cal export && public calendar - fix permissions

diff --git a/include/event.php b/include/event.php
index befda64eb1162e2d7bb384ccd79a51e5eb6f8a2c..c826511f2307e0bac8b9d0bd6b78d561ece33877 100644 (file)
--- a/include/event.php
+++ b/include/event.php
@@ -818,7 +818,7 @@ function widget_events() {
        // of the profile page it should be the personal /events page. So we can use $a->user
        $user = ($a->data['user']['nickname'] ? $a->data['user']['nickname'] : $a->user['nickname']);
 
-       if( !(local_user() )&& !(feature_enabled($owner_uid, "export_calendar")) )
+       if( !(local_user()) && !(feature_enabled($owner_uid, "export_calendar")) )
                return;
 
        return replace_macros(get_markup_template("events_aside.tpl"), array(

diff --git a/mod/cal.php b/mod/cal.php
index a12a653426da7d3dd684d5256e644cb360a93a46..5dab182e713f8463a5e87ed0f1b42cf488c6013e 100644 (file)
--- a/mod/cal.php
+++ b/mod/cal.php
@@ -153,7 +153,10 @@ function cal_content(&$a) {
                return;
        }
 
-       $sql_extra = item_permissions_sql($owner_uid,$remote_contact,$groups);
+       // get the permissions
+       $sql_perms = item_permissions_sql($owner_uid,$remote_contact,$groups);
+       // we only want to have the events of the profile owner
+       $sql_extra = " AND `event`.`cid` = 0 ";
 
        // get the tab navigation bar
        $tabs .= profile_tabs($a,false, $a->data['user']['nickname']);
@@ -299,7 +302,7 @@ function cal_content(&$a) {
                        return;
                }
 
-               if(! (feature_enabled($owner_uid, "export_calendar"))) {
+               if( !(local_user()) && !(feature_enabled($owner_uid, "export_calendar"))) {
                        notice( t('Permission denied.') . EOL);
                        return;
                }