Fix permission check if a tasklist doesn't have any permissions set.

diff --git a/kronolith/lib/Event/Horde.php b/kronolith/lib/Event/Horde.php
index 27ad2eb..dc55a5a 100644 (file)
--- a/kronolith/lib/Event/Horde.php
+++ b/kronolith/lib/Event/Horde.php
@@ -60,6 +60,13 @@ class Kronolith_Event_Horde extends Kronolith_Event
     protected $_params;
 
     /**
+     * The event's owner.
+     *
+     * @var string
+     */
+    protected $_owner;
+
+    /**
      * A bitmask of permissions the current user has on this object.
      *
      * @var integer
@@ -143,7 +150,9 @@ class Kronolith_Event_Horde extends Kronolith_Event
             $this->recurrence = $recurrence;
         }
 
-
+        if (isset($event['owner'])) {
+            $this->_owner = $event['owner'];
+        }
         if (isset($event['permissions'])) {
             $this->_permissions = $event['permissions'];
         }
@@ -205,6 +214,14 @@ class Kronolith_Event_Horde extends Kronolith_Event
      */
     public function hasPermission($permission, $user = null)
     {
+        if ($user === null) {
+            $user = $GLOBALS['registry']->getAuth();
+        }
+
+        if (isset($this->_owner) && $this->_owner == $user) {
+            return true;
+        }
+
         if (isset($this->_permissions)) {
             return (bool)($this->_permissions & $permission);
         }

diff --git a/nag/lib/Api.php b/nag/lib/Api.php
index 4f2b494..e8aca63 100644 (file)
--- a/nag/lib/Api.php
+++ b/nag/lib/Api.php
@@ -1351,6 +1351,7 @@ class Nag_Api extends Horde_Registry_Api
                 'end' => $due_date,
                 'category' => $task->category,
                 'color' => $allowed_tasklists[$task->tasklist]->get('color'),
+                'owner' => $allowed_tasklists[$task->tasklist]->get('owner'),
                 'permissions' => $GLOBALS['nag_shares']->getPermissions($task->tasklist, $GLOBALS['registry']->getAuth()),
                 'variable_length' => false,
                 'params' => array('task' => $task->id,