diff options
| author | Mario Vavti <mario@mariovavti.com> | 2019-04-30 12:08:19 +0200 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2019-04-30 12:08:19 +0200 |
| commit | a04689b7840f336fed92ec648754cca02dcd90f0 (patch) | |
| tree | cdcc3f5cd58a109f336d30329baec5e7b82db685 | |
| parent | 0b062d0b8ae89b40b4e036f874f6af3780c30451 (diff) | |
| download | volse-hubzilla-a04689b7840f336fed92ec648754cca02dcd90f0.tar.gz volse-hubzilla-a04689b7840f336fed92ec648754cca02dcd90f0.tar.bz2 volse-hubzilla-a04689b7840f336fed92ec648754cca02dcd90f0.zip | |
do not allow editing events that do not belong to us
| -rw-r--r-- | Zotlabs/Module/Channel_calendar.php | 5 | ||||
| -rw-r--r-- | view/tpl/cdav_calendar.tpl | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/Zotlabs/Module/Channel_calendar.php b/Zotlabs/Module/Channel_calendar.php index 6741d611c..7fa03fb34 100644 --- a/Zotlabs/Module/Channel_calendar.php +++ b/Zotlabs/Module/Channel_calendar.php @@ -147,6 +147,11 @@ class Channel_calendar extends \Zotlabs\Web\Controller { } return; } + + if($x[0]['event_xchan'] !== $channel['xchan_hash']) { + notice( t('Not allowed.') . EOL); + return; + } $acl->set($x[0]); diff --git a/view/tpl/cdav_calendar.tpl b/view/tpl/cdav_calendar.tpl index 8b91275ee..827c57b96 100644 --- a/view/tpl/cdav_calendar.tpl +++ b/view/tpl/cdav_calendar.tpl @@ -322,7 +322,11 @@ $(document).ready(function() { $('#id_categories').tagsinput('add', '{{$categories}}'), $('#id_description').val(resource.description); $('#id_location').val(resource.location); - $('#event_submit').html('{{$update}}'); + + if(resource.event_xchan !== '{{$channel_hash}}') + $('#event_submit').hide(); + else + $('#event_submit').html('{{$update}}'); } }); |