From e352458ef09a278a87d3cc3aba3021062658d2ef Mon Sep 17 00:00:00 2001 From: rabuzarus <> Date: Thu, 23 Jun 2016 10:07:13 +0200 Subject: [PATCH] pub calendar - permission clean up and docu --- include/event.php | 25 +++++++++++++++++++------ mod/cal.php | 3 ++- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/include/event.php b/include/event.php index f2783ab36e..7b77ee8d61 100644 --- a/include/event.php +++ b/include/event.php @@ -818,13 +818,26 @@ function widget_events() { // of the profile page it should be the personal /events page. So we can use $a->user $user = ($a->data['user']['nickname'] ? $a->data['user']['nickname'] : $a->user['nickname']); - // a little bit tricky permission testing because we have to respect many cases - if(!(local_user()) && !($owner_uid) // not the private events page (we don't get the $owner_uid for /events) - || (intval($owner_uid) && local_user() !== $owner_uid && !(feature_enabled($owner_uid, "export_calendar"))) // cal logged in user (test permission at foreign profile page) - || ( !(local_user()) && !(feature_enabled($owner_uid, "export_calendar"))) // if cal && not logged in && feature is not enabled - ) { + + // The permission testing is a little bit tricky because we have to respect many cases + + // It's not the private events page (we don't get the $owner_uid for /events) + if(! local_user() && ! $owner_uid) + return; + + // Cal logged in user (test permission at foreign profile page) + // If the $owner uid is available we know it is part of one of the profile pages (like /cal) + // So we have to test if if it's the own profile page of the logged in user + // or a foreign one. For foreign profile pages we need to check if the feature + // for exporting the cal is enabled (otherwise the widget would appear for logged in users + // on foreigen profile pages even if the widget is disabled) + if(intval($owner_uid) && local_user() !== $owner_uid && ! feature_enabled($owner_uid, "export_calendar")) + return; + + // If it's a kind of profile page (intval($owner_uid)) return if the user not logged in and + // export feature isn't enabled + if(intval($owner_uid) && ! local_user() && ! feature_enabled($owner_uid, "export_calendar")) return; - } return replace_macros(get_markup_template("events_aside.tpl"), array( '$etitle' => t("Export"), diff --git a/mod/cal.php b/mod/cal.php index b04c3aab42..a211a0ead9 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -303,7 +303,8 @@ function cal_content(&$a) { } // Test permissions - if( ((local_user() !== $owner_uid)) && !(feature_enabled($owner_uid, "export_calendar"))) { + // Respect the export feature setting for all other /cal pages if it's not the own profile + if( ((local_user() !== $owner_uid)) && ! feature_enabled($owner_uid, "export_calendar")) { notice( t('Permission denied.') . EOL); return; } -- 2.39.5