ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Merge pull request #4625 from nextcloud/backport/4622/stable26

Browse Source
This commit is contained in:
Julius Härtl
2023-04-27 08:57:33 +02:00
committed by GitHub
parent 27d960340e 6684023424
commit eddb6fc460
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/DAV/Calendar.php
View File

@@ -59,20 +59,21 @@ class Calendar extends ExternalCalendar {
} }
public function getACL() { public function getACL() {
// the calendar should always have the read and the write-properties permissions
// write-properties is needed to allow the user to toggle the visibility of shared deck calendars
$acl = [ $acl = [
[ [
'privilege' => '{DAV:}read', 'privilege' => '{DAV:}read',
'principal' => $this->getOwner(), 'principal' => $this->getOwner(),
'protected' => true, 'protected' => true,
] ],
]; [
if ($this->backend->checkBoardPermission($this->board->getId(), Acl::PERMISSION_MANAGE)) {
$acl[] = [
'privilege' => '{DAV:}write-properties', 'privilege' => '{DAV:}write-properties',
'principal' => $this->getOwner(), 'principal' => $this->getOwner(),
'protected' => true, 'protected' => true,
]; ]
} ];
return $acl; return $acl;
} }
@@ -187,12 +188,18 @@ class Calendar extends ExternalCalendar {
foreach ($properties as $key => $value) { foreach ($properties as $key => $value) {
switch ($key) { switch ($key) {
case '{DAV:}displayname': case '{DAV:}displayname':
if (!$this->backend->checkBoardPermission($this->board->getId(), Acl::PERMISSION_MANAGE)) {
throw new Forbidden('no permission to change the displayname');
}
if (mb_strpos($value, 'Deck: ') === 0) { if (mb_strpos($value, 'Deck: ') === 0) {
$value = mb_substr($value, strlen('Deck: ')); $value = mb_substr($value, strlen('Deck: '));
} }
$this->board->setTitle($value); $this->board->setTitle($value);
break; break;
case '{http://apple.com/ns/ical/}calendar-color': case '{http://apple.com/ns/ical/}calendar-color':
if (!$this->backend->checkBoardPermission($this->board->getId(), Acl::PERMISSION_MANAGE)) {
throw new Forbidden('no permission to change the calendar color');
}
$color = substr($value, 1, 6); $color = substr($value, 1, 6);
if (!preg_match('/[a-f0-9]{6}/i', $color)) { if (!preg_match('/[a-f0-9]{6}/i', $color)) {
throw new InvalidDataException('No valid color provided'); throw new InvalidDataException('No valid color provided');