friendica
/
friendica
mirror of https://github.com/friendica/friendica.git
4
7
Fork 5
Code Issues Releases 16 Wiki Activity
Browse Source

pub calendar - permission clean up and docu

pull/2631/head
rabuzarus 6 years ago
parent
111f77ac64
commit
e352458ef0
2 changed files with 21 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      include/event.php
  2. 3
      mod/cal.php

25
include/event.php
Unescape View File

@ -818,13 +818,26 @@ function widget_events() {
// of the profile page it should be the personal /events page. So we can use $a->user
$user = ($a->data['user']['nickname'] ? $a->data['user']['nickname'] : $a->user['nickname']);
// a little bit tricky permission testing because we have to respect many cases
if(!(local_user()) && !($owner_uid) // not the private events page (we don't get the $owner_uid for /events)
|| (intval($owner_uid) && local_user() !== $owner_uid && !(feature_enabled($owner_uid, "export_calendar"))) // cal logged in user (test permission at foreign profile page)
|| ( !(local_user()) && !(feature_enabled($owner_uid, "export_calendar"))) // if cal && not logged in && feature is not enabled
) {
// The permission testing is a little bit tricky because we have to respect many cases
// It's not the private events page (we don't get the $owner_uid for /events)
if(! local_user() && ! $owner_uid)
return;
// Cal logged in user (test permission at foreign profile page)
// If the $owner uid is available we know it is part of one of the profile pages (like /cal)
// So we have to test if if it's the own profile page of the logged in user
// or a foreign one. For foreign profile pages we need to check if the feature
// for exporting the cal is enabled (otherwise the widget would appear for logged in users
// on foreigen profile pages even if the widget is disabled)
if(intval($owner_uid) && local_user() !== $owner_uid && ! feature_enabled($owner_uid, "export_calendar"))
return;
// If it's a kind of profile page (intval($owner_uid)) return if the user not logged in and
// export feature isn't enabled
if(intval($owner_uid) && ! local_user() && ! feature_enabled($owner_uid, "export_calendar"))
return;
}
return replace_macros(get_markup_template("events_aside.tpl"), array(
'$etitle' => t("Export"),

3
mod/cal.php
Unescape View File

@ -303,7 +303,8 @@ function cal_content(&$a) {
}
// Test permissions
if( ((local_user() !== $owner_uid)) && !(feature_enabled($owner_uid, "export_calendar"))) {
// Respect the export feature setting for all other /cal pages if it's not the own profile
if( ((local_user() !== $owner_uid)) && ! feature_enabled($owner_uid, "export_calendar")) {
notice( t('Permission denied.') . EOL);
return;
}

Write Preview
Loading…
Cancel
Save