Hello,
during test of the istallation the following issue occurs:
Configuration:
Privat Extended Mode
View: all
Add: admin, editor, superuser
Edit: admin, editor, superuser
By login with user TEST 1 (assigned to role “editor”) - the events belong to the user TEST1 could be edited and deleted by TEST 1. Events from another users are visible, details can be seen without edit, but the DELETE icon is also shown and moreover, by click on it, the event is deleted.
How to achive the following:
every user can see all, add/edit/delete own? and not allowing to delete events from another users?
Hi,
problem is confirmed.
Please, open file wp-content/plugins/event-calendar-scheduler/codebase/dhtmlxSchedulerConfigurator.phpm find method set_event_user and replace it with the follow code:
public function set_event_user($action) {
if ($this->settings['templates_username'] == 'true') $action->remove_field('1');
$status = $action->get_status();
if ($status == "inserted") {
$action->set_value("user", $this->userid);
} else {
if ($this->settings["privatemode"] == "ext") {
$id = mysql_real_escape_string($action->get_id(), $this->connection);
$res = $this->scheduler->sql->query("SELECT user FROM {$this->prefix}events_rec WHERE event_id='{$id}'");
$tmp = $this->scheduler->sql->get_next($res);
$user = $tmp ? $tmp['user'] : -1;
if ($user != $this->userid) {
$action->error();
}
}
}
if ($action->get_value('event_pid') == '') {
$action->set_value('event_pid', 0);
}
if ($action->get_value('event_length') == '') {
$action->set_value('event_length', 0);
}
}
This code will block saving deleted event from server side. Unfortunately there is no way to prevent showing delete/edit buttons for blocked events at client side. Maybe it will be improved in the future.
Provided fix will be included in the next release, thanks for your feedback.
also the pop-up for deletion confirmation is shown before - maybe it is possible to add some code-check in the event rendering for the generating the context menu (with action icons - edit, details, delete?)?
the entry that had been tried to be deleted - is stays with crossed line
by following steps the changed code has no influence:
click on the change icon “pencel” by entry done by another user - type something in, click somewhere else => typed new text will be visible. or move the event from another user => the event is moved
Yes, the change is not saved (this is visible if the page is reloaded) - but confusing.
Is there any event that I could look into for fixing this issue?
Also the question - how to allow admins to edit ALL events? should i add it to the restriction check with Admin user id?
Hello!
is there is any workign work around for the above stated issue? i have v30 installed and facing the issue.
Thank you in advance for any hint!
best regards
Get a guaranteed answer from DHTMLX technical support team
under the most suitable support plan