From 71b32f7ad4684360f460726977fb3d803f7bb48a Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Mon, 26 Mar 2012 15:24:43 +0200 Subject: [PATCH] add read only 'form' for shared events --- apps/calendar/ajax/event/edit.form.php | 18 +- apps/calendar/lib/app.php | 25 ++- apps/calendar/lib/share.php | 26 ++- apps/calendar/templates/part.eventform.php | 1 + apps/calendar/templates/part.showevent.php | 249 +++++++++++++++++++++ 5 files changed, 308 insertions(+), 11 deletions(-) create mode 100644 apps/calendar/templates/part.showevent.php diff --git a/apps/calendar/ajax/event/edit.form.php b/apps/calendar/ajax/event/edit.form.php index 837edbbbf0..ab77a747f1 100644 --- a/apps/calendar/ajax/event/edit.form.php +++ b/apps/calendar/ajax/event/edit.form.php @@ -18,6 +18,12 @@ $data = OC_Calendar_App::getEventObject($id); $object = OC_VObject::parse($data['calendardata']); $vevent = $object->VEVENT; +$access = OC_Calendar_App::check_access($id); +if(!$access){ + OC_JSON::error(array('data' => array('message' => self::$l10n->t('Wrong calendar')))); + exit; +} + $dtstart = $vevent->DTSTART; $dtend = OC_Calendar_Object::getDTEndFromVEvent($vevent); switch($dtstart->getDateType()) { @@ -187,8 +193,9 @@ if($data['repeating'] == 1){ }else{ $repeat['repeat'] = 'doesnotrepeat'; } - -$calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser()); +if($access == 'owner'){ + $calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser()); +} $category_options = OC_Calendar_App::getCategoryOptions(); $repeat_options = OC_Calendar_App::getRepeatOptions(); $repeat_end_options = OC_Calendar_App::getEndOptions(); @@ -201,7 +208,12 @@ $repeat_bymonth_options = OC_Calendar_App::getByMonthOptions(); $repeat_byweekno_options = OC_Calendar_App::getByWeekNoOptions(); $repeat_bymonthday_options = OC_Calendar_App::getByMonthDayOptions(); -$tmpl = new OC_Template('calendar', 'part.editevent'); +if($access == 'owner' || $access == 'rw'){ + $tmpl = new OC_Template('calendar', 'part.editevent'); +}elseif($access == 'r'){ + $tmpl = new OC_Template('calendar', 'part.showevent'); +} + $tmpl->assign('id', $id); $tmpl->assign('lastmodified', $lastmodified); $tmpl->assign('calendar_options', $calendar_options); diff --git a/apps/calendar/lib/app.php b/apps/calendar/lib/app.php index f50c65ab4f..b4d9f844c1 100644 --- a/apps/calendar/lib/app.php +++ b/apps/calendar/lib/app.php @@ -14,12 +14,7 @@ class OC_Calendar_App{ public static $l10n; public static function getCalendar($id){ - $calendar = OC_Calendar_Calendar::find( $id ); - if( $calendar === false || $calendar['userid'] != OC_User::getUser()){ - OC_JSON::error(array('data' => array('message' => self::$l10n->t('Wrong calendar')))); - exit(); - } - return $calendar; + return OC_Calendar_Calendar::find( $id ); } public static function getEventObject($id){ @@ -29,10 +24,26 @@ class OC_Calendar_App{ exit(); } - self::getCalendar( $event_object['calendarid'] );//access check + //self::getCalendar( $event_object['calendarid'] );//access check return $event_object; } + public static function check_access($id){ + $event_object = self::getEventObject($id); + $calendar = self::getCalendar($event_object['calendarid']); + if($calendar['userid'] == OC_User::getUser()){ + return 'owner'; + } + if(OC_Calendar_Share::check_access(OC_User::getUser(), $id, OC_Calendar_Share::EVENT)){ + if(OC_Calendar_Share::is_editing_allowed(OC_User::getUser(), $id, OC_Calendar_Share::EVENT)){ + return 'rw'; + }else{ + return 'r'; + } + } + return false; + } + public static function getVCalendar($id){ $event_object = self::getEventObject( $id ); diff --git a/apps/calendar/lib/share.php b/apps/calendar/lib/share.php index def1026c5e..7117607ebb 100644 --- a/apps/calendar/lib/share.php +++ b/apps/calendar/lib/share.php @@ -191,11 +191,35 @@ class OC_Calendar_Share{ public static function is_editing_allowed($share, $id, $type){ $group_where = self::group_sql(OC_Group::getUserGroups($share)); $permission_where = self::permission_sql('rw'); - $stmt = OC_DB::prepare('SELECT * FROM *PREFIX*calendar_share_' . $type . ' WHERE ((share = ? AND sharetype = "user") ' . $group_where . ') ' . $permission_where . ')'); + $stmt = OC_DB::prepare('SELECT * FROM *PREFIX*calendar_share_' . $type . ' WHERE ((share = ? AND sharetype = "user") ' . $group_where . ') ' . $permission_where); $result = $stmt->execute(array($share)); if($result->numRows() == 1){ return true; } + if($type == self::EVENT){ + $calendar == OC_Calendar_App::getCalendar($id); + return self::is_editing_allowed($share, $calendar['id'], self::CALENDAR); + } + return false; + } + /* + * @brief: checks the access of + * @param: (string) $share - userid (if $sharetype == user) / groupid (if $sharetype == group) / token (if $sharetype == public) + * @param: (string) $id - id of the calendar / event + * @param: (string) $type - use const self::CALENDAR or self::EVENT + * @return (bool) + */ + public static function check_access($share, $id, $type){ + $group_where = self::group_sql(OC_Group::getUserGroups($share)); + $stmt = OC_DB::prepare('SELECT * FROM *PREFIX*calendar_share_' . $type . ' WHERE ((share = ? AND sharetype = "user") ' . $group_where . ')'); + $result = $stmt->execute(array($share)); + if($result->numRows() > 0){ + return true; + } + if($type == self::EVENT){ + $calendar == OC_Calendar_App::getCalendar($id); + return self::check_access($share, $calendar['id'], self::CALENDAR); + } return false; } } \ No newline at end of file diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php index b67f8c02c3..c87e1ec9de 100644 --- a/apps/calendar/templates/part.eventform.php +++ b/apps/calendar/templates/part.eventform.php @@ -217,6 +217,7 @@ diff --git a/apps/calendar/templates/part.showevent.php b/apps/calendar/templates/part.showevent.php new file mode 100644 index 0000000000..1be13bf1f6 --- /dev/null +++ b/apps/calendar/templates/part.showevent.php @@ -0,0 +1,249 @@ +
"> + +
+ + + + + +
t("Title");?>: + +
+ + + + + + + + + +
t("Category");?>: + t('No categories selected'); + }else{ + echo ''; + } + ?> +    t("Calendar");?>: + +   + +
+
+ + + + + + + + + + + + + +
+ id="allday_checkbox" name="allday" disabled="disabled"> + t("All Day Event");?> +
t("From");?>: + +    t('at'):''; ?>    + +
t("To");?>: + +    t('at'):''; ?>    + +
+ " onclick="Calendar.UI.showadvancedoptions();" id="advanced_options_button"> + +
+
+ + + + + + +
t("Repeat");?>: + " onclick="Calendar.UI.showadvancedoptionsforrepeating();" id="advanced_options_button">
+ +
+
//Alarm
+
//Attendees
+
//Share
+ +
\ No newline at end of file