aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-12-01 23:49:52 -0800
committerfriendica <info@friendica.com>2013-12-01 23:49:52 -0800
commit3fdc3515b5dbfee4582467144d3c2d5eefc6a708 (patch)
treea470b5c0bb834091fcaf9abdceed5ef9e344560b
parent55d8ed17a776dce059b861ee43eeea82138b48ce (diff)
downloadvolse-hubzilla-3fdc3515b5dbfee4582467144d3c2d5eefc6a708.tar.gz
volse-hubzilla-3fdc3515b5dbfee4582467144d3c2d5eefc6a708.tar.bz2
volse-hubzilla-3fdc3515b5dbfee4582467144d3c2d5eefc6a708.zip
some work on events permissions
-rwxr-xr-xmod/events.php23
-rwxr-xr-xview/tpl/event_form.tpl2
2 files changed, 18 insertions, 7 deletions
diff --git a/mod/events.php b/mod/events.php
index f43a99cba..77756fb13 100755
--- a/mod/events.php
+++ b/mod/events.php
@@ -11,7 +11,7 @@ function events_post(&$a) {
return;
$event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0);
- $cid = ((x($_POST,'cid')) ? intval($_POST['cid']) : 0);
+ $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : '');
$uid = local_user();
$startyear = intval($_POST['startyear']);
$startmonth = intval($_POST['startmonth']);
@@ -28,6 +28,11 @@ function events_post(&$a) {
$adjust = intval($_POST['adjust']);
$nofinish = intval($_POST['nofinish']);
+ // only allow editing your own events.
+
+ if(($xchan) && ($xchan !== get_observer_hash()))
+ return;
+
// The default setting for the `private` field in event_store() is false, so mirror that
$private_event = false;
@@ -389,11 +394,9 @@ function events_content(&$a) {
else
$sh_checked = (($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' );
- if($cid)
+ if($orig_event['event_xchan'])
$sh_checked .= ' disabled="disabled" ';
-
-
$tpl = get_markup_template('event_form.tpl');
$sdt = ((x($orig_event)) ? $orig_event['start'] : 'now');
@@ -426,6 +429,15 @@ function events_content(&$a) {
require_once('include/acl_selectors.php');
+ $perm_defaults = array(
+ 'allow_cid' => $channel['channel_allow_cid'],
+ 'allow_gid' => $channel['channel_allow_gid'],
+ 'deny_cid' => $channel['channel_deny_cid'],
+ 'deny_gid' => $channel['channel_deny_gid']
+ );
+
+
+
$o .= replace_macros($tpl,array(
'$post' => $a->get_baseurl() . '/events',
'$eid' => $eid,
@@ -453,8 +465,7 @@ function events_content(&$a) {
'$t_orig' => $t_orig,
'$sh_text' => t('Share this event'),
'$sh_checked' => $sh_checked,
-// FIXME
- '$acl' => (($cid) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $a->user),false)),
+ '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults))),
'$submit' => t('Submit')
));
diff --git a/view/tpl/event_form.tpl b/view/tpl/event_form.tpl
index f661eac87..da4dda82e 100755
--- a/view/tpl/event_form.tpl
+++ b/view/tpl/event_form.tpl
@@ -7,7 +7,7 @@
<form action="{{$post}}" method="post" >
<input type="hidden" name="event_id" value="{{$eid}}" />
-<input type="hidden" name="cid" value="{{$cid}}" />
+<input type="hidden" name="xchan" value="{{$xchan}}" />
<input type="hidden" name="mid" value="{{$mid}}" />
<div id="event-start-text">{{$s_text}}</div>