diff --git a/lib/Service/CardService.php b/lib/Service/CardService.php index 71d578bf0..791849a24 100644 --- a/lib/Service/CardService.php +++ b/lib/Service/CardService.php @@ -267,7 +267,7 @@ public function delete($id) { public function update($id, $title, $stackId, $type, $owner, $description = '', $order = 0, $duedate = null, $deletedAt = null, $archived = null) { $this->cardServiceValidator->check(compact('id', 'title', 'stackId', 'type', 'owner', 'order')); - $this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT, allowDeletedCard: true); + $this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT, null, true); $this->permissionService->checkPermission($this->stackMapper, $stackId, Acl::PERMISSION_EDIT); if ($this->boardService->isArchived($this->cardMapper, $id)) { diff --git a/lib/Service/CommentService.php b/lib/Service/CommentService.php index c37b8cff2..34fe2ab25 100644 --- a/lib/Service/CommentService.php +++ b/lib/Service/CommentService.php @@ -77,10 +77,6 @@ public function list(string $cardId, int $limit = 20, int $offset = 0): DataResp } /** - * @param string $cardId - * @param string $message - * @param string $replyTo - * @return DataResponse * @throws BadRequestException * @throws NotFoundException|NoPermissionException */ @@ -136,7 +132,7 @@ public function update(string $cardId, string $commentId, string $message): Data throw new NoPermissionException('Only authors are allowed to edit their comment.'); } if ($comment->getParentId() !== '0') { - $this->permissionService->checkPermission($this->cardMapper, $comment->getParentId(), Acl::PERMISSION_READ); + $this->permissionService->checkPermission($this->cardMapper, (int)$comment->getParentId(), Acl::PERMISSION_READ); } $comment->setMessage($message); diff --git a/lib/Service/PermissionService.php b/lib/Service/PermissionService.php index 2f423d4c6..bddf3e710 100644 --- a/lib/Service/PermissionService.php +++ b/lib/Service/PermissionService.php @@ -98,7 +98,11 @@ public function __construct( * @param $boardId * @return bool|array */ - public function getPermissions($boardId) { + public function getPermissions($boardId, ?string $userId = null) { + if ($userId === null) { + $userId = $this->userId; + } + if ($cached = $this->permissionCache->get($boardId)) { return $cached; } @@ -113,7 +117,7 @@ public function getPermissions($boardId) { Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE)) && (!$this->shareManager->sharingDisabledForUser($this->userId)) ]; - $this->permissionCache->set($boardId, $permissions); + $this->permissionCache->set((string)$boardId, $permissions); return $permissions; } @@ -169,7 +173,7 @@ public function checkPermission($mapper, $id, $permission, $userId = null, bool } try { - $acls = $this->getBoard($boardId)->getAcl() ?? []; + $acls = $this->getBoard((int)$boardId)->getAcl() ?? []; $result = $this->userCan($acls, $permission, $userId); if ($result) { return true;