From f4ac0c1b2f5e28aefdff9a32a5dc2e22f7fcb341 Mon Sep 17 00:00:00 2001
From: Julius Haertl <jus@bitgrid.net>
Date: Wed, 31 Aug 2016 14:05:50 +0200
Subject: [PATCH] Add permission exception details and fix card view
 permissions

---
 lib/Middleware/SharingMiddleware.php | 13 ++++---------
 lib/NoPermissionException.php        |  6 ++++++
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/lib/Middleware/SharingMiddleware.php b/lib/Middleware/SharingMiddleware.php
index 17b99fd58..51e8501ca 100644
--- a/lib/Middleware/SharingMiddleware.php
+++ b/lib/Middleware/SharingMiddleware.php
@@ -123,13 +123,8 @@ class SharingMiddleware extends Middleware {
 
 		}
 		if($controller instanceof CardController) {
-			if($method==="GET" || $method === "POST") {
-				$mapper = $this->container->query('OCA\Deck\Db\StackMapper');
-				$id = $params['stackId'];
-			} else {
 				$mapper = $this->container->query('OCA\Deck\Db\CardMapper');
 				$id = $params['cardId'];
-			}
 
 		}
 		if($controller instanceof LabelController) {
@@ -146,23 +141,23 @@ class SharingMiddleware extends Middleware {
 
 		if($this->reflector->hasAnnotation('RequireReadPermission')) {
 			if(!$this->checkReadPermission($userId, $mapper, $id)) {
-				throw new NoPermissionException("User ". $userId . " has no permission to read.");
+				throw new NoPermissionException("User ". $userId . " has no permission to read.", $controller, $method);
 			}
 		}
 		if($this->reflector->hasAnnotation('RequireEditPermission')) {
 			if(!$this->checkEditPermission($userId, $mapper, $id)) {
-				throw new NoPermissionException("User ". $userId . " has no permission to edit.");
+				throw new NoPermissionException("User ". $userId . " has no permission to edit.", $controller, $method);
 			}
 
 		}
 		if($this->reflector->hasAnnotation('RequireSharePermission')) {
 			if(!$this->checkSharePermission($userId, $mapper, $id)) {
-				throw new NoPermissionException("User ". $userId . " has no permission to share.");
+				throw new NoPermissionException("User ". $userId . " has no permission to share.", $controller, $method);
 			}
 		}
 		if($this->reflector->hasAnnotation('RequireManagePermission')) {
 			if(!$this->checkManagePermission($userId, $mapper, $id)) {
-				throw new NoPermissionException("User ". $userId . " has no permission to manage.");
+				throw new NoPermissionException("User ". $userId . " has no permission to manage.", $controller, $method);
 			}
 		}
 
diff --git a/lib/NoPermissionException.php b/lib/NoPermissionException.php
index 6ad682031..f48e979fd 100644
--- a/lib/NoPermissionException.php
+++ b/lib/NoPermissionException.php
@@ -26,4 +26,10 @@ namespace OCA\Deck;
 
 class NoPermissionException extends \Exception {
 
+	public function __construct($message, $controller=null, $method=null) {
+		parent::__construct($message);
+		if($controller && $method) {
+			$this->message = get_class($controller) . "#" . $method . ": " . $message;
+		}
+	}
 }
\ No newline at end of file