Currently users have to be granted permission to update all events displayed on the calendar or none at all. I think fullcalendar drap and drop updates should respect all entity permissions, eg. 'edit own content'. Bypassing these permissions really limits the use of drag and drop updating in many use cases.
Added an entity_access() check to fullcalendar_update and return a custom message to be displayed in fullcalendar-status div if it fails.
Though a separate and mutually exclusive issue, the functionality proposed inwould enhance this solution.
User interface changes
New message shown to calendar users on entity_access() fail.
Original report by [username]