From 504db3f3fb5bb27ca38b01c28ae8d8a86f78d6c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Mon, 11 May 2020 09:03:53 +0200
Subject: [PATCH] Check destination stack
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 lib/Service/CardService.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/Service/CardService.php b/lib/Service/CardService.php
index ad6afcadf..50ea6fa49 100644
--- a/lib/Service/CardService.php
+++ b/lib/Service/CardService.php
@@ -269,6 +269,8 @@ class CardService {
 		}
 
 		$this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT);
+		$this->permissionService->checkPermission($this->stackMapper, $stackId, Acl::PERMISSION_EDIT);
+
 		if ($this->boardService->isArchived($this->cardMapper, $id)) {
 			throw new StatusException('Operation not allowed. This board is archived.');
 		}
@@ -389,6 +391,8 @@ class CardService {
 		}
 
 		$this->permissionService->checkPermission($this->cardMapper, $id, Acl::PERMISSION_EDIT);
+		$this->permissionService->checkPermission($this->stackMapper, $stackId, Acl::PERMISSION_EDIT);
+
 		if ($this->boardService->isArchived($this->cardMapper, $id)) {
 			throw new StatusException('Operation not allowed. This board is archived.');
 		}