diff options
author | Christian Vogeley <christian.vogeley@hotmail.de> | 2013-12-22 14:31:27 +0100 |
---|---|---|
committer | Christian Vogeley <christian.vogeley@hotmail.de> | 2013-12-22 14:31:27 +0100 |
commit | 870df76463a1cc9823b364db0bfb387f3f46664f (patch) | |
tree | a8c7391bfe799703aa0a8f26b9ee788f1204e8be /mod/events.php | |
parent | 25a533bd72c34e9775af71c010a39db6caf7b633 (diff) | |
parent | 7e7b5bfa4930493a8feae10b0550e29797956c70 (diff) | |
download | volse-hubzilla-870df76463a1cc9823b364db0bfb387f3f46664f.tar.gz volse-hubzilla-870df76463a1cc9823b364db0bfb387f3f46664f.tar.bz2 volse-hubzilla-870df76463a1cc9823b364db0bfb387f3f46664f.zip |
Merge remote-tracking branch 'upstream/master' into bootstrap
Conflicts:
view/php/theme_init.php
Diffstat (limited to 'mod/events.php')
-rwxr-xr-x | mod/events.php | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/mod/events.php b/mod/events.php index f43a99cba..265c74fce 100755 --- a/mod/events.php +++ b/mod/events.php @@ -1,5 +1,6 @@ <?php +require_once('include/conversation.php'); require_once('include/bbcode.php'); require_once('include/datetime.php'); require_once('include/event.php'); @@ -11,7 +12,7 @@ function events_post(&$a) { return; $event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0); - $cid = ((x($_POST,'cid')) ? intval($_POST['cid']) : 0); + $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : ''); $uid = local_user(); $startyear = intval($_POST['startyear']); $startmonth = intval($_POST['startmonth']); @@ -28,6 +29,11 @@ function events_post(&$a) { $adjust = intval($_POST['adjust']); $nofinish = intval($_POST['nofinish']); + // only allow editing your own events. + + if(($xchan) && ($xchan !== get_observer_hash())) + return; + // The default setting for the `private` field in event_store() is false, so mirror that $private_event = false; @@ -389,11 +395,9 @@ function events_content(&$a) { else $sh_checked = (($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' ); - if($cid) + if($orig_event['event_xchan']) $sh_checked .= ' disabled="disabled" '; - - $tpl = get_markup_template('event_form.tpl'); $sdt = ((x($orig_event)) ? $orig_event['start'] : 'now'); @@ -426,6 +430,15 @@ function events_content(&$a) { require_once('include/acl_selectors.php'); + $perm_defaults = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + + + $o .= replace_macros($tpl,array( '$post' => $a->get_baseurl() . '/events', '$eid' => $eid, @@ -453,8 +466,7 @@ function events_content(&$a) { '$t_orig' => $t_orig, '$sh_text' => t('Share this event'), '$sh_checked' => $sh_checked, -// FIXME - '$acl' => (($cid) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $a->user),false)), + '$acl' => (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults))), '$submit' => t('Submit') )); |