-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lack of external event protection against accidental changes #4379
Labels
Comments
We tried to fix this once and had to revert due to some severe edge case. Unfortunately, we have to stick with this "bug". Nothing is wrong here from a technical/security perspective because you are only ever updating your personal copy of the event. Please refer to: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
Expected behavior
NC should disable editing of event details for user that is not event organizer (just allow limited set of operations like approval status change/removal similar to TB).
Actual behaviour
NC allows editing event details of externally organized events saved in NC calendar.
Calendar app version
3.4.2
CalDAV-clients used
Thunderbird
Browser
No response
Client operating system
No response
Server operating system
No response
Web server
No response
Database engine version
No response
PHP engine version
No response
Nextcloud version
24.0.3
Updated from an older installed version or fresh install
No response
List of activated apps
No response
Nextcloud configuration
No response
Web server error log
No response
Log file
No response
Browser log
No response
Additional info
No response
The text was updated successfully, but these errors were encountered: