From f6b6da6eb0c17b38b99d34610908aca73eed0d0e Mon Sep 17 00:00:00 2001
From: Jan Schneider <jan@horde.org>
Date: Fri, 18 Dec 2009 14:58:21 +0100
Subject: [PATCH] We still need these checks to notify the user early and
 prohibit to retrieve calendar information.

---
 kronolith/calendars/delete.php | 12 +++++++++++-
 kronolith/calendars/edit.php   |  4 ++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/kronolith/calendars/delete.php b/kronolith/calendars/delete.php
index 33a5eddb3..5310e4109 100644
--- a/kronolith/calendars/delete.php
+++ b/kronolith/calendars/delete.php
@@ -18,11 +18,21 @@ if (!Horde_Auth::getAuth()) {
 }
 
 $vars = Horde_Variables::getDefaultVariables();
-$calendar = $kronolith_shares->getShare($vars->get('c'));
+$calendar_id = $vars->get('c');
+if ($calendar_id == Horde_Auth::getAuth()) {
+    $notification->push(_("This calendar cannot be deleted."), 'horde.warning');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
+}
+$calendar = $kronolith_shares->getShare($calendar_id);
 if (is_a($calendar, 'PEAR_Error')) {
     $notification->push($calendar, 'horde.error');
     header('Location: ' . Horde::applicationUrl('calendars/', true));
     exit;
+} elseif ($calendar->get('owner') != Horde_Auth::getAuth()) {
+    $notification->push(_("You are not allowed to delete this calendar."), 'horde.error');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
 }
 $form = new Kronolith_DeleteCalendarForm($vars, $calendar);
 
diff --git a/kronolith/calendars/edit.php b/kronolith/calendars/edit.php
index 10faa3e55..1cad577b9 100644
--- a/kronolith/calendars/edit.php
+++ b/kronolith/calendars/edit.php
@@ -23,6 +23,10 @@ if (is_a($calendar, 'PEAR_Error')) {
     $notification->push($calendar, 'horde.error');
     header('Location: ' . Horde::applicationUrl('calendars/', true));
     exit;
+} elseif ($calendar->get('owner') != Horde_Auth::getAuth()) {
+    $notification->push(_("You are not allowed to change this calendar."), 'horde.error');
+    header('Location: ' . Horde::applicationUrl('calendars/', true));
+    exit;
 }
 $form = new Kronolith_EditCalendarForm($vars, $calendar);
 
-- 
2.11.0