ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

forbid changing the displayname or color of the calendar/deck when the user doesn't has the "manage" permissions

Browse Source 
Signed-off-by: Bjoern Schiessle <bjoern@nextcloud.com>
This commit is contained in:
Bjoern Schiessle
2023-04-26 21:45:23 +02:00
committed by Julius Härtl
parent 14d686a6bc
commit e2a4737fdb
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/DAV/Calendar.php
View File

@@ -188,12 +188,18 @@ class Calendar extends ExternalCalendar {
foreach ($properties as $key => $value) { foreach ($properties as $key => $value) {
switch ($key) { switch ($key) {
case '{DAV:}displayname': case '{DAV:}displayname':
if (!$this->backend->checkBoardPermission($this->board->getId(), Acl::PERMISSION_MANAGE)) {
throw new Forbidden('no permission to change the displayname');
}
if (mb_strpos($value, 'Deck: ') === 0) { if (mb_strpos($value, 'Deck: ') === 0) {
$value = mb_substr($value, strlen('Deck: ')); $value = mb_substr($value, strlen('Deck: '));
} }
$this->board->setTitle($value); $this->board->setTitle($value);
break; break;
case '{http://apple.com/ns/ical/}calendar-color': case '{http://apple.com/ns/ical/}calendar-color':
if (!$this->backend->checkBoardPermission($this->board->getId(), Acl::PERMISSION_MANAGE)) {
throw new Forbidden('no permission to change the calendar color');
}
$color = substr($value, 1, 6); $color = substr($value, 1, 6);
if (!preg_match('/[a-f0-9]{6}/i', $color)) { if (!preg_match('/[a-f0-9]{6}/i', $color)) {
throw new InvalidDataException('No valid color provided'); throw new InvalidDataException('No valid color provided');