Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/apps/calendar/ajax/event/resize.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/calendar/ajax/event/resize.php')
-rw-r--r--apps/calendar/ajax/event/resize.php10
1 files changed, 8 insertions, 2 deletions
diff --git a/apps/calendar/ajax/event/resize.php b/apps/calendar/ajax/event/resize.php
index a8d8f49ae0a..75d6e0b2547 100644
--- a/apps/calendar/ajax/event/resize.php
+++ b/apps/calendar/ajax/event/resize.php
@@ -10,7 +10,13 @@ OC_JSON::checkLoggedIn();
$id = $_POST['id'];
-$vcalendar = OC_Calendar_App::getVCalendar($id);
+$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
+if($access != 'owner' && $access != 'rw'){
+ OC_JSON::error(array('message'=>'permission denied'));
+ exit;
+}
+
+$vcalendar = OC_Calendar_App::getVCalendar($id, false, false);
$vevent = $vcalendar->VEVENT;
$delta = new DateInterval('P0D');
@@ -27,6 +33,6 @@ unset($vevent->DURATION);
$vevent->setDateTime('LAST-MODIFIED', 'now', Sabre_VObject_Property_DateTime::UTC);
$vevent->setDateTime('DTSTAMP', 'now', Sabre_VObject_Property_DateTime::UTC);
-$result = OC_Calendar_Object::edit($id, $vcalendar->serialize());
+OC_Calendar_Object::edit($id, $vcalendar->serialize());
$lastmodified = $vevent->__get('LAST-MODIFIED')->getDateTime();
OC_JSON::success(array('lastmodified'=>(int)$lastmodified->format('U')));
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 13:00:08 +0300