ff021ffffd2b60470ecff2d1e4b35c6fa7f01dba,calendar-webservice/src/main/java/org/exoplatform/calendar/ws/CalendarRestApi.java,CalendarRestApi,updateCalendarById,#String#CalendarResource#,625

Before Change


          int type = calendarServiceInstance().getTypeOfCalendar(currentUserId(), cal.getId());

          if (type == Calendar.TYPE_PRIVATE && !currentUserId().equals(cal.getCalendarOwner())) {
            return Response.status(HTTPStatus.FORBIDDEN).cacheControl(nc).build();
          }

          calendarServiceInstance().saveCalendar(cal.getCalendarOwner(), cal, type, false);

After Change



          if (type == Calendar.TYPE_PRIVATE) {
            if (!currentUserId().equals(cal.getCalendarOwner())) {
              return Response.status(HTTPStatus.FORBIDDEN).entity("Can not change owner of personal calendar").cacheControl(nc).build();
            }
            if (cal.getGroups() != null && cal.getGroups().length > 0) {
              return Response.status(HTTPStatus.FORBIDDEN).entity("Can not update groups of personal calendar").cacheControl(nc).build();
            }
          }