aboutsummaryrefslogtreecommitdiffstats
path: root/access/fetch.py
diff options
context:
space:
mode:
Diffstat (limited to 'access/fetch.py')
-rw-r--r--access/fetch.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/access/fetch.py b/access/fetch.py
index d36c25b..170a7a7 100644
--- a/access/fetch.py
+++ b/access/fetch.py
@@ -35,11 +35,20 @@ def XMLBuildCalEvent(calevent, entry):
class FetchEvent(webapp2.RequestHandler):
def get(self): # GET 適用於已知 key 的狀況
+ guserid = users.get_current_user()
+ if not guserid:
+ return
+
mykey = self.request.get('key')
eventroot = etree.Element('inccalender')
calevent = etree.SubElement(eventroot, 'calevent')
entrykey = db.Key(mykey)
+ if entrykey.parent().name() != guserid.email():
+ self.response.set_status(403)
+ return
+
entry = db.get(entrykey)
+
XMLBuildCalEvent(calevent, entry)
self.response.headers['Content-Type'] = 'text/xml; charset=UTF-8'
generated by cgit (git 2.34.1) at 2025-10-18 16:16:32 +0800