some fixes for export with sharing

export.php

@@ -9,19 +9,19 @@ OCP\User::checkLoggedIn();
 OCP\App::checkAppEnabled('calendar');
 $cal = isset($_GET['calid']) ? $_GET['calid'] : null;
 $event = isset($_GET['eventid']) ? $_GET['eventid'] : null;
-if(isset($cal)) {
+if(!is_null($cal)) {
 	$calendar = OC_Calendar_App::getCalendar($cal, true);
 	if(!$calendar) {
-		header('HTTP/1.0 404 Not Found');
+		header('HTTP/1.0 403 Forbidden');
 		exit;
 	}
 	header('Content-Type: text/calendar');
 	header('Content-Disposition: inline; filename=' . str_replace(' ', '-', $calendar['displayname']) . '.ics');
 	echo OC_Calendar_Export::export($cal, OC_Calendar_Export::CALENDAR);
-}elseif(isset($event)) {
+}elseif(!is_null($event)) {
 	$data = OC_Calendar_App::getEventObject($_GET['eventid'], true);
 	if(!$data) {
-		header('HTTP/1.0 404 Not Found');
+		header('HTTP/1.0 403 Forbidden');
 		exit;
 	}
 	header('Content-Type: text/calendar');

lib/app.php

@@ -42,7 +42,14 @@ class OC_Calendar_App{
 
 		$calendar = OC_Calendar_Calendar::find($id);
 		// FIXME: Correct arguments to just check for permissions
-		if($security === true || $shared === true) {
+		if($security === true && $shared === false) {
+			if(OCP\User::getUser() === $calendar['userid']){
+				return $calendar;
+			}else{
+				return false;
+			}
+		}
+		if($security === true && $shared === true) {
 			if(OCP\Share::getItemSharedWithBySource('calendar', $id)) {
 				return $calendar;
 			}