Bump version to 1.4.6

Signed-off-by: Julius Härtl <jus@bitgrid.net>

.github/workflows/integration.yml

@@ -34,7 +34,7 @@ jobs:
           POSTGRES_DB: nextcloud
         options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
       mysql:
-        image: mariadb
+        image: mariadb:10.5
         ports:
           - 4444:3306/tcp
         env:

.github/workflows/phpunit.yml

@@ -35,7 +35,7 @@ jobs:
           POSTGRES_DB: nextcloud
         options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
       mysql:
-        image: mariadb
+        image: mariadb:10.5
         ports:
           - 4444:3306/tcp
         env:

CHANGELOG.md

@@ -1,6 +1,45 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## 1.4.6
+
+### Fixed
+
+- #3379 Fix menu button position in card modal
+- #3360 Improve combined search @eneiluj
+- #3367 Fix optional parameter order
+- #3393 Use displayname instead of uid for mentions
+- #3359 Rich object string parameters for notifications @juliushaertl
+- #3385 Extend drag-and-drop zone in card sidebar @Artem4590
+- #3408 Keep exceptions http response generic
+
+
+## 1.4.5
+
+### Fixed
+
+- #3318 Additional check for stacks
+
+
+## 1.4.4
+
+### Fixed
+
+- #3301 Fix print style issues
+- #3307 Return false instead of throwing when getting calendar setting
+- #3227 Additional circle level check
+- #3304 Delete file shares through attachments API
+
+## 1.4.3 - 2021-07-09
+
+### Fixed
+
+* [#3143](https://github.com/nextcloud/deck/pull/3143) Always pass user id in share provider
+* [#3153](https://github.com/nextcloud/deck/pull/3153) Only offer stack creation in emptycontent with proper permissions
+* [#3164](https://github.com/nextcloud/deck/pull/3164) Always log generic exceptions
+* [#3169](https://github.com/nextcloud/deck/pull/3169) Reduce duplicate queries when fetching user boards an permissions
+
+
 ## 1.4.2 - 2021-05-03
 
 ### Fixed

appinfo/info.xml

@@ -1,6 +1,5 @@
-<?xml version="1.0"?>
-<info xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
-      xsi:noNamespaceSchemaLocation="https://apps.nextcloud.com/schema/apps/info.xsd">
+<?xml version="1.0" encoding="utf-8"?>
+<info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://apps.nextcloud.com/schema/apps/info.xsd">
     <id>deck</id>
     <name>Deck</name>
     <summary>Personal planning and team project organization</summary>
@@ -17,12 +16,12 @@
 - 🚀 Get your project organized
 
 </description>
-    <version>1.4.2</version>
+    <version>1.4.6</version>
     <licence>agpl</licence>
     <author>Julius Härtl</author>
     <namespace>Deck</namespace>
     <types>
-        <dav />
+        <dav/>
     </types>
     <category>organization</category>
     <category>office</category>
@@ -36,7 +35,7 @@
         <database min-version="9.4">pgsql</database>
         <database>sqlite</database>
         <database min-version="5.5">mysql</database>
-        <nextcloud min-version="21" max-version="22" />
+        <nextcloud min-version="21" max-version="21"/>
     </dependencies>
     <background-jobs>
         <job>OCA\Deck\Cron\DeleteCron</job>

css/print.scss

@@ -2,21 +2,26 @@
 	/* hide stuff */
 	#body-user {
 		#header,
-		div#app-navigation,
-		div.board-header-controls,
+		.app-navigation,
+		.app-sidebar,
+		.board-header-controls,
+		.board-actions,
 		#app-navigation-toggle,
 		#app-navigation-toggle-custom,
 		div#controls.ng-scope div.crumb:not(.title),
 		div#controls.ng-scope div.crumb a.bullet,
 		a.ng-binding + a,
 		div.card.create,
+		.stack__header .action-item,
 		button.card-options {
 			display: none !important;
 		}
+
 		#content {
 			margin: 0;
 			padding: 0;
 		}
+
 		#app-content {
 			margin: 0 !important;
 		}
@@ -75,6 +80,11 @@
 		margin: 2cm;
 	}
 
+	.board {
+		max-height: none !important;
+		overflow: visible !important;
+	}
+
 	div#innerBoard {
 		display:flex;
 		flex-wrap: wrap;

docs/API.md

@@ -959,6 +959,7 @@ For now only `deck_file` is supported as an attachment type.
 
 ### DELETE /boards/{boardId}/stacks/{stackId}/cards/{cardId}/attachments/{attachmentId} - Delete an attachment
 
+    
 #### Request parameters
 
 | Parameter    | Type    | Description                                   |

lib/Controller/CommentsApiController.php

@@ -36,8 +36,10 @@ class CommentsApiController extends OCSController {
 	private $commentService;
 
 	public function __construct(
-		$appName, IRequest $request, $corsMethods = 'PUT, POST, GET, DELETE, PATCH', $corsAllowedHeaders = 'Authorization, Content-Type, Accept', $corsMaxAge = 1728000,
-		CommentService $commentService
+		string $appName,
+		IRequest $request,
+		CommentService $commentService,
+		string $corsMethods = 'PUT, POST, GET, DELETE, PATCH', string $corsAllowedHeaders = 'Authorization, Content-Type, Accept', int $corsMaxAge = 1728000
 	) {
 		parent::__construct($appName, $request, $corsMethods, $corsAllowedHeaders, $corsMaxAge);
 		$this->commentService = $commentService;

lib/Db/BoardMapper.php

@@ -23,6 +23,7 @@
 
 namespace OCA\Deck\Db;
 
+use OC\Cache\CappedMemoryCache;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\IDBConnection;
 use OCP\IUserManager;
@@ -39,6 +40,8 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
 
 	private $circlesEnabled;
 
+	private $userBoardCache;
+
 	public function __construct(
 		IDBConnection $db,
 		LabelMapper $labelMapper,
@@ -56,6 +59,9 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
 		$this->groupManager = $groupManager;
 		$this->logger = $logger;
 
+		$this->userBoardCache = new CappedMemoryCache();
+
+
 		$this->circlesEnabled = \OC::$server->getAppManager()->isEnabledForUser('circles');
 	}
 
@@ -89,13 +95,21 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
 	}
 
 	public function findAllForUser(string $userId, int $since = -1, $includeArchived = true): array {
-		$groups = $this->groupManager->getUserGroupIds(
-			$this->userManager->get($userId)
-		);
-		$userBoards = $this->findAllByUser($userId, null, null, $since, $includeArchived);
-		$groupBoards = $this->findAllByGroups($userId, $groups,null, null, $since, $includeArchived);
-		$circleBoards = $this->findAllByCircles($userId, null, null,  $since, $includeArchived);
-		return array_unique(array_merge($userBoards, $groupBoards, $circleBoards));
+		$useCache = ($since === -1 && $includeArchived === true);
+		if (!isset($this->userBoardCache[$userId]) || !$useCache) {
+			$groups = $this->groupManager->getUserGroupIds(
+				$this->userManager->get($userId)
+			);
+			$userBoards = $this->findAllByUser($userId, null, null, $since, $includeArchived);
+			$groupBoards = $this->findAllByGroups($userId, $groups, null, null, $since, $includeArchived);
+			$circleBoards = $this->findAllByCircles($userId, null, null, $since, $includeArchived);
+			$allBoards = array_unique(array_merge($userBoards, $groupBoards, $circleBoards));
+			if ($useCache) {
+				$this->userBoardCache[$userId] = $allBoards;
+			}
+			return $allBoards;
+		}
+		return $this->userBoardCache[$userId];
 	}
 
 	/**

lib/Middleware/ExceptionMiddleware.php

@@ -32,6 +32,7 @@ use OCP\AppFramework\Http\JSONResponse;
 use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCSController;
 use OCP\ILogger;
+use OCP\IRequest;
 use OCP\Util;
 use OCP\IConfig;
 
@@ -41,6 +42,8 @@ class ExceptionMiddleware extends Middleware {
 	private $logger;
 	/** @var IConfig */
 	private $config;
+	/** @var IRequest */
+	private $request;
 
 	/**
 	 * SharingMiddleware constructor.
@@ -48,9 +51,10 @@ class ExceptionMiddleware extends Middleware {
 	 * @param ILogger $logger
 	 * @param IConfig $config
 	 */
-	public function __construct(ILogger $logger, IConfig $config) {
+	public function __construct(ILogger $logger, IConfig $config, IRequest $request) {
 		$this->logger = $logger;
 		$this->config = $config;
+		$this->request = $request;
 	}
 
 	/**
@@ -67,45 +71,10 @@ class ExceptionMiddleware extends Middleware {
 			throw $exception;
 		}
 
-		if ($exception instanceof ConflictException) {
-			if ($this->config->getSystemValue('loglevel', Util::WARN) === Util::DEBUG) {
-				$this->logger->logException($exception);
-			}
-			return new JSONResponse([
-				'status' => $exception->getStatus(),
-				'message' => $exception->getMessage(),
-				'data' => $exception->getData(),
-			], $exception->getStatus());
-		}
-		
-		if ($exception instanceof StatusException) {
-			if ($this->config->getSystemValue('loglevel', Util::WARN) === Util::DEBUG) {
-				$this->logger->logException($exception);
-			}
-
-			if ($controller instanceof OCSController) {
-				$exception = new OCSException($exception->getMessage(), $exception->getStatus(), $exception);
-				throw $exception;
-			}
-			return new JSONResponse([
-				'status' => $exception->getStatus(),
-				'message' => $exception->getMessage()
-			], $exception->getStatus());
-		}
-
-		if (strpos(get_class($controller), 'OCA\\Deck\\Controller\\') === 0) {
-			$response = [
-				'status' => 500,
-				'message' => $exception->getMessage()
-			];
-			if ($this->config->getSystemValue('loglevel', Util::WARN) === Util::DEBUG) {
-				$this->logger->logException($exception);
-			}
-			if ($this->config->getSystemValue('debug', true) === true) {
-				$response['exception'] = (array) $exception;
-			}
-			return new JSONResponse($response, 500);
-		}
+		$debugMode = $this->config->getSystemValue('debug', false);
+		$exceptionMessage = $debugMode !== true
+			? 'Internal server error: Please contact the server administrator if this error reappears multiple times, please include the request ID "' . $this->request->getId() . '" below in your report.'
+			: $exception->getMessage();
 
 		// uncatched DoesNotExistExceptions will be thrown when the main entity is not found
 		// we return a 403 so we don't leak information over existing entries
@@ -116,6 +85,43 @@ class ExceptionMiddleware extends Middleware {
 				'message' => 'Permission denied'
 			], 403);
 		}
+		
+		if ($exception instanceof StatusException) {
+			if ($this->config->getSystemValue('loglevel', Util::WARN) === Util::DEBUG) {
+				$this->logger->logException($exception);
+			}
+
+			if ($exception instanceof ConflictException) {
+				return new JSONResponse([
+					'status' => $exception->getStatus(),
+					'message' => $exception->getMessage(),
+					'data' => $exception->getData(),
+				], $exception->getStatus());
+			}
+
+			if ($controller instanceof OCSController) {
+				$exception = new OCSException($exception->getMessage(), $exception->getStatus(), $exception);
+				throw $exception;
+			}
+
+			return new JSONResponse([
+				'status' => $exception->getStatus(),
+				'message' => $exception->getMessage(),
+			], $exception->getStatus());
+		}
+
+		if (strpos(get_class($controller), 'OCA\\Deck\\Controller\\') === 0) {
+			$response = [
+				'status' => 500,
+				'message' => $exceptionMessage,
+				'requestId' => $this->request->getId(),
+			];
+			$this->logger->logException($exception);
+			if ($debugMode === true) {
+				$response['exception'] = (array) $exception;
+			}
+			return new JSONResponse($response, 500);
+		}
 
 		throw $exception;
 	}

lib/Notification/Notifier.php

@@ -25,6 +25,7 @@ namespace OCA\Deck\Notification;
 
 use OCA\Deck\Db\BoardMapper;
 use OCA\Deck\Db\CardMapper;
+use OCA\Deck\Db\StackMapper;
 use OCP\IURLGenerator;
 use OCP\IUserManager;
 use OCP\L10N\IFactory;
@@ -41,6 +42,8 @@ class Notifier implements INotifier {
 	protected $userManager;
 	/** @var CardMapper */
 	protected $cardMapper;
+	/** @var StackMapper */
+	protected $stackMapper;
 	/** @var BoardMapper */
 	protected $boardMapper;
 
@@ -49,12 +52,14 @@ class Notifier implements INotifier {
 		IURLGenerator $url,
 		IUserManager $userManager,
 		CardMapper $cardMapper,
+		StackMapper $stackMapper,
 		BoardMapper $boardMapper
 	) {
 		$this->l10nFactory = $l10nFactory;
 		$this->url = $url;
 		$this->userManager = $userManager;
 		$this->cardMapper = $cardMapper;
+		$this->stackMapper = $stackMapper;
 		$this->boardMapper = $boardMapper;
 	}
 
@@ -100,6 +105,11 @@ class Notifier implements INotifier {
 				if (!$boardId) {
 					throw new AlreadyProcessedException();
 				}
+
+				$card = $this->cardMapper->find($cardId);
+				$stackId = $card->getStackId();
+				$stack = $this->stackMapper->find($stackId);
+
 				$initiator = $this->userManager->get($params[2]);
 				if ($initiator !== null) {
 					$dn = $initiator->getDisplayName();
@@ -110,8 +120,22 @@ class Notifier implements INotifier {
 					(string) $l->t('The card "%s" on "%s" has been assigned to you by %s.', [$params[0], $params[1], $dn])
 				);
 				$notification->setRichSubject(
-					(string) $l->t('{user} has assigned the card "%s" on "%s" to you.', [$params[0], $params[1]]),
+					$l->t('{user} has assigned the card {deck-card} on {deck-board} to you.'),
 					[
+						'deck-card' => [
+							'type' => 'deck-card',
+							'id' => $cardId,
+							'name' => $params[0],
+							'boardname' => $params[1],
+							'stackname' => $stack->getTitle(),
+							'link' => $this->url->linkToRouteAbsolute('deck.page.index') . '#/board/' . $boardId . '/card/' . $cardId . '',
+						],
+						'deck-board' => [
+							'type' => 'deck-board',
+							'id' => $boardId,
+							'name' => $params[1],
+							'link' => $this->url->linkToRouteAbsolute('deck.page.index') . '#/board/' . $boardId,
+						],
 						'user' => [
 							'type' => 'user',
 							'id' => $params[2],
@@ -127,9 +151,33 @@ class Notifier implements INotifier {
 				if (!$boardId) {
 					throw new AlreadyProcessedException();
 				}
+
+				$card = $this->cardMapper->find($cardId);
+				$stackId = $card->getStackId();
+				$stack = $this->stackMapper->find($stackId);
+
 				$notification->setParsedSubject(
 					(string) $l->t('The card "%s" on "%s" has reached its due date.', $params)
 				);
+				$notification->setRichSubject(
+					$l->t('The card {deck-card} on {deck-board} has reached its due date.'),
+					[
+						'deck-card' => [
+							'type' => 'deck-card',
+							'id' => $cardId,
+							'name' => $params[0],
+							'boardname' => $params[1],
+							'stackname' => $stack->getTitle(),
+							'link' => $this->url->linkToRouteAbsolute('deck.page.index') . '#/board/' . $boardId . '/card/' . $cardId . '',
+						],
+						'deck-board' => [
+							'type' => 'deck-board',
+							'id' => $boardId,
+							'name' => $params[1],
+							'link' => $this->url->linkToRouteAbsolute('deck.page.index') . '#/board/' . $boardId,
+						],
+					]
+				);
 				$notification->setLink($this->url->linkToRouteAbsolute('deck.page.index') . '#/board/' . $boardId . '/card/' . $cardId . '');
 				break;
 			case 'card-comment-mentioned':
@@ -138,6 +186,11 @@ class Notifier implements INotifier {
 				if (!$boardId) {
 					throw new AlreadyProcessedException();
 				}
+
+				$card = $this->cardMapper->find($cardId);
+				$stackId = $card->getStackId();
+				$stack = $this->stackMapper->find($stackId);
+
 				$initiator = $this->userManager->get($params[2]);
 				if ($initiator !== null) {
 					$dn = $initiator->getDisplayName();
@@ -148,8 +201,16 @@ class Notifier implements INotifier {
 					(string) $l->t('%s has mentioned you in a comment on "%s".', [$dn, $params[0]])
 				);
 				$notification->setRichSubject(
-					(string) $l->t('{user} has mentioned you in a comment on "%s".', [$params[0]]),
+					$l->t('{user} has mentioned you in a comment on {deck-card}.'),
 					[
+						'deck-card' => [
+							'type' => 'deck-card',
+							'id' => $cardId,
+							'name' => $params[0],
+							'boardname' => $params[1],
+							'stackname' => $stack->getTitle(),
+							'link' => $this->url->linkToRouteAbsolute('deck.page.index') . '#/board/' . $boardId . '/card/' . $cardId . '',
+						],
 						'user' => [
 							'type' => 'user',
 							'id' => $params[2],
@@ -177,8 +238,14 @@ class Notifier implements INotifier {
 					(string) $l->t('The board "%s" has been shared with you by %s.', [$params[0], $dn])
 				);
 				$notification->setRichSubject(
-					(string) $l->t('{user} has shared the board %s with you.', [$params[0]]),
+					$l->t('{user} has shared {deck-board} with you.'),
 					[
+						'deck-board' => [
+							'type' => 'deck-board',
+							'id' => $boardId,
+							'name' => $params[0],
+							'link' => $this->url->linkToRouteAbsolute('deck.page.index') . '#/board/' . $boardId,
+						],
 						'user' => [
 							'type' => 'user',
 							'id' => $params[1],

lib/Search/DeckProvider.php

@@ -63,29 +63,52 @@ class DeckProvider implements IProvider {
 	}
 
 	public function search(IUser $user, ISearchQuery $query): SearchResult {
-		$cursor = $query->getCursor() !== null ? (int)$query->getCursor() : null;
-		$boardResults = $this->searchService->searchBoards($query->getTerm(), $query->getLimit(), $cursor);
-		$cardResults = $this->searchService->searchCards($query->getTerm(), $query->getLimit(), $cursor);
-		$results = array_merge(
-			array_map(function (Board $board) {
-				return new BoardSearchResultEntry($board, $this->urlGenerator);
-			}, $boardResults),
-			array_map(function (Card $card) {
-				return new CardSearchResultEntry($card->getRelatedBoard(), $card->getRelatedStack(), $card, $this->urlGenerator);
-			}, $cardResults)
-		);
+		$cursor = $query->getCursor();
+		[$boardCursor, $cardCursor] = $this->parseCursor($cursor);
 
-		if (count($cardResults) < $query->getLimit()) {
+		$boardObjects = $this->searchService->searchBoards($query->getTerm(), $query->getLimit(), $boardCursor);
+		$boardResults = array_map(function (Board $board) {
+			return [
+				'object' => $board,
+				'entry' => new BoardSearchResultEntry($board, $this->urlGenerator)
+			];
+		}, $boardObjects);
+
+		$cardObjects = $this->searchService->searchCards($query->getTerm(), $query->getLimit(), $cardCursor);
+		$cardResults = array_map(function (Card $card) {
+			return [
+				'object' => $card,
+				'entry' => new CardSearchResultEntry($card->getRelatedBoard(), $card->getRelatedStack(), $card, $this->urlGenerator)
+			];
+		}, $cardObjects);
+
+		$results = array_merge($boardResults, $cardResults);
+
+		usort($results, function ($a, $b) {
+			$ta = $a['object']->getLastModified();
+			$tb = $b['object']->getLastModified();
+			return $ta === $tb
+				? 0
+				: ($ta > $tb ? -1 : 1);
+		});
+
+		$resultEntries = array_map(function (array $result) {
+			return $result['entry'];
+		}, $results);
+
+		// if both cards and boards results are less then the limit, we know we won't get more
+		if (count($resultEntries) < $query->getLimit()) {
 			return SearchResult::complete(
 				'Deck',
-				$results
+				$resultEntries
 			);
 		}
-		
+
+		$newCursor = $this->getNewCursor($boardObjects, $cardObjects);
 		return SearchResult::paginated(
 			'Deck',
-			$results,
-			$cardResults[count($results) - 1]->getLastModified()
+			$resultEntries,
+			$newCursor
 		);
 	}
 
@@ -95,4 +118,27 @@ class DeckProvider implements IProvider {
 		}
 		return 10;
 	}
+
+	private function parseCursor(?string $cursor): array {
+		$boardCursor = null;
+		$cardCursor = null;
+		if ($cursor !== null) {
+			$splitCursor = explode('|', $cursor);
+			if (count($splitCursor) >= 2) {
+				$boardCursor = (int)$splitCursor[0] ?: null;
+				$cardCursor = (int)$splitCursor[1] ?: null;
+			}
+		}
+		return [$boardCursor, $cardCursor];
+	}
+
+	private function getNewCursor(array $boards, array $cards): string {
+		$boardTimestamps = array_map(function (Board $board) {
+			return $board->getLastModified();
+		}, $boards);
+		$cardTimestamps = array_map(function (Card $card) {
+			return $card->getLastModified();
+		}, $cards);
+		return (min($boardTimestamps) ?: '') . '|' . (min($cardTimestamps) ?: '');
+	}
 }

lib/Service/AttachmentService.php

@@ -35,6 +35,7 @@ use OCA\Deck\InvalidAttachmentType;
 use OCA\Deck\NoPermissionException;
 use OCA\Deck\NotFoundException;
 use OCA\Deck\StatusException;
+use OCP\AppFramework\Db\IMapperException;
 use OCP\AppFramework\Http\Response;
 use OCP\ICache;
 use OCP\ICacheFactory;
@@ -320,14 +321,10 @@ class AttachmentService {
 	 * Either mark an attachment as deleted for later removal or just remove it depending
 	 * on the IAttachmentService implementation
 	 *
-	 * @param $attachmentId
-	 * @return \OCP\AppFramework\Db\Entity
-	 * @throws \OCA\Deck\NoPermissionException
-	 * @throws \OCP\AppFramework\Db\DoesNotExistException
-	 * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
-	 * @throws BadRequestException
+	 * @throws NoPermissionException
+	 * @throws NotFoundException
 	 */
-	public function delete($cardId, $attachmentId, $type = 'deck_file') {
+	public function delete(int $cardId, int $attachmentId, string $type = 'deck_file'): Attachment {
 		try {
 			$service = $this->getService($type);
 		} catch (InvalidAttachmentType $e) {
@@ -340,40 +337,32 @@ class AttachmentService {
 			$attachment->setType($type);
 			$attachment->setCardId($cardId);
 			$service->extendData($attachment);
-			$service->delete($attachment);
-			$this->changeHelper->cardChanged($attachment->getCardId());
-			$this->activityManager->triggerEvent(ActivityManager::DECK_OBJECT_CARD, $attachment, ActivityManager::SUBJECT_ATTACHMENT_DELETE);
-			return $attachment;
+		} else {
+			try {
+				$attachment = $this->attachmentMapper->find($attachmentId);
+			} catch (IMapperException $e) {
+				throw new NoPermissionException('Permission denied');
+			}
 		}
-
-		try {
-			$attachment = $this->attachmentMapper->find($attachmentId);
-		} catch (\Exception $e) {
-			throw new NoPermissionException('Permission denied');
-		}
-
 		$this->permissionService->checkPermission($this->cardMapper, $attachment->getCardId(), Acl::PERMISSION_EDIT);
-		$this->cache->clear('card-' . $attachment->getCardId());
 
 		if ($service->allowUndo()) {
 			$service->markAsDeleted($attachment);
-			$this->activityManager->triggerEvent(ActivityManager::DECK_OBJECT_CARD, $attachment, ActivityManager::SUBJECT_ATTACHMENT_DELETE);
-			$this->changeHelper->cardChanged($attachment->getCardId());
-			return $this->attachmentMapper->update($attachment);
+			$attachment = $this->attachmentMapper->update($attachment);
+		} else {
+			$service->delete($attachment);
+			if (!$service instanceof ICustomAttachmentService) {
+				$attachment = $this->attachmentMapper->delete($attachment);
+			}
 		}
-		$service->delete($attachment);
 
-		$attachment = $this->attachmentMapper->delete($attachment);
+		$this->cache->clear('card-' . $attachment->getCardId());
 		$this->changeHelper->cardChanged($attachment->getCardId());
 		$this->activityManager->triggerEvent(ActivityManager::DECK_OBJECT_CARD, $attachment, ActivityManager::SUBJECT_ATTACHMENT_DELETE);
 		return $attachment;
 	}
 
-	public function restore($cardId, $attachmentId, $type = 'deck_file') {
-		if (is_numeric($attachmentId) === false) {
-			throw new BadRequestException('attachment id must be a number');
-		}
-
+	public function restore(int $cardId, int $attachmentId, string $type = 'deck_file'): Attachment {
 		try {
 			$attachment = $this->attachmentMapper->find($attachmentId);
 		} catch (\Exception $e) {

lib/Service/CirclesService.php

@@ -26,6 +26,7 @@ declare(strict_types=1);
 
 namespace OCA\Deck\Service;
 
+use OCA\Circles\Api\v1\Circles;
 use OCP\App\IAppManager;
 
 /**
@@ -53,8 +54,8 @@ class CirclesService {
 		}
 
 		try {
-			\OCA\Circles\Api\v1\Circles::getMember($circleId, $userId, 1, true);
-			return true;
+			$member = \OCA\Circles\Api\v1\Circles::getMember($circleId, $userId, 1, true);
+			return $member->getLevel() >= Circles::LEVEL_MEMBER;
 		} catch (\Exception $e) {
 		}
 		return false;

lib/Service/ConfigService.php

@@ -73,16 +73,20 @@ class ConfigService {
 				if (!$this->groupManager->isAdmin($this->userId)) {
 					throw new NoPermissionException('You must be admin to get the group limit');
 				}
-				$result = $this->getGroupLimit();
-				break;
+				return $this->getGroupLimit();
 			case 'calendar':
-				$result = (bool)$this->config->getUserValue($this->userId, Application::APP_ID, 'calendar', true);
-				break;
+				if ($this->userId === null) {
+					return false;
+				}
+				return (bool)$this->config->getUserValue($this->userId, Application::APP_ID, 'calendar', true);
 		}
-		return $result;
 	}
 
 	public function isCalendarEnabled(int $boardId = null): bool {
+		if ($this->userId === null) {
+			return false;
+		}
+
 		$defaultState = (bool)$this->config->getUserValue($this->userId, Application::APP_ID, 'calendar', true);
 		if ($boardId === null) {
 			return $defaultState;

lib/Service/FilesAppService.php

@@ -23,7 +23,10 @@
 
 namespace OCA\Deck\Service;
 
+use OCA\Deck\Db\Acl;
 use OCA\Deck\Db\Attachment;
+use OCA\Deck\Db\CardMapper;
+use OCA\Deck\NoPermissionException;
 use OCA\Deck\Sharing\DeckShareProvider;
 use OCA\Deck\StatusException;
 use OCP\AppFramework\Http\StreamResponse;
@@ -38,6 +41,7 @@ use OCP\IRequest;
 use OCP\Share\Exceptions\ShareNotFound;
 use OCP\Share\IManager;
 use OCP\Share\IShare;
+use Psr\Log\LoggerInterface;
 
 class FilesAppService implements IAttachmentService, ICustomAttachmentService {
 	private $request;
@@ -48,8 +52,10 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
 	private $configService;
 	private $l10n;
 	private $preview;
-	private $permissionService;
 	private $mimeTypeDetector;
+	private $permissionService;
+	private $cardMapper;
+	private $logger;
 
 	public function __construct(
 		IRequest $request,
@@ -59,8 +65,10 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
 		ConfigService $configService,
 		DeckShareProvider $shareProvider,
 		IPreview $preview,
-		PermissionService $permissionService,
 		IMimeTypeDetector $mimeTypeDetector,
+		PermissionService $permissionService,
+		CardMapper  $cardMapper,
+		LoggerInterface $logger,
 		string $userId = null
 	) {
 		$this->request = $request;
@@ -72,15 +80,20 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
 		$this->userId = $userId;
 		$this->preview = $preview;
 		$this->mimeTypeDetector = $mimeTypeDetector;
+		$this->permissionService = $permissionService;
+		$this->cardMapper = $cardMapper;
+		$this->logger = $logger;
 	}
 
 	public function listAttachments(int $cardId): array {
 		$shares = $this->shareProvider->getSharedWithByType($cardId, IShare::TYPE_DECK, -1, 0);
-		$shares = array_filter($shares, function ($share) {
-			return $share->getPermissions() > 0;
-		});
-		return array_map(function (IShare $share) use ($cardId) {
-			$file = $share->getNode();
+		return array_filter(array_map(function (IShare $share) use ($cardId) {
+			try {
+				$file = $share->getNode();
+			} catch (NotFoundException $e) {
+				$this->logger->debug('Unable to find node for share with ID ' . $share->getId());
+				return null;
+			}
 			$attachment = new Attachment();
 			$attachment->setType('file');
 			$attachment->setId((int)$share->getId());
@@ -89,9 +102,9 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
 			$attachment->setData($file->getName());
 			$attachment->setLastModified($file->getMTime());
 			$attachment->setCreatedAt($share->getShareTime()->getTimestamp());
-			$attachment->setDeletedAt(0);
+			$attachment->setDeletedAt($share->getPermissions() === 0 ? $share->getShareTime()->getTimestamp() : 0);
 			return $attachment;
-		}, $shares);
+		}, $shares));
 	}
 
 	public function getAttachmentCount(int $cardId): int {
@@ -144,6 +157,7 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
 	}
 
 	public function display(Attachment $attachment) {
+		// Problem: Folders
 		/** @psalm-suppress InvalidCatch */
 		try {
 			$share = $this->shareProvider->getShareById($attachment->getId());
@@ -165,6 +179,9 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
 		$file = $this->getUploadedFile();
 		$fileName = $file['name'];
 
+		// get shares for current card
+		// check if similar filename already exists
+
 		$userFolder = $this->rootFolder->getUserFolder($this->userId);
 		try {
 			$folder = $userFolder->get($this->configService->getAttachmentFolder());
@@ -245,12 +262,16 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
 		$file = $share->getNode();
 		$attachment->setData($file->getName());
 
-		if ($file->getOwner() !== null && $file->getOwner()->getUID() === $this->userId) {
-			$file->delete();
+		// Deleting a Nextcloud file attachment will remove the share to the card, keeping the source file untouched
+		// Opt-out of individual shares per user is no longer performed within deck but can still be done through the files app
+		$canEdit = $this->permissionService->checkPermission($this->cardMapper, $attachment->getCardId(), Acl::PERMISSION_EDIT);
+		$isFileOwner = $file->getOwner() !== null && $file->getOwner()->getUID() === $this->userId;
+		if ($isFileOwner || $canEdit) {
+			$this->shareManager->deleteShare($share);
 			return;
 		}
 
-		$this->shareManager->deleteFromSelf($share, $this->userId);
+		throw new NoPermissionException('No permission to remove the attachment from the card');
 	}
 
 	public function allowUndo() {

lib/Service/PermissionService.php

@@ -23,6 +23,8 @@
 
 namespace OCA\Deck\Service;
 
+use OC\Cache\CappedMemoryCache;
+use OCA\Circles\Model\Member;
 use OCA\Deck\Db\Acl;
 use OCA\Deck\Db\AclMapper;
 use OCA\Deck\Db\Board;
@@ -31,7 +33,6 @@ use OCA\Deck\Db\IPermissionMapper;
 use OCA\Deck\Db\User;
 use OCA\Deck\NoPermissionException;
 use OCP\AppFramework\Db\DoesNotExistException;
-use OCP\AppFramework\Db\Entity;
 use OCP\AppFramework\Db\MultipleObjectsReturnedException;
 use OCP\IConfig;
 use OCP\IGroupManager;
@@ -61,6 +62,7 @@ class PermissionService {
 	private $users = [];
 
 	private $circlesEnabled = false;
+	private $boardCache;
 
 	public function __construct(
 		ILogger $logger,
@@ -81,6 +83,8 @@ class PermissionService {
 		$this->config = $config;
 		$this->userId = $userId;
 
+		$this->boardCache = new CappedMemoryCache();
+
 		$this->circlesEnabled = \OC::$server->getAppManager()->isEnabledForUser('circles') &&
 			(version_compare(\OC::$server->getAppManager()->getAppVersion('circles'), '0.17.1') >= 0);
 	}
@@ -149,10 +153,13 @@ class PermissionService {
 			return true;
 		}
 
-		$acls = $this->aclMapper->findAll($boardId);
-		$result = $this->userCan($acls, $permission, $userId);
-		if ($result) {
-			return true;
+		try {
+			$acls = $this->getBoard($boardId)->getAcl();
+			$result = $this->userCan($acls, $permission, $userId);
+			if ($result) {
+				return true;
+			}
+		} catch (DoesNotExistException | MultipleObjectsReturnedException $e) {
 		}
 
 		// Throw NoPermission to not leak information about existing entries
@@ -168,13 +175,24 @@ class PermissionService {
 			$userId = $this->userId;
 		}
 		try {
-			$board = $this->boardMapper->find($boardId);
-			return $board && $userId === $board->getOwner();
+			$board = $this->getBoard($boardId);
+			return $userId === $board->getOwner();
 		} catch (DoesNotExistException | MultipleObjectsReturnedException $e) {
 		}
 		return false;
 	}
 
+	/**
+	 * @throws MultipleObjectsReturnedException
+	 * @throws DoesNotExistException
+	 */
+	private function getBoard($boardId): Board {
+		if (!isset($this->boardCache[$boardId])) {
+			$this->boardCache[$boardId] = $this->boardMapper->find($boardId, false, true);
+		}
+		return $this->boardCache[$boardId];
+	}
+
 	/**
 	 * Check if permission matches the acl rules for current user and groups
 	 *
@@ -194,8 +212,8 @@ class PermissionService {
 
 			if ($this->circlesEnabled && $acl->getType() === Acl::PERMISSION_TYPE_CIRCLE) {
 				try {
-					\OCA\Circles\Api\v1\Circles::getMember($acl->getParticipant(), $this->userId, 1, true);
-					return $acl->getPermission($permission);
+					$member = \OCA\Circles\Api\v1\Circles::getMember($acl->getParticipant(), $this->userId, 1, true);
+					return $member->getLevel() >= Member::LEVEL_MEMBER && $acl->getPermission($permission);
 				} catch (\Exception $e) {
 					$this->logger->info('Member not found in circle that was accessed. This should not happen.');
 				}

lib/Service/SearchService.php

@@ -81,7 +81,7 @@ class SearchService {
 			return $board->getId();
 		}, $boards);
 		$matchedCards = $this->cardMapper->search($boardIds, $this->filterStringParser->parse($term), $limit, $cursor);
-		
+
 		$self = $this;
 		return array_map(function (Card $card) use ($self) {
 			$self->cardService->enrich($card);
@@ -91,9 +91,24 @@ class SearchService {
 
 	public function searchBoards(string $term, ?int $limit, ?int $cursor): array {
 		$boards = $this->boardService->getUserBoards();
-		return array_filter($boards, static function (Board $board) use ($term) {
-			return mb_stripos(mb_strtolower($board->getTitle()), mb_strtolower($term)) > -1;
+		// get boards that have a lastmodified date which is lower than the cursor
+		// and which match the search term
+		$filteredBoards = array_filter($boards, static function (Board $board) use ($term, $cursor) {
+			return (
+				($cursor === null || $board->getLastModified() < $cursor)
+				&& mb_stripos(mb_strtolower($board->getTitle()), mb_strtolower($term)) > -1
+			);
 		});
+		// sort the boards, recently modified first
+		usort($filteredBoards, function ($boardA, $boardB) {
+			$ta = $boardA->getLastModified();
+			$tb = $boardB->getLastModified();
+			return $ta === $tb
+				? 0
+				: ($ta > $tb ? -1 : 1);
+		});
+		// limit the number of results
+		return array_slice($filteredBoards, 0, $limit);
 	}
 
 	public function searchComments(string $term, ?int $limit = null, ?int $cursor = null): array {

lib/Service/StackService.php

@@ -48,7 +48,6 @@ class StackService {
 	private $assignedUsersMapper;
 	private $attachmentService;
 	private $activityManager;
-	private $symfonyAdapter;
 	private $changeHelper;
 
 	public function __construct(
@@ -110,6 +109,7 @@ class StackService {
 			throw new BadRequestException('stack id must be a number');
 		}
 
+		$this->permissionService->checkPermission($this->stackMapper, $stackId, Acl::PERMISSION_READ);
 		$stack = $this->stackMapper->find($stackId);
 		$cards = $this->cardMapper->findAll($stackId);
 		foreach ($cards as $cardIndex => $card) {

lib/Sharing/DeckShareProvider.php

@@ -271,9 +271,9 @@ class DeckShareProvider implements \OCP\Share\IShareProvider {
 		return $share;
 	}
 
-	private function applyBoardPermission($share, $permissions) {
+	private function applyBoardPermission($share, $permissions, $userId) {
 		try {
-			$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_EDIT);
+			$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_EDIT, $userId);
 		} catch (NoPermissionException $e) {
 			$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_UPDATE;
 			$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_CREATE;
@@ -281,7 +281,7 @@ class DeckShareProvider implements \OCP\Share\IShareProvider {
 		}
 
 		try {
-			$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_SHARE);
+			$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_SHARE, $userId);
 		} catch (NoPermissionException $e) {
 			$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_SHARE;
 		}
@@ -646,7 +646,7 @@ class DeckShareProvider implements \OCP\Share\IShareProvider {
 			$stmt = $query->execute();
 
 			while ($data = $stmt->fetch()) {
-				$this->applyBoardPermission($shareMap[$data['parent']], (int)$data['permissions']);
+				$this->applyBoardPermission($shareMap[$data['parent']], (int)$data['permissions'], $userId);
 				$shareMap[$data['parent']]->setTarget($data['file_target']);
 			}
 

lib/StatusException.php

@@ -23,6 +23,12 @@
 
 namespace OCA\Deck;
 
+/**
+ * User facing exception that can be thrown with an error being reported to the frontend
+ * or consumers of the API
+ *
+ * This exception is catched in the ExceptionMiddleware
+ */
 class StatusException extends \Exception {
 	public function __construct($message) {
 		parent::__construct($message);

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "deck",
 	"description": "",
-	"version": "1.0.0",
+	"version": "1.4.6",
 	"authors": [
 		{
 			"name": "Julius Härtl",
@@ -129,4 +129,4 @@
 			"<rootDir>/node_modules/jest-serializer-vue"
 		]
 	}
-}
+}

src/components/AttachmentDragAndDrop.vue

@@ -131,6 +131,12 @@ export default {
 		position: relative;
 	}
 
+	.attachments-drag-zone.drop-upload--sidebar {
+		display: flex;
+		flex-direction: column;
+		flex-basis: 100%;
+	}
+
 	.dragover {
 		position: absolute;
 		background: var(--color-primary-light);

src/components/board/Board.vue

@@ -32,7 +32,7 @@
 			</div>
 			<EmptyContent v-else-if="isEmpty" key="empty" icon="icon-deck">
 				{{ t('deck', 'No lists available') }}
-				<template #desc>
+				<template v-if="canManage" #desc>
 					{{ t('deck', 'Create a new list to add cards to this board') }}
 					<form @submit.prevent="addNewStack()">
 						<input id="new-stack-input-main"
@@ -110,6 +110,7 @@ export default {
 		}),
 		...mapGetters([
 			'canEdit',
+			'canManage',
 		]),
 		stacksByBoard() {
 			return this.$store.getters.stacksByBoard(this.board.id)

src/components/card/AttachmentList.vue

@@ -22,7 +22,7 @@
 
 <template>
 	<AttachmentDragAndDrop :card-id="cardId" class="drop-upload--sidebar">
-		<div class="button-group">
+		<div class="button-group" v-if="!isReadOnly">
 			<button class="icon-upload" @click="uploadNewFile()">
 				{{ t('deck', 'Upload new files') }}
 			</button>
@@ -49,18 +49,25 @@
 			</li>
 			<li v-for="attachment in attachments"
 				:key="attachment.id"
-				class="attachment">
+				class="attachment"
+				:class="{ 'attachment--deleted': attachment.deletedAt > 0 }">
 				<a class="fileicon"
+					:href="internalLink(attachment)"
 					:style="mimetypeForAttachment(attachment)"
 					@click.prevent="showViewer(attachment)" />
 				<div class="details">
-					<a @click.prevent="showViewer(attachment)">
+					<a :href="internalLink(attachment)" @click.prevent="showViewer(attachment)">
 						<div class="filename">
 							<span class="basename">{{ attachment.data }}</span>
 						</div>
-						<span class="filesize">{{ formattedFileSize(attachment.extendedData.filesize) }}</span>
-						<span class="filedate">{{ relativeDate(attachment.createdAt*1000) }}</span>
-						<span class="filedate">{{ attachment.createdBy }}</span>
+						<div v-if="attachment.deletedAt === 0">
+							<span class="filesize">{{ formattedFileSize(attachment.extendedData.filesize) }}</span>
+							<span class="filedate">{{ relativeDate(attachment.createdAt*1000) }}</span>
+							<span class="filedate">{{ attachment.createdBy }}</span>
+						</div>
+						<div v-else>
+							<span class="attachment--info">{{ t('deck', 'Pending share') }}</span>
+						</div>
 					</a>
 				</div>
 				<Actions v-if="selectable">
@@ -68,12 +75,12 @@
 						{{ t('deck', 'Add this attachment') }}
 					</ActionButton>
 				</Actions>
-				<Actions v-if="removable" :force-menu="true">
+				<Actions v-if="removable && !isReadOnly" :force-menu="true">
 					<ActionLink v-if="attachment.extendedData.fileid" icon="icon-folder" :href="internalLink(attachment)">
 						{{ t('deck', 'Show in Files') }}
 					</ActionLink>
-					<ActionButton v-if="attachment.extendedData.fileid" icon="icon-delete" @click="unshareAttachment(attachment)">
-						{{ t('deck', 'Unshare file') }}
+					<ActionButton v-if="attachment.extendedData.fileid && !isReadOnly" icon="icon-delete" @click="unshareAttachment(attachment)">
+						{{ t('deck', 'Remove attachment') }}
 					</ActionButton>
 
 					<ActionButton v-if="!attachment.extendedData.fileid && attachment.deletedAt === 0" icon="icon-delete" @click="$emit('deleteAttachment', attachment)">
@@ -143,6 +150,7 @@ export default {
 	},
 	computed: {
 		attachments() {
+			// FIXME sort propertly by last modified / deleted at
 			return [...this.$store.getters.attachmentsByCard(this.cardId)].filter(attachment => attachment.deletedAt >= 0).sort((a, b) => b.id - a.id)
 		},
 		mimetypeForAttachment() {
@@ -320,9 +328,10 @@ export default {
 					opacity: 0.7;
 				}
 			}
+			.attachment--info,
 			.filesize, .filedate {
 				font-size: 90%;
-				color: darkgray;
+				color: var(--color-text-maxcontrast);
 			}
 			.app-popover-menu-utils {
 				position: relative;

src/components/card/CardSidebar.vue

@@ -185,6 +185,13 @@ export default {
 
 <style lang="scss" scoped>
 
+	section.app-sidebar__tab--active {
+		min-height: auto;
+		display: flex;
+		flex-direction: column;
+		height: 100%;
+	}
+
 	// FIXME: Obivously we should at some point not randomly reuse the sidebar component
 	// since this is not oficially supported
 	.modal__card .app-sidebar {
@@ -202,7 +209,6 @@ export default {
 			.app-sidebar-header {
 				position: sticky;
 				top: 0;
-				padding-top: $modal-padding;
 				z-index: 100;
 				background-color: var(--color-main-background);
 			}
@@ -214,12 +220,6 @@ export default {
 				background-color: var(--color-main-background);
 			}
 
-			section.app-sidebar__tab--active {
-				min-height: auto;
-				display: flex;
-				flex-direction: column;
-			}
-
 			#emptycontent, .emptycontent {
 				margin-top: 88px;
 			}

src/components/card/CommentForm.vue

@@ -26,7 +26,7 @@
 			<At ref="at"
 				v-model="commentText"
 				:members="members"
-				name-key="uid"
+				name-key="displayname"
 				:tab-select="true">
 				<template v-slot:item="s">
 					<Avatar class="atwho-li--avatar" :user="s.item.uid" :size="24" />

tests/psalm-baseline.xml

@@ -193,6 +193,9 @@
       <code>$cardId</code>
     </InvalidScalarArgument>
   </file>
+  <file src="lib/Service/AttachmentService.php">
+    <InvalidCatch occurrences="1"/>
+  </file>
   <file src="lib/Service/BoardService.php">
     <TooManyArguments occurrences="2">
       <code>findAll</code>
@@ -263,7 +266,8 @@
     </MissingDependency>
   </file>
   <file src="lib/Service/PermissionService.php">
-    <UndefinedClass occurrences="2">
+    <UndefinedClass occurrences="3">
+      <code>Member</code>
       <code>\OCA\Circles\Api\v1\Circles</code>
       <code>\OCA\Circles\Api\v1\Circles</code>
     </UndefinedClass>

tests/unit/Middleware/ExceptionMiddlewareTest.php

@@ -47,10 +47,12 @@ class ExceptionMiddlewareTest extends \Test\TestCase {
 	public function setUp(): void {
 		$this->logger = $this->createMock(ILogger::class);
 		$this->config = $this->createMock(IConfig::class);
+		$this->request = $this->createMock(IRequest::class);
 		$this->controller = $this->createMock(Controller::class);
 		$this->exceptionMiddleware = new ExceptionMiddleware(
 			$this->logger,
-			$this->config
+			$this->config,
+			$this->request
 		);
 	}
 
@@ -81,10 +83,11 @@ class ExceptionMiddlewareTest extends \Test\TestCase {
 	}
 
 	public function testAfterExceptionFail() {
+		$this->request->expects($this->any())->method('getId')->willReturn('abc123');
 		// BoardService $boardService, PermissionService $permissionService, $userId
 		$boardController = new BoardController('deck', $this->createMock(IRequest::class), $this->createMock(BoardService::class), $this->createMock(PermissionService::class), 'admin');
-		$result = $this->exceptionMiddleware->afterException($boardController, 'bar', new \Exception('failed hard'));
-		$this->assertEquals('failed hard', $result->getData()['message']);
+		$result = $this->exceptionMiddleware->afterException($boardController, 'bar', new \Exception('other exception message'));
+		$this->assertEquals('Internal server error: Please contact the server administrator if this error reappears multiple times, please include the request ID "abc123" below in your report.', $result->getData()['message']);
 		$this->assertEquals(500, $result->getData()['status']);
 	}
 }

tests/unit/Notification/NotifierTest.php

@@ -25,29 +25,33 @@ namespace OCA\Deck\Notification;
 
 use OCA\Deck\Db\BoardMapper;
 use OCA\Deck\Db\CardMapper;
+use OCA\Deck\Db\StackMapper;
 use OCP\IL10N;
 use OCP\IURLGenerator;
 use OCP\IUser;
 use OCP\IUserManager;
 use OCP\L10N\IFactory;
 use OCP\Notification\INotification;
+use PHPUnit\Framework\MockObject\MockObject;
 
 class NotifierTest extends \Test\TestCase {
 
-	/** @var IFactory */
+	/** @var IFactory|MockObject */
 	protected $l10nFactory;
-	/** @var IURLGenerator */
+	/** @var IURLGenerator|MockObject */
 	protected $url;
-	/** @var IUserManager */
+	/** @var IUserManager|MockObject */
 	protected $userManager;
-	/** @var CardMapper */
+	/** @var CardMapper|MockObject */
 	protected $cardMapper;
+	/** @var StackMapper|MockObject */
+	protected $stackMapper;
 	/** @var BoardMapper */
 	protected $boardMapper;
+	/** @var IL10N|MockObject */
+	protected $l10n;
 	/** @var Notifier */
 	protected $notifier;
-	/** @var IL10N */
-	protected $l10n;
 
 	public function setUp(): void {
 		parent::setUp();
@@ -55,12 +59,14 @@ class NotifierTest extends \Test\TestCase {
 		$this->url = $this->createMock(IURLGenerator::class);
 		$this->userManager = $this->createMock(IUserManager::class);
 		$this->cardMapper = $this->createMock(CardMapper::class);
+		$this->stackMapper = $this->createMock(StackMapper::class);
 		$this->boardMapper = $this->createMock(BoardMapper::class);
 		$this->notifier = new Notifier(
 			$this->l10nFactory,
 			$this->url,
 			$this->userManager,
 			$this->cardMapper,
+			$this->stackMapper,
 			$this->boardMapper
 		);
 		$this->l10n = \OC::$server->getL10N('deck');
@@ -149,7 +155,7 @@ class NotifierTest extends \Test\TestCase {
 			->with($expectedMessage);
 		$notification->expects($this->once())
 			->method('setRichSubject')
-			->with('{user} has mentioned you in a comment on "Card title".');
+			->with('{user} has mentioned you in a comment on {deck-card}.');
 
 
 		$this->url->expects($this->once())
@@ -218,11 +224,25 @@ class NotifierTest extends \Test\TestCase {
 			->with($expectedMessage);
 		$notification->expects($this->once())
 			->method('setRichSubject')
-			->with('{user} has assigned the card "Card title" on "Board title" to you.', [
+			->with('{user} has assigned the card {deck-card} on {deck-board} to you.', [
 				'user' => [
 					'type' => 'user',
 					'id' => 'otheruser',
 					'name' => $dn,
+				],
+				'deck-card' => [
+					'type' => 'deck-card',
+					'id' => '123',
+					'name' => 'Card title',
+					'boardname' => 'Board title',
+					'stackname' => null,
+					'link' => '#/board/123/card/123',
+				],
+				'deck-board' => [
+					'type' => 'deck-board',
+					'id' => 123,
+					'name' => 'Board title',
+					'link' => '#/board/123',
 				]
 			]);
 
@@ -288,11 +308,17 @@ class NotifierTest extends \Test\TestCase {
 			->with($expectedMessage);
 		$notification->expects($this->once())
 			->method('setRichSubject')
-			->with('{user} has shared the board Board title with you.', [
+			->with('{user} has shared {deck-board} with you.', [
 				'user' => [
 					'type' => 'user',
 					'id' => 'otheruser',
 					'name' => $dn,
+				],
+				'deck-board' => [
+					'type' => 'deck-board',
+					'id' => 123,
+					'name' => 'Board title',
+					'link' => '#/board/123',
 				]
 			]);
 

tests/unit/Service/PermissionServiceTest.php

@@ -146,7 +146,7 @@ class PermissionServiceTest extends \Test\TestCase {
 	}
 
 	public function testUserIsBoardOwnerNull() {
-		$this->boardMapper->expects($this->once())->method('find')->willReturn(null);
+		$this->boardMapper->expects($this->once())->method('find')->willThrowException(new DoesNotExistException('board does not exist'));
 		$this->assertEquals(false, $this->service->userIsBoardOwner(123));
 	}
 
@@ -225,12 +225,9 @@ class PermissionServiceTest extends \Test\TestCase {
 		$board = new Board();
 		$board->setId($boardId);
 		$board->setOwner($owner);
+		$board->setAcl($this->getAcls($boardId));
 		$this->boardMapper->expects($this->any())->method('find')->willReturn($board);
 
-		// acl check
-		$acls = $this->getAcls($boardId);
-		$this->aclMapper->expects($this->any())->method('findAll')->willReturn($acls);
-
 		$this->shareManager->expects($this->any())
 			->method('sharingDisabledForUser')
 			->willReturn(false);
@@ -250,14 +247,12 @@ class PermissionServiceTest extends \Test\TestCase {
 		$board = new Board();
 		$board->setId($boardId);
 		$board->setOwner($owner);
+		$board->setAcl($this->getAcls($boardId));
 		if ($boardId === null) {
 			$this->boardMapper->expects($this->any())->method('find')->willThrowException(new DoesNotExistException('not found'));
 		} else {
 			$this->boardMapper->expects($this->any())->method('find')->willReturn($board);
 		}
-		$acls = $this->getAcls($boardId);
-		$this->aclMapper->expects($this->any())->method('findAll')->willReturn($acls);
-
 
 		if ($result) {
 			$actual = $this->service->checkPermission($mapper, 1234, $permission);