diff --git a/lib/Db/Card.php b/lib/Db/Card.php
index e36a9fb0c..3c45d910e 100644
--- a/lib/Db/Card.php
+++ b/lib/Db/Card.php
@@ -36,6 +36,8 @@ use Sabre\VObject\Component\VCalendar;
  * @method int getLastModified()
  * @method int getCreatedAt()
  * @method bool getArchived()
+ * @method int getDeletedAt()
+ * @method void setDeletedAt(int $deletedAt)
  * @method bool getNotified()
  *
  * @method void setLabels(Label[] $labels)
diff --git a/lib/Service/BoardService.php b/lib/Service/BoardService.php
index e0c8aa7fc..4ab9e2c4a 100644
--- a/lib/Service/BoardService.php
+++ b/lib/Service/BoardService.php
@@ -446,7 +446,7 @@ class BoardService {
 		$newAcl = $this->aclMapper->insert($acl);
 
 		$this->activityManager->triggerEvent(ActivityManager::DECK_OBJECT_BOARD, $newAcl, ActivityManager::SUBJECT_BOARD_SHARE, [], $this->userId);
-		$this->notificationHelper->sendBoardShared((int)$boardId, $acl);
+		$this->notificationHelper->sendBoardShared($boardId, $acl);
 		$this->boardMapper->mapAcl($newAcl);
 		$this->changeHelper->boardChanged($boardId);
 
diff --git a/lib/Service/CommentService.php b/lib/Service/CommentService.php
index b33f84342..be2f4f14e 100644
--- a/lib/Service/CommentService.php
+++ b/lib/Service/CommentService.php
@@ -94,7 +94,7 @@ class CommentService {
 			throw new NotFoundException('No comment found.');
 		}
 		if ($comment->getParentId() !== '0') {
-			$this->permissionService->checkPermission($this->cardMapper, $comment->getParentId(), Acl::PERMISSION_READ);
+			$this->permissionService->checkPermission($this->cardMapper, (int)$comment->getParentId(), Acl::PERMISSION_READ);
 		}
 
 		return $comment;
@@ -113,24 +113,17 @@ class CommentService {
 	}
 
 	/**
-	 * @param string $cardId
-	 * @param string $message
-	 * @param string $replyTo
-	 * @return DataResponse
 	 * @throws BadRequestException
 	 * @throws NotFoundException|NoPermissionException
 	 */
-	public function create(string $cardId, string $message, string $replyTo = '0'): DataResponse {
-		if (!is_numeric($cardId)) {
-			throw new BadRequestException('A valid card id must be provided');
-		}
+	public function create(int $cardId, string $message, string $replyTo = '0'): DataResponse {
 		$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
 
 		// Check if parent is a comment on the same card
 		if ($replyTo !== '0') {
 			try {
 				$comment = $this->commentsManager->get($replyTo);
-				if ($comment->getObjectType() !== Application::COMMENT_ENTITY_TYPE || $comment->getObjectId() !== $cardId) {
+				if ($comment->getObjectType() !== Application::COMMENT_ENTITY_TYPE || (int)$comment->getObjectId() !== $cardId) {
 					throw new CommentNotFoundException();
 				}
 			} catch (CommentNotFoundException $e) {
@@ -139,7 +132,7 @@ class CommentService {
 		}
 
 		try {
-			$comment = $this->commentsManager->create('users', $this->userId, Application::COMMENT_ENTITY_TYPE, $cardId);
+			$comment = $this->commentsManager->create('users', $this->userId, Application::COMMENT_ENTITY_TYPE, (string)$cardId);
 			$comment->setMessage($message);
 			$comment->setVerb('comment');
 			$comment->setParentId($replyTo);
diff --git a/lib/Service/PermissionService.php b/lib/Service/PermissionService.php
index 556fb6e60..bb66631e7 100644
--- a/lib/Service/PermissionService.php
+++ b/lib/Service/PermissionService.php
@@ -29,6 +29,7 @@ use OCA\Deck\Db\Acl;
 use OCA\Deck\Db\AclMapper;
 use OCA\Deck\Db\Board;
 use OCA\Deck\Db\BoardMapper;
+use OCA\Deck\Db\CardMapper;
 use OCA\Deck\Db\IPermissionMapper;
 use OCA\Deck\Db\User;
 use OCA\Deck\NoPermissionException;
@@ -143,13 +144,10 @@ class PermissionService {
 	/**
 	 * check permissions for replacing dark magic middleware
 	 *
-	 * @param $mapper IPermissionMapper|null null if $id is a boardId
-	 * @param $id int unique identifier of the Entity
-	 * @param $permission int
-	 * @return bool
+	 * @param numeric $id
 	 * @throws NoPermissionException
 	 */
-	public function checkPermission($mapper, $id, $permission, $userId = null): bool {
+	public function checkPermission(?IPermissionMapper $mapper, $id, int $permission, $userId = null, bool $allowDeletedCard = false): bool {
 		$boardId = $id;
 		if ($mapper instanceof IPermissionMapper && !($mapper instanceof BoardMapper)) {
 			$boardId = $mapper->findBoardId($id);
@@ -161,6 +159,14 @@ class PermissionService {
 
 		$permissions = $this->getPermissions($boardId, $userId);
 		if ($permissions[$permission] === true) {
+
+			if (!$allowDeletedCard && $mapper instanceof CardMapper) {
+				$card = $mapper->find($id);
+				if ($card->getDeletedAt() > 0) {
+					throw new NoPermissionException('Card is deleted');
+				}
+			}
+
 			return true;
 		}
 
diff --git a/lib/Sharing/ShareAPIHelper.php b/lib/Sharing/ShareAPIHelper.php
index 5528b6a92..41a5dfc6d 100644
--- a/lib/Sharing/ShareAPIHelper.php
+++ b/lib/Sharing/ShareAPIHelper.php
@@ -115,7 +115,7 @@ class ShareAPIHelper {
 	 */
 	public function canAccessShare(IShare $share, string $user): bool {
 		try {
-			$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_READ, $user);
+			$this->permissionService->checkPermission($this->cardMapper, (int)$share->getSharedWith(), Acl::PERMISSION_READ, $user);
 		} catch (NoPermissionException $e) {
 			return false;
 		}