瀏覽代碼

pub calendar - permission clean up and docu

tags/3.5
rabuzarus 4 年之前
父節點
當前提交
e352458ef0
共有 2 個文件被更改,包括 21 次插入7 次删除
  1. +19
    -6
      include/event.php
  2. +2
    -1
      mod/cal.php

+ 19
- 6
include/event.php 查看文件

@@ -818,13 +818,26 @@ function widget_events() {
// of the profile page it should be the personal /events page. So we can use $a->user
$user = ($a->data['user']['nickname'] ? $a->data['user']['nickname'] : $a->user['nickname']);

// a little bit tricky permission testing because we have to respect many cases
if(!(local_user()) && !($owner_uid) // not the private events page (we don't get the $owner_uid for /events)
|| (intval($owner_uid) && local_user() !== $owner_uid && !(feature_enabled($owner_uid, "export_calendar"))) // cal logged in user (test permission at foreign profile page)
|| ( !(local_user()) && !(feature_enabled($owner_uid, "export_calendar"))) // if cal && not logged in && feature is not enabled
) {

// The permission testing is a little bit tricky because we have to respect many cases

// It's not the private events page (we don't get the $owner_uid for /events)
if(! local_user() && ! $owner_uid)
return;

// Cal logged in user (test permission at foreign profile page)
// If the $owner uid is available we know it is part of one of the profile pages (like /cal)
// So we have to test if if it's the own profile page of the logged in user
// or a foreign one. For foreign profile pages we need to check if the feature
// for exporting the cal is enabled (otherwise the widget would appear for logged in users
// on foreigen profile pages even if the widget is disabled)
if(intval($owner_uid) && local_user() !== $owner_uid && ! feature_enabled($owner_uid, "export_calendar"))
return;

// If it's a kind of profile page (intval($owner_uid)) return if the user not logged in and
// export feature isn't enabled
if(intval($owner_uid) && ! local_user() && ! feature_enabled($owner_uid, "export_calendar"))
return;
}

return replace_macros(get_markup_template("events_aside.tpl"), array(
'$etitle' => t("Export"),


+ 2
- 1
mod/cal.php 查看文件

@@ -303,7 +303,8 @@ function cal_content(&$a) {
}

// Test permissions
if( ((local_user() !== $owner_uid)) && !(feature_enabled($owner_uid, "export_calendar"))) {
// Respect the export feature setting for all other /cal pages if it's not the own profile
if( ((local_user() !== $owner_uid)) && ! feature_enabled($owner_uid, "export_calendar")) {
notice( t('Permission denied.') . EOL);
return;
}


Loading…
取消
儲存