From 4eeb67bb5603324cf8e87e8dff00c03c4ada4895 Mon Sep 17 00:00:00 2001
From: Luka Trovic <luka@nextcloud.com>
Date: Wed, 10 Apr 2024 20:02:33 +0200
Subject: [PATCH] fix: permission check for cloning board

Signed-off-by: Luka Trovic <luka@nextcloud.com>

[skip ci]
---
 lib/Service/BoardService.php                     | 4 ++++
 src/components/navigation/AppNavigationBoard.vue | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/Service/BoardService.php b/lib/Service/BoardService.php
index f342b2850..0d0f32796 100644
--- a/lib/Service/BoardService.php
+++ b/lib/Service/BoardService.php
@@ -547,6 +547,10 @@ public function deleteAcl(int $id): ?Acl {
 	public function clone($id, $userId) {
 		$this->boardServiceValidator->check(compact('id', 'userId'));
 
+		if (!$this->permissionService->canCreate()) {
+			throw new NoPermissionException('Creating boards has been disabled for your account.');
+		}
+
 		$this->permissionService->checkPermission($this->boardMapper, $id, Acl::PERMISSION_READ);
 
 		$board = $this->boardMapper->find($id);
diff --git a/src/components/navigation/AppNavigationBoard.vue b/src/components/navigation/AppNavigationBoard.vue
index f59ae4f03..52450f68e 100644
--- a/src/components/navigation/AppNavigationBoard.vue
+++ b/src/components/navigation/AppNavigationBoard.vue
@@ -47,7 +47,7 @@
 					@click="actionEdit">
 					{{ t('deck', 'Edit board') }}
 				</NcActionButton>
-				<NcActionButton v-if="canManage && !board.archived"
+				<NcActionButton v-if="canCreate && !board.archived"
 					:close-after-click="true"
 					@click="actionClone">
 					<template #icon>
@@ -148,6 +148,9 @@ import { NcAppNavigationIconBullet, NcAppNavigationCounter, NcAppNavigationItem,
 import ClickOutside from 'vue-click-outside'
 import ArchiveIcon from 'vue-material-design-icons/Archive.vue'
 import CloneIcon from 'vue-material-design-icons/ContentDuplicate.vue'
+import { loadState } from '@nextcloud/initial-state'
+
+const canCreateState = loadState('deck', 'canCreate')
 
 export default {
 	name: 'AppNavigationBoard',
@@ -185,6 +188,7 @@ export default {
 			editColor: '',
 			isDueSubmenuActive: false,
 			updateDueSetting: null,
+			canCreate: canCreateState,
 		}
 	},
 	computed: {
@@ -253,6 +257,9 @@ export default {
 			try {
 				const newBoard = await this.$store.dispatch('cloneBoard', this.board)
 				this.loading = false
+				if (newBoard instanceof Error) {
+					throw newBoard
+				}
 				this.$router.push({ name: 'board', params: { id: newBoard.id } })
 			} catch (e) {
 				OC.Notification.showTemporary(t('deck', 'An error occurred'))