nikdoof/rustical
1
1
Fork 0
mirror of https://github.com/lennart-k/rustical.git synced 2025-12-13 20:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure all routes check for authorization

Browse Source
This commit is contained in:
Lennart
2025-01-19 00:20:16 +01:00
parent 130f754cdd
commit 6485b89c73
9 changed files with 59 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/caldav/src/calendar/resource.rs
View File

@@ -283,7 +283,7 @@ impl Resource for CalendarResource {
fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
if self.cal.subscription_url.is_some() || self.read_only {
return Ok(UserPrivilegeSet::read_only());
return Ok(UserPrivilegeSet::owner_read(self.cal.principal == user.id));
}
Ok(UserPrivilegeSet::owner_only(self.cal.principal == user.id))