when creating an event from a post in our stream, if the original post was private, set the event permissions to "just me". If it was a public event, set the event permissions to the channel default permissions.

2 files changed, 13 insertions, 2 deletions

diff --git a/include/event.php b/include/event.php
index 73033a1c3..2969f4f61 100644
--- a/include/event.php
+++ b/include/event.php
@@ -440,6 +440,17 @@ function event_addtocal($item_id, $uid) {
 			$ev['event_hash'] = $item['resource_id'];
 		}
 
+		if($ev->private)
+			$ev['allow_cid'] = '<' . $channel['channel_hash'] . '>'; 
+		else {
+			$acl = new Zotlabs\Access\AccessList($channel);
+			$x = $acl->get();
+			$ev['allow_cid'] = $x['allow_cid'];
+			$ev['allow_gid'] = $x['allow_gid'];
+			$ev['deny_cid']  = $x['deny_cid'];
+			$ev['deny_gid']  = $x['deny_gid'];
+		}
+
 		$event = event_store_event($ev);
 		if($event) {
 			$r = q("update item set resource_id = '%s', resource_type = 'event' where id = %d and uid = %d",
diff --git a/include/session.php b/include/session.php
index 182805980..43bba528b 100644
--- a/include/session.php
+++ b/include/session.php
@@ -124,12 +124,12 @@ session_set_save_handler(
 
    // Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
 
-    if(intval($a->config['system']['ssl_cookie_protection'])) {
+    if(intval(get_app()->config['system']['ssl_cookie_protection'])) {
         $arr = session_get_cookie_params();
         session_set_cookie_params(
             ((isset($arr['lifetime']))  ? $arr['lifetime'] : 0),
             ((isset($arr['path']))      ? $arr['path']     : '/'),
-            ((isset($arr['domain']))    ? $arr['domain']   : $a->get_hostname()),
+            ((isset($arr['domain']))    ? $arr['domain']   : get_app()->get_hostname()),
             ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
             ((isset($arr['httponly']))  ? $arr['httponly'] : true));
     }
\ No newline at end of file