From: Jan Schneider <jan@horde.org>
Date: Fri, 18 Dec 2009 13:58:21 +0000 (+0100)
Subject: We still need these checks to notify the user early and prohibit to retrieve calendar... 
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=f6b6da6eb0c17b38b99d34610908aca73eed0d0e;p=horde.git

We still need these checks to notify the user early and prohibit to retrieve calendar information.
---

diff --git a/kronolith/calendars/delete.php b/kronolith/calendars/delete.php
index 33a5eddb3..5310e4109 100644
--- a/kronolith/calendars/delete.php
+++ b/kronolith/calendars/delete.php
@@ -18,11 +18,21 @@ if (!Horde_Auth::getAuth()) {
 }
 
 $vars = Horde_Variables::getDefaultVariables();
-$calendar = $kronolith_shares->getShare($vars->get('c'));
+$calendar_id = $vars->get('c');
+if ($calendar_id == Horde_Auth::getAuth()) {
+    $notification->push(_("This calendar cannot be deleted."), 'horde.warning');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
+}
+$calendar = $kronolith_shares->getShare($calendar_id);
 if (is_a($calendar, 'PEAR_Error')) {
     $notification->push($calendar, 'horde.error');
     header('Location: ' . Horde::applicationUrl('calendars/', true));
     exit;
+} elseif ($calendar->get('owner') != Horde_Auth::getAuth()) {
+    $notification->push(_("You are not allowed to delete this calendar."), 'horde.error');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
 }
 $form = new Kronolith_DeleteCalendarForm($vars, $calendar);
 
diff --git a/kronolith/calendars/edit.php b/kronolith/calendars/edit.php
index 10faa3e55..1cad577b9 100644
--- a/kronolith/calendars/edit.php
+++ b/kronolith/calendars/edit.php
@@ -23,6 +23,10 @@ if (is_a($calendar, 'PEAR_Error')) {
     $notification->push($calendar, 'horde.error');
     header('Location: ' . Horde::applicationUrl('calendars/', true));
     exit;
+} elseif ($calendar->get('owner') != Horde_Auth::getAuth()) {
+    $notification->push(_("You are not allowed to change this calendar."), 'horde.error');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
 }
 $form = new Kronolith_EditCalendarForm($vars, $calendar);