nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-02-15 03:44:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Deny visibility of DAV::current-user-principal-set and DAV::acl as appropriate.

Browse Source
This commit is contained in:
Andrew McMillan 2009-12-26 12:37:02 +13:00
parent c7c5c1d784
commit f33de018f3
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
inc/DAVResource.php
View File

@ -1070,7 +1070,12 @@ EOQRY;
break;
case 'DAV::current-user-privilege-set':
$reply->NSElement($prop, $tag, $this->BuildPrivileges() );
if ( $this->HavePrivilegeTo('DAV::read-current-user-privilege-set') ) {
$reply->NSElement($prop, $tag, $this->BuildPrivileges() );
}
else {
$denied[] = $tag;
}
break;
case 'urn:ietf:params:xml:ns:caldav:supported-calendar-data':
@ -1137,7 +1142,12 @@ EOQRY;
break;
case 'DAV::acl':
$reply->NSElement($prop, $tag, $this->GetACL( $reply ) );
if ( $this->HavePrivilegeTo('DAV::read-acl') ) {
$reply->NSElement($prop, $tag, $this->GetACL( $reply ) );
}
else {
$denied[] = $tag;
}
break;
default: