During some recent changes, I've discovered that if a standard user was visiting this URL:
https://atlas.landscapefor.eu/calendar-edit.php?poi_ID=16298
Everything was OK. There was a check to verify if the user has enough permissions:
```
// no edit privileges no party
if( !$poi->canEditPOICalendar() ) {
die_asking_for_permissions();
}
```
But the issue that, if a standard user visits this page:
https://atlas.landscapefor.eu/calendar-edit.php?id=151
That user is able to edit the calendar because the page was not checking user privileges.
This is a #Security issue.