From 71b32f7ad4684360f460726977fb3d803f7bb48a Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Mon, 26 Mar 2012 15:24:43 +0200
Subject: [PATCH] add read only 'form' for shared events
---
apps/calendar/ajax/event/edit.form.php | 18 +-
apps/calendar/lib/app.php | 25 ++-
apps/calendar/lib/share.php | 26 ++-
apps/calendar/templates/part.eventform.php | 1 +
apps/calendar/templates/part.showevent.php | 249 +++++++++++++++++++++
5 files changed, 308 insertions(+), 11 deletions(-)
create mode 100644 apps/calendar/templates/part.showevent.php
diff --git a/apps/calendar/ajax/event/edit.form.php b/apps/calendar/ajax/event/edit.form.php
index 837edbbbf05..ab77a747f1c 100644
--- a/apps/calendar/ajax/event/edit.form.php
+++ b/apps/calendar/ajax/event/edit.form.php
@@ -18,6 +18,12 @@ $data = OC_Calendar_App::getEventObject($id);
$object = OC_VObject::parse($data['calendardata']);
$vevent = $object->VEVENT;
+$access = OC_Calendar_App::check_access($id);
+if(!$access){
+ OC_JSON::error(array('data' => array('message' => self::$l10n->t('Wrong calendar'))));
+ exit;
+}
+
$dtstart = $vevent->DTSTART;
$dtend = OC_Calendar_Object::getDTEndFromVEvent($vevent);
switch($dtstart->getDateType()) {
@@ -187,8 +193,9 @@ if($data['repeating'] == 1){
}else{
$repeat['repeat'] = 'doesnotrepeat';
}
-
-$calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser());
+if($access == 'owner'){
+ $calendar_options = OC_Calendar_Calendar::allCalendars(OC_User::getUser());
+}
$category_options = OC_Calendar_App::getCategoryOptions();
$repeat_options = OC_Calendar_App::getRepeatOptions();
$repeat_end_options = OC_Calendar_App::getEndOptions();
@@ -201,7 +208,12 @@ $repeat_bymonth_options = OC_Calendar_App::getByMonthOptions();
$repeat_byweekno_options = OC_Calendar_App::getByWeekNoOptions();
$repeat_bymonthday_options = OC_Calendar_App::getByMonthDayOptions();
-$tmpl = new OC_Template('calendar', 'part.editevent');
+if($access == 'owner' || $access == 'rw'){
+ $tmpl = new OC_Template('calendar', 'part.editevent');
+}elseif($access == 'r'){
+ $tmpl = new OC_Template('calendar', 'part.showevent');
+}
+
$tmpl->assign('id', $id);
$tmpl->assign('lastmodified', $lastmodified);
$tmpl->assign('calendar_options', $calendar_options);
diff --git a/apps/calendar/lib/app.php b/apps/calendar/lib/app.php
index f50c65ab4f7..b4d9f844c19 100644
--- a/apps/calendar/lib/app.php
+++ b/apps/calendar/lib/app.php
@@ -14,12 +14,7 @@ class OC_Calendar_App{
public static $l10n;
public static function getCalendar($id){
- $calendar = OC_Calendar_Calendar::find( $id );
- if( $calendar === false || $calendar['userid'] != OC_User::getUser()){
- OC_JSON::error(array('data' => array('message' => self::$l10n->t('Wrong calendar'))));
- exit();
- }
- return $calendar;
+ return OC_Calendar_Calendar::find( $id );
}
public static function getEventObject($id){
@@ -29,10 +24,26 @@ class OC_Calendar_App{
exit();
}
- self::getCalendar( $event_object['calendarid'] );//access check
+ //self::getCalendar( $event_object['calendarid'] );//access check
return $event_object;
}
+ public static function check_access($id){
+ $event_object = self::getEventObject($id);
+ $calendar = self::getCalendar($event_object['calendarid']);
+ if($calendar['userid'] == OC_User::getUser()){
+ return 'owner';
+ }
+ if(OC_Calendar_Share::check_access(OC_User::getUser(), $id, OC_Calendar_Share::EVENT)){
+ if(OC_Calendar_Share::is_editing_allowed(OC_User::getUser(), $id, OC_Calendar_Share::EVENT)){
+ return 'rw';
+ }else{
+ return 'r';
+ }
+ }
+ return false;
+ }
+
public static function getVCalendar($id){
$event_object = self::getEventObject( $id );
diff --git a/apps/calendar/lib/share.php b/apps/calendar/lib/share.php
index def1026c5e1..7117607ebbd 100644
--- a/apps/calendar/lib/share.php
+++ b/apps/calendar/lib/share.php
@@ -191,11 +191,35 @@ class OC_Calendar_Share{
public static function is_editing_allowed($share, $id, $type){
$group_where = self::group_sql(OC_Group::getUserGroups($share));
$permission_where = self::permission_sql('rw');
- $stmt = OC_DB::prepare('SELECT * FROM *PREFIX*calendar_share_' . $type . ' WHERE ((share = ? AND sharetype = "user") ' . $group_where . ') ' . $permission_where . ')');
+ $stmt = OC_DB::prepare('SELECT * FROM *PREFIX*calendar_share_' . $type . ' WHERE ((share = ? AND sharetype = "user") ' . $group_where . ') ' . $permission_where);
$result = $stmt->execute(array($share));
if($result->numRows() == 1){
return true;
}
+ if($type == self::EVENT){
+ $calendar == OC_Calendar_App::getCalendar($id);
+ return self::is_editing_allowed($share, $calendar['id'], self::CALENDAR);
+ }
+ return false;
+ }
+ /*
+ * @brief: checks the access of
+ * @param: (string) $share - userid (if $sharetype == user) / groupid (if $sharetype == group) / token (if $sharetype == public)
+ * @param: (string) $id - id of the calendar / event
+ * @param: (string) $type - use const self::CALENDAR or self::EVENT
+ * @return (bool)
+ */
+ public static function check_access($share, $id, $type){
+ $group_where = self::group_sql(OC_Group::getUserGroups($share));
+ $stmt = OC_DB::prepare('SELECT * FROM *PREFIX*calendar_share_' . $type . ' WHERE ((share = ? AND sharetype = "user") ' . $group_where . ')');
+ $result = $stmt->execute(array($share));
+ if($result->numRows() > 0){
+ return true;
+ }
+ if($type == self::EVENT){
+ $calendar == OC_Calendar_App::getCalendar($id);
+ return self::check_access($share, $calendar['id'], self::CALENDAR);
+ }
return false;
}
}
\ No newline at end of file
diff --git a/apps/calendar/templates/part.eventform.php b/apps/calendar/templates/part.eventform.php
index b67f8c02c39..c87e1ec9de7 100644
--- a/apps/calendar/templates/part.eventform.php
+++ b/apps/calendar/templates/part.eventform.php
@@ -217,6 +217,7 @@
<td>
<select id="end" name="end">
<?php
+ if($_['repeat_end'] == '') $_['repeat_end'] = 'never';
echo html_select_options($_['repeat_end_options'], $_['repeat_end']);
?>
</select>
diff --git a/apps/calendar/templates/part.showevent.php b/apps/calendar/templates/part.showevent.php
new file mode 100644
index 00000000000..1be13bf1f66
--- /dev/null
+++ b/apps/calendar/templates/part.showevent.php
@@ -0,0 +1,249 @@
+<div id="event" title="<?php echo $l->t("View an event");?>">
+<ul>
+ <li><a href="#tabs-1"><?php echo $l->t('Eventinfo'); ?></a></li>
+ <li><a href="#tabs-2"><?php echo $l->t('Repeating'); ?></a></li>
+ <li><a href="#tabs-3"><?php echo $l->t('Alarm'); ?></a></li>
+ <li><a href="#tabs-4"><?php echo $l->t('Attendees'); ?></a></li>
+ <li><a href="#tabs-5"><?php echo $l->t('Share'); ?></a></li>
+</ul>
+<div id="tabs-1">
+ <table width="100%">
+ <tr>
+ <th width="75px"><?php echo $l->t("Title");?>:</th>
+ <td>
+ <?php echo isset($_['title']) ? htmlspecialchars($_['title']) : '' ?>
+ </td>
+ </tr>
+ </table>
+ <table width="100%">
+ <tr>
+ <th width="75px"><?php echo $l->t("Category");?>:</th>
+ <td>
+ <?php
+ if(count($_['categories']) == 0){
+ echo $l->t('No categories selected');
+ }else{
+ echo '<select id="category" name="categories[]" multiple="multiple" title="' . $l->t("Select category") . '">';
+ echo html_select_options($_['categories'], $_['categories'], array('combine'=>true));
+ echo '</select>';
+ }
+ ?>
+ </td>
+ <th width="75px"> <?php echo $l->t("Calendar");?>:</th>
+ <td>
+ <select name="calendar" disabled="disabled">
+ <option>
+ <?php
+ $calendar = OC_Calendar_App::getCalendar($_['calendar']);
+ echo $calendar['displayname'] . ' ' . $l->t('of') . ' ' . OC_User::getUser();
+ ?>
+ </option>
+
+ </select>
+ </td>
+ <th width="75px"> </th>
+ <td>
+ <input type="hidden" name="calendar" value="<?php echo $_['calendar_options'][0]['id'] ?>">
+ </td>
+ </tr>
+ </table>
+ <hr>
+ <table width="100%">
+ <tr>
+ <th width="75px"></th>
+ <td>
+ <input onclick="Calendar.UI.lockTime();" type="checkbox"<?php if($_['allday']){echo 'checked="checked"';} ?> id="allday_checkbox" name="allday" disabled="disabled">
+ <?php echo $l->t("All Day Event");?>
+ </td>
+ </tr>
+ <tr>
+ <th width="75px"><?php echo $l->t("From");?>:</th>
+ <td>
+ <?php echo $_['startdate'];?>
+ <?php echo (!$_['allday'])?$l->t('at'):''; ?>
+ <?php echo $_['starttime'];?>
+ </td>
+ </tr>
+ <tr>
+ <th width="75px"><?php echo $l->t("To");?>:</th>
+ <td>
+ <?php echo $_['enddate'];?>
+ <?php echo (!$_['allday'])?$l->t('at'):''; ?>
+ <?php echo $_['endtime'];?>
+ </td>
+ </tr>
+ </table>
+ <input type="button" class="submit" value="<?php echo $l->t("Advanced options"); ?>" onclick="Calendar.UI.showadvancedoptions();" id="advanced_options_button">
+ <div id="advanced_options" style="display: none;">
+ <hr>
+ <table>
+ <tr>
+ <th width="85px"><?php echo $l->t("Location");?>:</th>
+ <td>
+ <?php echo isset($_['location']) ? htmlspecialchars($_['location']) : '' ?>
+ </td>
+ </tr>
+ </table>
+ <table>
+ <tr>
+ <th width="85px" style="vertical-align: top;"><?php echo $l->t("Description");?>:</th>
+ <td>
+ <?php echo isset($_['description']) ? htmlspecialchars($_['description']) : '' ?></textarea>
+ </tr>
+ </table>
+ </div>
+ </div>
+<div id="tabs-2">
+ <table style="width:100%">
+ <tr>
+ <th width="75px"><?php echo $l->t("Repeat");?>:</th>
+ <td>
+ <select id="repeat" name="repeat">
+ <?php
+ echo html_select_options(array($_['repeat_options'][$_['repeat']]), $_['repeat']);
+ ?>
+ </select></td>
+ <td><input type="button" style="float:right;" class="submit" value="<?php echo $l->t("Advanced"); ?>" onclick="Calendar.UI.showadvancedoptionsforrepeating();" id="advanced_options_button"></td>
+ </tr>
+ </table>
+ <div id="advanced_options_repeating" style="display:none;">
+ <table style="width:100%">
+ <tr id="advanced_month" style="display:none;">
+ <th width="75px"></th>
+ <td>
+ <select id="advanced_month_select" name="advanced_month_select">
+ <?php
+ echo html_select_options(array($_['repeat_month_options'][$_['repeat_month']]), $_['repeat_month']);
+ ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ <table style="width:100%">
+ <tr id="advanced_year" style="display:none;">
+ <th width="75px"></th>
+ <td>
+ <select id="advanced_year_select" name="advanced_year_select">
+ <?php
+ echo html_select_options(array($_['repeat_year_options'][$_['repeat_year']]), $_['repeat_year']);
+ ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ <table style="width:100%">
+ <tr id="advanced_weekofmonth" style="display:none;">
+ <th width="75px"></th>
+ <td id="weekofmonthcheckbox">
+ <select id="weekofmonthoptions" name="weekofmonthoptions">
+ <?php
+ echo html_select_options(array($_['repeat_weekofmonth_options'][$_['repeat_weekofmonth']]), $_['repeat_weekofmonth']);
+ ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ <table style="width:100%">
+ <tr id="advanced_weekday" style="display:none;">
+ <th width="75px"></th>
+ <td id="weeklycheckbox">
+ <select id="weeklyoptions" name="weeklyoptions[]" multiple="multiple" title="<?php echo $l->t("Select weekdays") ?>">
+ <?php
+ if (!isset($_['weekdays'])) {$_['weekdays'] = array();}
+ echo html_select_options(array($_['repeat_weekly_options'][$_['repeat_weekdays']]), $_['repeat_weekdays'], array('combine'=>true));
+ ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ <table style="width:100%">
+ <tr id="advanced_byyearday" style="display:none;">
+ <th width="75px"></th>
+ <td id="byyeardaycheckbox">
+ <select id="byyearday" name="byyearday[]" multiple="multiple" title="<?php echo $l->t("Select days") ?>">
+ <?php
+ if (!isset($_['repeat_byyearday'])) {$_['repeat_byyearday'] = array();}
+ echo html_select_options(array($_['repeat_byyearday_options'][$_['repeat_byyearday']]), $_['repeat_byyearday'], array('combine'=>true));
+ ?>
+ </select><?php echo $l->t('and the events day of year.'); ?>
+ </td>
+ </tr>
+ </table>
+ <table style="width:100%">
+ <tr id="advanced_bymonthday" style="display:none;">
+ <th width="75px"></th>
+ <td id="bymonthdaycheckbox">
+ <select id="bymonthday" name="bymonthday[]" multiple="multiple" title="<?php echo $l->t("Select days") ?>">
+ <?php
+ if (!isset($_['repeat_bymonthday'])) {$_['repeat_bymonthday'] = array();}
+ echo html_select_options(array($_['repeat_bymonthday_options'][$_['repeat_bymonthday']]), $_['repeat_bymonthday'], array('combine'=>true));
+ ?>
+ </select><?php echo $l->t('and the events day of month.'); ?>
+ </td>
+ </tr>
+ </table>
+ <table style="width:100%">
+ <tr id="advanced_bymonth" style="display:none;">
+ <th width="75px"></th>
+ <td id="bymonthcheckbox">
+ <select id="bymonth" name="bymonth[]" multiple="multiple" title="<?php echo $l->t("Select months") ?>">
+ <?php
+ if (!isset($_['repeat_bymonth'])) {$_['repeat_bymonth'] = array();}
+ echo html_select_options(array($_['repeat_bymonth_options'][$_['repeat_bymonth']]), $_['repeat_bymonth'], array('combine'=>true));
+ ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ <table style="width:100%">
+ <tr id="advanced_byweekno" style="display:none;">
+ <th width="75px"></th>
+ <td id="bymonthcheckbox">
+ <select id="byweekno" name="byweekno[]" multiple="multiple" title="<?php echo $l->t("Select weeks") ?>">
+ <?php
+ if (!isset($_['repeat_byweekno'])) {$_['repeat_byweekno'] = array();}
+ echo html_select_options(array($_['repeat_byweekno_options'][$_['repeat_byweekno']]), $_['repeat_byweekno'], array('combine'=>true));
+ ?>
+ </select><?php echo $l->t('and the events week of year.'); ?>
+ </td>
+ </tr>
+ </table>
+ <table style="width:100%">
+ <tr>
+ <th width="75px"><?php echo $l->t('Interval'); ?>:</th>
+ <td>
+ <?php echo isset($_['repeat_interval']) ? $_['repeat_interval'] : '1'; ?>
+ </td>
+ </tr>
+ <tr>
+ <th width="75px"><?php echo $l->t('End'); ?>:</th>
+ <td>
+ <select id="end" name="end">
+ <?php
+ if($_['repeat_end'] == '') $_['repeat_end'] = 'never';
+ echo html_select_options(array($_['repeat_end_options'][$_['repeat_end']]), $_['repeat_end']);
+ ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <th></th>
+ <td id="byoccurrences" style="display:none;">
+ <?php echo $_['repeat_count'] . ' ' . $l->t('occurrences'); ?>
+ </td>
+ </tr>
+ <tr>
+ <th></th>
+ <td id="bydate" style="display:none;">
+ <?php echo $_['repeat_date']; ?>
+ </td>
+ </tr>
+ </table>
+ <?php echo $l->t('Summary'); ?>:<span id="repeatsummary"></span>
+ </div>
+</div>
+<div id="tabs-3">//Alarm</div>
+<div id="tabs-4">//Attendees</div>
+<div id="tabs-5">//Share</div>
+
+</div>
\ No newline at end of file