amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-06-23 10:54:17 +00:00
Code Issues Projects Releases Wiki Activity

fix(calendar): Fix issue where a calendar's subscribed user can give acl to another user

Browse Source
This commit is contained in:
smizrahi
2024-04-03 10:48:39 +02:00
parent cb55413e91
commit ae01ed077d
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SoObjects/SOGo/SOGoObject.m
+4 -4
View File
@@ -1400,7 +1400,7 @@
else if ([nodeName isEqualToString: @"set-roles"])
{
// Disable Acl modifications if this is not the owner
if (![[[context activeUser] login] isEqualToString: owner])
if (![self ignoreRights])
return nil;
// We support two ways of setting roles. The first one is, for example:
@@ -1451,7 +1451,7 @@
else if ([nodeName isEqualToString: @"add-user"])
{
// Disable Acl modifications if this is not the owner
if (![[[context activeUser] login] isEqualToString: owner])
if (![self ignoreRights])
return nil;
attrs = [node attributes];
userAttr = [attrs namedItem: @"user"];
@@ -1462,7 +1462,7 @@
else if ([nodeName isEqualToString: @"add-users"])
{
// Disable Acl modifications if this is not the owner
if (![[[context activeUser] login] isEqualToString: owner])
if (![self ignoreRights])
return nil;
attrs = [node attributes];
userAttr = [attrs namedItem: @"users"];
@@ -1485,7 +1485,7 @@
else if ([nodeName isEqualToString: @"remove-user"])
{
// Disable Acl modifications if this is not the owner
if (![[[context activeUser] login] isEqualToString: owner])
if (![self ignoreRights])
return nil;
attrs = [node attributes];
userAttr = [attrs namedItem: @"user"];