From: rabuzarus <> Date: Wed, 22 Jun 2016 11:50:47 +0000 (+0200) Subject: cal export && public calendar - even better permissions testing X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=2cac69ca86c81f492332f7b2f0fb792ba8f507db;p=friendica.git cal export && public calendar - even better permissions testing --- diff --git a/include/event.php b/include/event.php index c826511f23..f2783ab36e 100644 --- a/include/event.php +++ b/include/event.php @@ -818,8 +818,13 @@ function widget_events() { // of the profile page it should be the personal /events page. So we can use $a->user $user = ($a->data['user']['nickname'] ? $a->data['user']['nickname'] : $a->user['nickname']); - if( !(local_user()) && !(feature_enabled($owner_uid, "export_calendar")) ) + // a little bit tricky permission testing because we have to respect many cases + if(!(local_user()) && !($owner_uid) // not the private events page (we don't get the $owner_uid for /events) + || (intval($owner_uid) && local_user() !== $owner_uid && !(feature_enabled($owner_uid, "export_calendar"))) // cal logged in user (test permission at foreign profile page) + || ( !(local_user()) && !(feature_enabled($owner_uid, "export_calendar"))) // if cal && not logged in && feature is not enabled + ) { return; + } return replace_macros(get_markup_template("events_aside.tpl"), array( '$etitle' => t("Export"), diff --git a/mod/cal.php b/mod/cal.php index 5dab182e71..e2c84204b4 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -302,7 +302,8 @@ function cal_content(&$a) { return; } - if( !(local_user()) && !(feature_enabled($owner_uid, "export_calendar"))) { + // Test permissions + if( ((local_user() !== $owner_uid)) && !(feature_enabled($owner_uid, "export_calendar"))) { notice( t('Permission denied.') . EOL); return; }