::edit($id, $vcalendar->serialize()); if ($data['calendarid'] != $cal) { OC_Calendar_Object::moveToCalendar($id, $cal); } - OC_JSON::success(); + OCP\JSON::success(); } ?> |