We still need these checks to notify the user early and prohibit to retrieve calendar...

diff --git a/kronolith/calendars/delete.php b/kronolith/calendars/delete.php
index 33a5edd..5310e41 100644 (file)
--- a/kronolith/calendars/delete.php
+++ b/kronolith/calendars/delete.php
@@ -18,11 +18,21 @@ if (!Horde_Auth::getAuth()) {
 }
 
 $vars = Horde_Variables::getDefaultVariables();
-$calendar = $kronolith_shares->getShare($vars->get('c'));
+$calendar_id = $vars->get('c');
+if ($calendar_id == Horde_Auth::getAuth()) {
+    $notification->push(_("This calendar cannot be deleted."), 'horde.warning');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
+}
+$calendar = $kronolith_shares->getShare($calendar_id);
 if (is_a($calendar, 'PEAR_Error')) {
     $notification->push($calendar, 'horde.error');
     header('Location: ' . Horde::applicationUrl('calendars/', true));
     exit;
+} elseif ($calendar->get('owner') != Horde_Auth::getAuth()) {
+    $notification->push(_("You are not allowed to delete this calendar."), 'horde.error');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
 }
 $form = new Kronolith_DeleteCalendarForm($vars, $calendar);
 

diff --git a/kronolith/calendars/edit.php b/kronolith/calendars/edit.php
index 10faa3e..1cad577 100644 (file)
--- a/kronolith/calendars/edit.php
+++ b/kronolith/calendars/edit.php
@@ -23,6 +23,10 @@ if (is_a($calendar, 'PEAR_Error')) {
     $notification->push($calendar, 'horde.error');
     header('Location: ' . Horde::applicationUrl('calendars/', true));
     exit;
+} elseif ($calendar->get('owner') != Horde_Auth::getAuth()) {
+    $notification->push(_("You are not allowed to change this calendar."), 'horde.error');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
 }
 $form = new Kronolith_EditCalendarForm($vars, $calendar);