diff --git a/lib/Service/PermissionService.php b/lib/Service/PermissionService.php index 0a6a7432c..c4fccf6bf 100644 --- a/lib/Service/PermissionService.php +++ b/lib/Service/PermissionService.php @@ -1,4 +1,4 @@ - * @@ -160,19 +160,19 @@ public function checkPermission($mapper, $id, $permission, $userId = null, bool throw new NoPermissionException('Permission denied'); } - $permissions = $this->getPermissions($boardId, $userId); - if ($permissions[$permission] === true) { - if (!$allowDeletedCard && $mapper instanceof CardMapper) { - $card = $mapper->find($id); - if ($card->getDeletedAt() > 0) { - throw new NoPermissionException('Card is deleted'); + try { + $permissions = $this->getPermissions($boardId, $userId); + if ($permissions[$permission] === true) { + if (!$allowDeletedCard && $mapper instanceof CardMapper) { + $card = $mapper->find($id); + if ($card->getDeletedAt() > 0) { + throw new NoPermissionException('Card is deleted'); + } } - } - return true; - } + return true; + } - try { $acls = $this->getBoard((int)$boardId)->getAcl() ?? []; $result = $this->userCan($acls, $permission, $userId); if ($result) { diff --git a/tests/unit/Service/PermissionServiceTest.php b/tests/unit/Service/PermissionServiceTest.php index 0994a778e..1bf00c5f3 100644 --- a/tests/unit/Service/PermissionServiceTest.php +++ b/tests/unit/Service/PermissionServiceTest.php @@ -240,6 +240,8 @@ public function testCheckPermission($boardId, $permission, $result, $owner = 'fo ->method('sharingDisabledForUser') ->willReturn(false); + $this->aclMapper->method('findAll')->willReturn([]); + if ($result) { $actual = $this->service->checkPermission($mapper, 1234, $permission); $this->assertTrue($actual); @@ -262,6 +264,8 @@ public function testCheckPermissionWithoutMapper($boardId, $permission, $result, $this->boardMapper->expects($this->any())->method('find')->willReturn($board); } + $this->aclMapper->method('findAll')->willReturn([]); + if ($result) { $actual = $this->service->checkPermission($mapper, 1234, $permission); $this->assertTrue($actual);