This method doesn't make much sense as implemented.

A "Private" event should *ONLY* be viewable by the event creator. That's why it's private. Allowing it to be shown to users with READ perms, even when generating alarms/agendas defeats this purpose. I.e., any event with the private flag set will only ever be viewable by the creator. Even when generating agendas and alarms.
horde · Nov 6, 2015 · 6577a8d · 6577a8d
1 parent 847e6bc
commit 6577a8d
Showing 1 changed file with 3 additions and 11 deletions.
diff --git a/kronolith/lib/Event.php b/kronolith/lib/Event.php
@@ -2582,10 +2582,6 @@ public function boundExceptions($flat = true)
     /**
      * Returns whether the event should be considered private.
      *
-     * The event's private flag can be overriden if the current user
-     * is an administrator and the code is run from command line. This is to
-     * allow full event notifications in alarm messages.
-     *
      * @param string $user  The current user. If omitted, uses the current user.
      *
      * @return boolean  Whether to consider the event as private.
@@ -2598,13 +2594,9 @@ public function isPrivate($user = null)
             $user = $registry->getAuth();
         }
 
-        if (!(Horde_Cli::runningFromCLI() && $registry->isAdmin()) &&
-            $this->private && $this->creator != $user) {
-            return true;
-        }
-
-        if ($registry->isAdmin() ||
-             $this->hasPermission(Horde_Perms::READ, $user)) {
+        // Never private if private is not true or if the current user is the
+        // event creator.
+        if (!$this->private || $this->creator == $user) {
             return false;
         }