From 3323a21297a369356b41366dfce3cab3a4c50975 Mon Sep 17 00:00:00 2001
From: Luka Trovic <luka@nextcloud.com>
Date: Wed, 10 Apr 2024 20:02:33 +0200
Subject: [PATCH] fix: permission check for cloning board

Signed-off-by: Luka Trovic <luka@nextcloud.com>
---
 lib/Service/BoardService.php                     | 4 ++++
 src/components/navigation/AppNavigationBoard.vue | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/lib/Service/BoardService.php b/lib/Service/BoardService.php
index f342b2850..0d0f32796 100644
--- a/lib/Service/BoardService.php
+++ b/lib/Service/BoardService.php
@@ -547,6 +547,10 @@ public function deleteAcl(int $id): ?Acl {
 	public function clone($id, $userId) {
 		$this->boardServiceValidator->check(compact('id', 'userId'));
 
+		if (!$this->permissionService->canCreate()) {
+			throw new NoPermissionException('Creating boards has been disabled for your account.');
+		}
+
 		$this->permissionService->checkPermission($this->boardMapper, $id, Acl::PERMISSION_READ);
 
 		$board = $this->boardMapper->find($id);
diff --git a/src/components/navigation/AppNavigationBoard.vue b/src/components/navigation/AppNavigationBoard.vue
index 45928f976..b87349a98 100644
--- a/src/components/navigation/AppNavigationBoard.vue
+++ b/src/components/navigation/AppNavigationBoard.vue
@@ -253,6 +253,9 @@ export default {
 			try {
 				const newBoard = await this.$store.dispatch('cloneBoard', this.board)
 				this.loading = false
+				if (newBoard instanceof Error) {
+					throw newBoard
+				}
 				this.$router.push({ name: 'board', params: { id: newBoard.id } })
 			} catch (e) {
 				OC.Notification.showTemporary(t('deck', 'An error occurred'))