Report error if sql fails. Add check for access to specific event.

web/ajax/events.php

@@ -75,7 +75,6 @@ if ( isset($_REQUEST['offset']) ) {
   }
 }
 
-
 // Limit specifies the number of rows to return
 // Set the default to 0 for events view, to prevent an issue with ALL pagination
 $limit = 0;
@@ -108,7 +107,6 @@ switch ( $task ) {
 			ajaxError('Insufficient permissions for user '.$user['Username']);
 			return;
 		}
-
     foreach ($eids as $eid) $data[] = deleteRequest($eid);
     break;
   case 'query' :
@@ -139,6 +137,8 @@ function deleteRequest($eid) {
     $message[] = array($eid=>'Event not found.');
   } else if ( $event->Archived() ) {
     $message[] = array($eid=>'Event is archived, cannot delete it.');
+  } else if (!$event->canEdit()) {
+    $message[] = array($eid=>'You do not have permission to delete event '.$event->Id());
   } else {
     $event->delete();
   }
@@ -147,7 +147,6 @@ function deleteRequest($eid) {
 }
 
 function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $limit) {
-
   $data = array(
     'total'   =>  0,
     'totalNotFiltered' => 0,
@@ -195,7 +194,10 @@ function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $lim
 
   ZM\Debug('Calling the following sql query: ' .$sql);
   $query = dbQuery($sql, $values);
-  if ( $query ) {
+  if (!$query) {
+    ajaxError(dbError($sql));
+    return;
+  }
   while ($row = dbFetchNext($query)) {
     $event = new ZM\Event($row);
     $event->remove_from_cache();
@@ -205,7 +207,6 @@ function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $lim
     $event_ids[] = $event->Id();
     $unfiltered_rows[] = $row;
   } # end foreach row
-  }
 
   ZM\Debug('Have ' . count($unfiltered_rows) . ' events matching base filter.');