Restore missing permission check in Widget\CalendarExport
This commit is contained in:
parent
254974826f
commit
72b552895e
1 changed files with 13 additions and 30 deletions
|
@ -6,6 +6,7 @@
|
||||||
|
|
||||||
namespace Friendica\Content\Widget;
|
namespace Friendica\Content\Widget;
|
||||||
|
|
||||||
|
use Friendica\Content\Feature;
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
|
|
||||||
require_once 'boot.php';
|
require_once 'boot.php';
|
||||||
|
@ -26,38 +27,20 @@ class CalendarExport
|
||||||
public static function getHTML() {
|
public static function getHTML() {
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
|
|
||||||
// $owner_uid = $a->data['user']['uid'];
|
$owner_uid = $a->data['user']['uid'];
|
||||||
// // The permission testing is a little bit tricky because we have to respect many cases.
|
|
||||||
//
|
// The permission testing is a little bit tricky because we have to respect many cases.
|
||||||
// // It's not the private events page (we don't get the $owner_uid for /events).
|
|
||||||
// if (! local_user() && ! $owner_uid) {
|
// It's not the private events page (we don't get the $owner_uid for /events).
|
||||||
// return;
|
if (!local_user() && !$owner_uid) {
|
||||||
// }
|
return;
|
||||||
//
|
}
|
||||||
// /*
|
|
||||||
// * Cal logged in user (test permission at foreign profile page).
|
|
||||||
// * If the $owner uid is available we know it is part of one of the profile pages (like /cal).
|
|
||||||
// * So we have to test if if it's the own profile page of the logged in user
|
|
||||||
// * or a foreign one. For foreign profile pages we need to check if the feature
|
|
||||||
// * for exporting the cal is enabled (otherwise the widget would appear for logged in users
|
|
||||||
// * on foreigen profile pages even if the widget is disabled).
|
|
||||||
// */
|
|
||||||
// if (intval($owner_uid) && local_user() !== $owner_uid && ! Feature::isEnabled($owner_uid, "export_calendar")) {
|
|
||||||
// return;
|
|
||||||
// }
|
|
||||||
//
|
|
||||||
// /*
|
|
||||||
// * If it's a kind of profile page (intval($owner_uid)) return if the user not logged in and
|
|
||||||
// * export feature isn't enabled.
|
|
||||||
// */
|
|
||||||
// if (intval($owner_uid) && ! local_user() && ! Feature::isEnabled($owner_uid, "export_calendar")) {
|
|
||||||
// return;
|
|
||||||
// }
|
|
||||||
/*
|
/*
|
||||||
* All the legacy checks above seem to be equivalent to the check below, see https://ethercalc.org/z6ehv1tut9cm
|
* If it's a kind of profile page (intval($owner_uid)) return if the user not logged in and
|
||||||
* If there is a mistake in the spreadsheet, please notify @MrPetovan on GitHub or by email mrpetovan@gmail.com
|
* export feature isn't enabled.
|
||||||
*/
|
*/
|
||||||
if (!local_user()) {
|
if (!local_user() && $owner_uid && !Feature::isEnabled($owner_uid, 'export_calendar')) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue