Merge pull request #758 from nextcloud/bugfix/noid/group-restrict

Implement group restrictions for creating and sharing

appinfo/routes.php

@@ -26,6 +26,9 @@ return [
 	'routes' => [
 		['name' => 'page#index', 'url' => '/', 'verb' => 'GET'],
 
+		['name' => 'Config#get', 'url' => '/config', 'verb' => 'GET'],
+		['name' => 'Config#setValue', 'url' => '/config/{key}', 'verb' => 'POST'],
+
 		// boards
 		['name' => 'board#index', 'url' => '/boards', 'verb' => 'GET'],
 		['name' => 'board#create', 'url' => '/boards', 'verb' => 'POST'],

css/style.scss

@@ -148,6 +148,22 @@ input.input-inline {
 
 }
 
+#app-settings-content {
+	overflow: initial;
+
+	.ui-select-match-item {
+		border: 1px solid var(--color-background-darker) !important;
+		.select-label {
+			color: var(--color-main-text);
+		}
+	}
+
+	p.hint {
+		margin-top: 10px;
+		color: var(--color-text-light);
+	}
+}
+
 /**
  * Board view
  */
@@ -1246,6 +1262,7 @@ input.input-inline {
 		display: inline-block;
 		overflow: hidden;
 		vertical-align: middle;
+		flex-grow: 1;
 	}
 
 	.icon-delete {
@@ -1404,6 +1421,10 @@ input.input-inline {
 		}
 		.select2-search-field {
 			margin-right: -10px;
+			flex-grow: 1;
+			input {
+				width: 100% !important;
+			}
 		}
 	}
 
@@ -1537,7 +1558,7 @@ input.input-inline {
 	table {
 		margin-bottom: 10px;
 		border-collapse: collapse;
-		
+
 		thead {
 			background-color: var(--color-background-dark, $color-lightgrey);
 		}

js/controller/ListController.js

@@ -4,25 +4,25 @@
  * @author Julius Härtl <jus@bitgrid.net>
  *
  * @license GNU AGPL version 3 or any later version
- *  
+ *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU Affero General Public License as
  *  published by the Free Software Foundation, either version 3 of the
  *  License, or (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Affero General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU Affero General Public License
  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *  
+ *
  */
 
-/* global app angular */
+/* global app angular oc_isadmin */
 
-var ListController = function ($scope, $location, $filter, BoardService, $element, $timeout, $stateParams, $state, StatusService) {
+var ListController = function ($scope, $location, $filter, BoardService, $element, $timeout, $stateParams, $state, StatusService, $http, $q, $rootScope) {
 
 	function calculateNewColor() {
 		var boards = BoardService.getAll();
@@ -55,6 +55,56 @@ var ListController = function ($scope, $location, $filter, BoardService, $elemen
 	$scope.colors = ['0082c9', '00c9c6','00c906', 'c92b00', 'F1DB50', '7C31CC', '3A3B3D', 'CACBCD'];
 	$scope.boardservice = BoardService;
 	$scope.updatingBoard = null;
+	$scope.isAdmin = oc_isadmin;
+	$scope.canCreate = $rootScope.config.canCreate;
+
+	if ($scope.isAdmin) {
+		OC.Apps.enableDynamicSlideToggle();
+		$scope.groups = [];
+		$scope.groupLimit = [];
+		$scope.groupLimitDisabled = true;
+		let fetchGroups = function () {
+			var deferred = $q.defer();
+			$http.get(OC.linkToOCS('cloud', 2) + 'groups/details').then(function (response) {
+				$scope.groups = response.data.ocs.data.groups;
+				deferred.resolve(response.data.ocs.data.groups);
+			}, function (error) {
+				deferred.reject('Error while loading groups');
+			});
+			$http.get(OC.generateUrl('apps/deck/config')).then(function (response) {
+				$scope.groupLimit = response.data.groupLimit;
+				$scope.groupLimitDisabled = false;
+				deferred.resolve(response.data);
+			}, function (error) {
+				deferred.reject('Error while loading groupLimit');
+			});
+			return deferred.promise;
+		};
+
+		let updateConfig = function() {
+			$scope.groupLimitDisabled = true;
+			var deferred = $q.defer();
+			$http.post(OC.generateUrl('apps/deck/config/groupLimit'), {value: $scope.groupLimit}).then(function (response) {
+				$scope.groupLimitDisabled = false;
+				deferred.resolve(response.data);
+			}, function (error) {
+				deferred.reject('Error while saving groupLimit');
+			});
+			return deferred.promise;
+		};
+
+		$scope.groupLimitAdd = function (element, model) {
+			$scope.groupLimit.push(element);
+			updateConfig();
+		};
+		$scope.groupLimitRemove = function (element, model) {
+			$scope.groupLimit = $scope.groupLimit.filter((el) => {
+				return el.id !== element.id;
+			});
+			updateConfig();
+		};
+		fetchGroups();
+	}
 
 	var filterData = function () {
 		if($element.attr('id') === 'app-navigation') {

js/service/BoardService.js

@@ -125,8 +125,8 @@ app.factory('BoardService', function (ApiService, $http, $q) {
 				displayname: ocsItem.label
 			},
 			permissionEdit: true,
-			permissionManage: true,
-			permissionShare: true,
+			permissionManage: false,
+			permissionShare: false,
 			type: type
 		};
 	};

lib/Controller/ConfigController.php

@@ -0,0 +1,118 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Deck\Controller;
+
+use OCA\Deck\Service\DefaultBoardService;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\Http\NotFoundResponse;
+use OCP\IConfig;
+use OCP\IGroup;
+use OCP\IGroupManager;
+use OCP\IRequest;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\AppFramework\Controller;
+use OCP\IL10N;
+
+class ConfigController extends Controller {
+
+	private $config;
+	private $userId;
+	private $groupManager;
+
+	public function __construct(
+		$AppName,
+		IRequest $request,
+		IConfig $config,
+		IGroupManager $groupManager,
+		$userId
+		) {
+		parent::__construct($AppName, $request);
+
+		$this->userId = $userId;
+		$this->groupManager = $groupManager;
+		$this->config = $config;
+	}
+
+	/**
+	 * @NoCSRFRequired
+	 */
+	public function get() {
+		$data = [
+			'groupLimit' => $this->getGroupLimit(),
+		];
+		return new DataResponse($data);
+	}
+
+	/**
+	 * @NoCSRFRequired
+	 */
+	public function setValue($key, $value) {
+		switch ($key) {
+			case 'groupLimit':
+				$result = $this->setGroupLimit($value);
+				break;
+		}
+		if ($result === null) {
+			return new NotFoundResponse();
+		}
+		return new DataResponse($result);
+	}
+
+	private function setGroupLimit($value) {
+		$groups = [];
+		foreach ($value as $group) {
+			$groups[] = $group['id'];
+		}
+		$data = implode(',', $groups);
+		$this->config->setAppValue($this->appName, 'groupLimit', $data);
+		return $groups;
+	}
+
+	private function getGroupLimitList() {
+		$value = $this->config->getAppValue($this->appName, 'groupLimit', '');
+		$groups = explode(',', $value);
+		if ($value === '') {
+			return [];
+		}
+		return $groups;
+	}
+
+	private function getGroupLimit() {
+		$groups = $this->getGroupLimitList();
+		$groups = array_map(function($groupId) {
+			/** @var IGroup $groups */
+			$group = $this->groupManager->get($groupId);
+			return [
+				'id' => $group->getGID(),
+				'displayname' => $group->getDisplayName(),
+				'usercount' => $group->count(),
+				'disabled' => $group->countDisabled(),
+				'canAdd' => $group->canAddUser(),
+				'canRemove' => $group->canRemoveUser(),
+			];
+		}, $groups);
+		return $groups;
+	}
+
+}

lib/Controller/PageController.php

@@ -24,6 +24,7 @@
 namespace OCA\Deck\Controller;
 
 use OCA\Deck\Service\DefaultBoardService;
+use OCA\Deck\Service\PermissionService;
 use OCP\IRequest;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Controller;
@@ -32,13 +33,15 @@ use OCP\IL10N;
 class PageController extends Controller {
 
 	private $defaultBoardService;
+	private $permissionService;
 	private $userId;
 	private $l10n;
 
 	public function __construct(
-		$AppName, 
-		IRequest $request,		
+		$AppName,
+		IRequest $request,
 		DefaultBoardService $defaultBoardService,
+		PermissionService $permissionService,
 		IL10N $l10n,
 		$userId
 		) {
@@ -46,6 +49,7 @@ class PageController extends Controller {
 
 		$this->userId = $userId;
 		$this->defaultBoardService = $defaultBoardService;
+		$this->permissionService = $permissionService;
 		$this->l10n = $l10n;
 	}
 
@@ -60,8 +64,9 @@ class PageController extends Controller {
 		$params = [
 			'user' => $this->userId,
 			'maxUploadSize' => (int)\OCP\Util::uploadLimit(),
+			'canCreate' => $this->permissionService->canCreate()
 		];
-			
+
 		if ($this->defaultBoardService->checkFirstRun($this->userId, $this->appName)) {
 			$this->defaultBoardService->createDefaultBoard($this->l10n->t('Personal'), $this->userId, '000000');
 		}

lib/Service/BoardService.php

@@ -31,6 +31,7 @@ use OCA\Deck\Db\AssignedUsersMapper;
 use OCA\Deck\Db\ChangeHelper;
 use OCA\Deck\Db\IPermissionMapper;
 use OCA\Deck\Db\Label;
+use OCA\Deck\NoPermissionException;
 use OCA\Deck\Notification\NotificationHelper;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\IGroupManager;
@@ -94,6 +95,7 @@ class BoardService {
 		$groupBoards = $this->boardMapper->findAllByGroups($userInfo['user'], $userInfo['groups'],null, null,  $since);
 		$complete = array_merge($userBoards, $groupBoards);
 		$result = [];
+		/** @var Board $item */
 		foreach ($complete as &$item) {
 			if (!array_key_exists($item->getId(), $result)) {
 				$this->boardMapper->mapOwner($item);
@@ -249,6 +251,10 @@ class BoardService {
 			throw new BadRequestException('color must be provided');
 		}
 
+		if (!$this->permissionService->canCreate()) {
+			throw new NoPermissionException('Creating boards has been disabled for your account.');
+		}
+
 		$board = new Board();
 		$board->setTitle($title);
 		$board->setOwner($userId);
@@ -417,15 +423,15 @@ class BoardService {
 			throw new BadRequestException('participant must be provided');
 		}
 
-		if ($edit === false || $edit === null) {
+		if ($edit === null) {
 			throw new BadRequestException('edit must be provided');
 		}
 
-		if ($share === false || $share === null) {
+		if ($share === null) {
 			throw new BadRequestException('share must be provided');
 		}
 
-		if ($manage === false || $manage === null) {
+		if ($manage === null) {
 			throw new BadRequestException('manage must be provided');
 		}
 

lib/Service/PermissionService.php

@@ -33,9 +33,11 @@ use OCA\Deck\NoPermissionException;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Db\Entity;
 use OCP\AppFramework\Db\MultipleObjectsReturnedException;
+use OCP\IConfig;
 use OCP\IGroupManager;
 use OCP\ILogger;
 use OCP\IUserManager;
+use OCP\Share\IManager;
 
 
 class PermissionService {
@@ -50,6 +52,10 @@ class PermissionService {
 	private $userManager;
 	/** @var IGroupManager */
 	private $groupManager;
+	/** @var IConfig */
+	private $config;
+	/** @var IManager */
+	private $shareManager;
 	/** @var string */
 	private $userId;
 	/** @var array */
@@ -61,6 +67,8 @@ class PermissionService {
 		BoardMapper $boardMapper,
 		IUserManager $userManager,
 		IGroupManager $groupManager,
+		IManager $shareManager,
+		IConfig $config,
 		$userId
 	) {
 		$this->aclMapper = $aclMapper;
@@ -68,6 +76,8 @@ class PermissionService {
 		$this->logger = $logger;
 		$this->userManager = $userManager;
 		$this->groupManager = $groupManager;
+		$this->shareManager = $shareManager;
+		$this->config = $config;
 		$this->userId = $userId;
 	}
 
@@ -84,7 +94,8 @@ class PermissionService {
 			Acl::PERMISSION_READ => $owner || $this->userCan($acls, Acl::PERMISSION_READ),
 			Acl::PERMISSION_EDIT => $owner || $this->userCan($acls, Acl::PERMISSION_EDIT),
 			Acl::PERMISSION_MANAGE => $owner || $this->userCan($acls, Acl::PERMISSION_MANAGE),
-			Acl::PERMISSION_SHARE => $owner || $this->userCan($acls, Acl::PERMISSION_SHARE),
+			Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE))
+				&& (!$this->shareManager->sharingDisabledForUser($this->userId))
 		];
 	}
 
@@ -102,7 +113,8 @@ class PermissionService {
 			Acl::PERMISSION_READ => $owner || $this->userCan($acls, Acl::PERMISSION_READ),
 			Acl::PERMISSION_EDIT => $owner || $this->userCan($acls, Acl::PERMISSION_EDIT),
 			Acl::PERMISSION_MANAGE => $owner || $this->userCan($acls, Acl::PERMISSION_MANAGE),
-			Acl::PERMISSION_SHARE => $owner || $this->userCan($acls, Acl::PERMISSION_SHARE),
+			Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE))
+				&& (!$this->shareManager->sharingDisabledForUser($this->userId))
 		];
 	}
 
@@ -125,6 +137,10 @@ class PermissionService {
 			throw new NoPermissionException('Permission denied');
 		}
 
+		if ($permission === Acl::PERMISSION_SHARE && $this->shareManager->sharingDisabledForUser($this->userId)) {
+			return false;
+		}
+
 		if ($this->userIsBoardOwner($boardId)) {
 			return true;
 		}
@@ -150,7 +166,7 @@ class PermissionService {
 		} catch (DoesNotExistException $e) {
 		} catch (MultipleObjectsReturnedException $e) {
 			return false;
-		}		
+		}
 	}
 
 	/**
@@ -229,4 +245,23 @@ class PermissionService {
 		$this->users[(string) $boardId] = $users;
 		return $this->users[(string) $boardId];
 	}
-}
+
+	public function canCreate() {
+		$groups = $this->getGroupLimitList();
+		foreach ($groups as $group) {
+			if ($this->groupManager->isInGroup($this->userId, $group)) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+	private function getGroupLimitList() {
+		$value = $this->config->getAppValue('deck', 'groupLimit', '');
+		$groups = explode(',', $value);
+		if ($value === '') {
+			return [];
+		}
+		return $groups;
+	}
+}

templates/main.php

@@ -53,7 +53,7 @@ if (\OC_Util::getVersion()[0] < 14) {
 
 	<div id="app-navigation" data-ng-controller="ListController" ng-init="initSidebar()">
 		<?php print_unescaped($this->inc('part.navigation')); ?>
-		<?php /* print_unescaped($this->inc('part.settings')); */ ?>
+		<?php print_unescaped($this->inc('part.settings')); ?>
 	</div>
 	<div id="app-content" ng-class="{ 'details-visible': sidebar.show }"><div id="app-navigation-toggle-custom" class="icon-menu" ng-click="toggleSidebar()"></div><div ui-view></div></div>
 	<div id="app-sidebar" ng-class="{ 'details-visible': sidebar.show }" ng-if="sidebar.show" class="details-view scroll-container" ui-view="sidebarView"></div>

templates/part.board.sidebarView.php

@@ -56,13 +56,13 @@
                     {{ acl.participant.displayname }}
 				</span>
 				<span class="sharingOptionsGroup">
-                <span class="shareOption" ng-if="boardservice.canManage()">
-                    <input type="checkbox" class="permissions checkbox" id="checkbox-permission-{{ acl.id }}-share" ng-model="acl.permissionShare" ng-change="aclUpdate(acl)" />
-                    <label for="checkbox-permission-{{ acl.id }}-share"><?php p($l->t('Share')); ?></label>
-                </span>
                 <span class="shareOption"ng-if="boardservice.canManage()">
                     <input type="checkbox" class="permissions checkbox" id="checkbox-permission-{{ acl.id }}-edit" ng-model="acl.permissionEdit" ng-change="aclUpdate(acl)" />
                     <label for="checkbox-permission-{{ acl.id }}-edit"><?php p($l->t('Edit')); ?></label>
+                </span>
+				<span class="shareOption" ng-if="boardservice.canManage()">
+                    <input type="checkbox" class="permissions checkbox" id="checkbox-permission-{{ acl.id }}-share" ng-model="acl.permissionShare" ng-change="aclUpdate(acl)" />
+                    <label for="checkbox-permission-{{ acl.id }}-share"><?php p($l->t('Share')); ?></label>
                 </span>
                 <span class="shareOption"ng-if="boardservice.canManage()">
                     <input type="checkbox" class="permissions checkbox" id="checkbox-permission-{{ acl.id }}-manage" ng-model="acl.permissionManage" ng-change="aclUpdate(acl)" />
@@ -71,6 +71,9 @@
 				</span>
                 <a ng-if="boardservice.canManage()" ng-click="aclDelete(acl)"><span class="icon-loading-small hidden"></span><span class="icon icon-delete"></span><span class="hidden-visually"><?php p($l->t('Discard share')); ?></span></a>
             </li>
+			<li ng-if="!boardservice.canShare()">
+				<?php p($l->t('Sharing has been disabled for your account.')); ?>
+			</li>
         </ul>
 
     </div>

templates/part.boardlist.php

@@ -95,7 +95,7 @@
 				</div>
 			</td>
 		</tr>
-		<tr ng-if="status.filter === '' && !status.addBoard" ng-click="status.addBoard=!status.addBoard" class="board-create">
+		<tr ng-if="canCreate && status.filter === '' && !status.addBoard" ng-click="status.addBoard=!status.addBoard" class="board-create">
 			<td><span class="icon icon-add"></span></td>
 			<td colspan="3">
 				<a ng-click="status.addBoard=!status.addBoard"

templates/part.navigation.php

@@ -52,7 +52,7 @@
 		</div>
 	</li>
 
-	<li ng-class="{editing: status.addBoard}">
+	<li ng-class="{editing: status.addBoard}" ng-if="canCreate">
 		<a ng-click="status.addBoard=!status.addBoard" class="icon-add app-navigation-noclose">
 			<?php p($l->t('Create a new board')); ?>
 		</a>

templates/part.settings.php

@@ -1,8 +1,21 @@
-<div id="app-settings">
+<div id="app-settings" ng-if="isAdmin">
 	<div id="app-settings-header">
-		<button class="settings-button" data-apps-slide-toggle="#app-settings-content"></button>
+		<button class="settings-button" data-apps-slide-toggle="#app-settings-content"><?php p($l->t('Settings')); ?></button>
 	</div>
-	<div id="app-settings-content">
-
+	<div id="app-settings-content" class="hidden">
+		<ui-select multiple tagging="" ng-model="groupLimit" theme="select2"
+				   title="<?php p($l->t('Limit deck to groups')); ?>"
+				   placeholder="<?php p($l->t('Limit deck to groups')); ?>"
+				   on-select="groupLimitAdd($item, $model)"
+				   on-remove="groupLimitRemove($item, $model)" ng-disabled="groupLimitDisabled">
+			<ui-select-match placeholder="<?php p($l->t('Limit deck to groups')); ?>">
+				<span class="select-label">{{$item.displayname}}&nbsp;</span>
+			</ui-select-match>
+			<ui-select-choices
+					repeat="group in groups | filter: $select.search | limitTo: 3 track by group.id" position="down">
+				<span class="choose-label">{{group.displayname}}</span>
+			</ui-select-choices>
+		</ui-select>
+		<p class="hint"><?php p($l->t('Limiting Deck will block users not part of those groups from creating their own boards. Users will still be able to work on boards that have been shared with them.')); ?></p>
 	</div>
 </div>

tests/unit/Service/BoardServiceTest.php

@@ -150,6 +150,9 @@ class BoardServiceTest extends TestCase {
 		$this->boardMapper->expects($this->once())
 			->method('insert')
 			->willReturn($board);
+		$this->permissionService->expects($this->once())
+			->method('canCreate')
+			->willReturn(true);
 		$b = $this->service->create('MyBoard', 'admin', '00ff00');
 
 		$this->assertEquals($b->getTitle(), 'MyBoard');
@@ -158,6 +161,20 @@ class BoardServiceTest extends TestCase {
 		$this->assertCount(4, $b->getLabels());
 	}
 
+	/**
+	 * @expectedException \OCA\Deck\NoPermissionException
+	 */
+	public function testCreateDenied() {
+		$board = new Board();
+		$board->setTitle('MyBoard');
+		$board->setOwner('admin');
+		$board->setColor('00ff00');
+		$this->permissionService->expects($this->once())
+			->method('canCreate')
+			->willReturn(false);
+		$b = $this->service->create('MyBoard', 'admin', '00ff00');
+	}
+
 	public function testUpdate() {
 		$board = new Board();
 		$board->setTitle('MyBoard');

tests/unit/Service/PermissionServiceTest.php

@@ -31,11 +31,13 @@ use OCA\Deck\Db\IPermissionMapper;
 use OCA\Deck\Db\User;
 use OCA\Deck\NoPermissionException;
 use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\IConfig;
 use OCP\IGroup;
 use OCP\IGroupManager;
 use OCP\ILogger;
 use OCP\IUser;
 use OCP\IUserManager;
+use OCP\Share\IManager;
 
 class PermissionServiceTest extends \Test\TestCase {
 
@@ -51,21 +53,22 @@ class PermissionServiceTest extends \Test\TestCase {
     private $userManager;
     /** @var IGroupManager */
 	private $groupManager;
+	/** @var IManager */
+	private $shareManager;
+	/** @var IConfig */
+	private $config;
 	/** @var string */
 	private $userId = 'admin';
 
 	public function setUp() {
 		parent::setUp();
-		$this->logger = $this->request = $this->getMockBuilder(ILogger::class)
-			->disableOriginalConstructor()
-			->getMock();
-		$this->aclMapper = $this->getMockBuilder(AclMapper::class)
-			->disableOriginalConstructor()->getMock();
-		$this->boardMapper = $this->getMockBuilder(BoardMapper::class)
-			->disableOriginalConstructor()->getMock();
+		$this->logger = $this->request = $this->createMock(ILogger::class);
+		$this->aclMapper = $this->createMock(AclMapper::class);
+		$this->boardMapper = $this->createMock(BoardMapper::class);
 		$this->userManager = $this->createMock(IUserManager::class);
-		$this->groupManager = $this->getMockBuilder(IGroupManager::class)
-			->disableOriginalConstructor()->getMock();
+		$this->groupManager = $this->createMock(IGroupManager::class);
+		$this->shareManager = $this->createMock(IManager::class);
+		$this->config = $this->createMock(IConfig::class);
 
 		$this->service = new PermissionService(
 			$this->logger,
@@ -73,6 +76,8 @@ class PermissionServiceTest extends \Test\TestCase {
 			$this->boardMapper,
 			$this->userManager,
 			$this->groupManager,
+			$this->shareManager,
+			$this->config,
 			'admin'
 		);
 	}
@@ -226,6 +231,9 @@ class PermissionServiceTest extends \Test\TestCase {
         $acls = $this->getAcls($boardId);
         $this->aclMapper->expects($this->any())->method('findAll')->willReturn($acls);
 
+        $this->shareManager->expects($this->any())
+			->method('sharingDisabledForUser')
+			->willReturn(false);
 
 	    if($result) {
             $actual = $this->service->checkPermission($mapper, 1234, $permission);
@@ -251,6 +259,7 @@ class PermissionServiceTest extends \Test\TestCase {
         $acls = $this->getAcls($boardId);
         $this->aclMapper->expects($this->any())->method('findAll')->willReturn($acls);
 
+
         if($result) {
             $actual = $this->service->checkPermission($mapper, 1234, $permission);
             $this->assertTrue($actual);
@@ -263,7 +272,7 @@ class PermissionServiceTest extends \Test\TestCase {
 
     public function testCheckPermissionNotFound() {
         $mapper = $this->getMockBuilder(IPermissionMapper::class)->getMock();
-        $mapper->expects($this->once())->method('findBoardId')->willThrowException(new NoPermissionException(null));		
+        $mapper->expects($this->once())->method('findBoardId')->willThrowException(new NoPermissionException(null));
 		$this->expectException(NoPermissionException::class);
         $this->service->checkPermission($mapper, 1234, Acl::PERMISSION_READ);
     }

tests/unit/controller/PageControllerTest.php

@@ -6,24 +6,27 @@
  * @author Ryan Fletcher <ryan.fletcher@codepassion.ca>
  *
  * @license GNU AGPL version 3 or any later version
- *  
+ *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU Affero General Public License as
  *  published by the Free Software Foundation, either version 3 of the
  *  License, or (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Affero General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU Affero General Public License
  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *  
+ *
  */
 
 namespace OCA\Deck\Controller;
 
+use OCA\Deck\Service\PermissionService;
+use OCP\IL10N;
+use OCP\IRequest;
 use PHPUnit_Framework_TestCase;
 use OCA\Deck\Service\DefaultBoardService;
 use OCA\Deck\Db\Board;
@@ -36,26 +39,21 @@ class PageControllerTest extends \Test\TestCase {
 	private $l10n;
 	private $userId = 'john';
 	private $defaultBoardService;
+	private $permissionService;
 	private $config;
 
 	public function setUp() {
-		$this->l10n = $this->request = $this->getMockBuilder(
-			'\OCP\IL10n')
-			->disableOriginalConstructor()
-			->getMock();
-		$this->request = $this->getMockBuilder(
-			'\OCP\IRequest')
-			->disableOriginalConstructor()
-			->getMock();
-
+		$this->l10n = $this->createMock(IL10N::class);
+		$this->request = $this->createMock(IRequest::class);
 		$this->defaultBoardService = $this->createMock(DefaultBoardService::class);
+		$this->permissionService = $this->createMock(PermissionService::class);
 		$this->config = $this->createMock(IConfig::class);
 
 		$this->controller = new PageController(
-			'deck', $this->request, $this->defaultBoardService, $this->l10n, $this->userId
+			'deck', $this->request, $this->defaultBoardService, $this->permissionService, $this->l10n, $this->userId
 		);
 	}
-	
+
 	public function testIndexOnFirstRun() {
 
 		$board = new Board();
@@ -72,7 +70,7 @@ class PageControllerTest extends \Test\TestCase {
 			->willReturn($board);
 
 		$response = $this->controller->index();
-		$this->assertEquals('main', $response->getTemplateName());		
+		$this->assertEquals('main', $response->getTemplateName());
 	}
 
 	public function testIndexOnSecondRun() {
@@ -87,4 +85,4 @@ class PageControllerTest extends \Test\TestCase {
 		$this->assertEquals('main', $response->getTemplateName());
 	}
 
-}
+}