Skip to content

Commit

Permalink
Merge pull request #515 from nextcloud/check-access
Browse files Browse the repository at this point in the history 
#511 - added missing access check
  • Loading branch information
@dartcafe
dartcafe authored Feb 10, 2019
2 parents 47764b1 + de8d187 commit ce83e96
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion lib/Controller/ApiController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,8 @@ private function grantAccessAs($event, $shares) {
$grantAccessAs = 'public';
} elseif ($event['access'] === 'registered' && \OC::$server->getUserSession()->getUser() instanceof IUser) {
$grantAccessAs = 'registered';
} elseif ($event['access'] === 'hidden' && ($event['owner'] === \OC::$server->getUserSession()->getUser())) {
$grantAccessAs = 'hidden';
} elseif ($this->checkUserAccess($shares)) {
$grantAccessAs = 'userInvitation';
} elseif ($this->checkGroupAccess($shares)) {
Expand Down Expand Up @@ -418,7 +420,10 @@ public function getPolls() {
$eventsList = array();

foreach ($events as $eventElement) {
$eventsList[] = $this->getPoll($eventElement->id);
$event = $this->getPoll($eventElement->id);
if ($event['grantedAs'] !== 'none') {
$eventsList[] = $event;
}
}

return new DataResponse($eventsList, Http::STATUS_OK);
Expand Down

0 comments on commit ce83e96

Please sign in to comment.