From 1beff8945bab2bd275fe13e1dc31aaec81477d4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Mon, 27 Feb 2023 11:25:45 +0100
Subject: [PATCH] fix: Pass user id along to properly check permissions in
 background jobs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 lib/Service/PermissionService.php | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/lib/Service/PermissionService.php b/lib/Service/PermissionService.php
index 2956b3234..c1c0e9eaa 100644
--- a/lib/Service/PermissionService.php
+++ b/lib/Service/PermissionService.php
@@ -97,21 +97,26 @@ public function __construct(
 	 * @param $boardId
 	 * @return bool|array
 	 */
-	public function getPermissions($boardId) {
-		if ($cached = $this->permissionCache->get($boardId)) {
+	public function getPermissions($boardId, ?string $userId = null) {
+		if ($userId === null) {
+			$userId = $this->userId;
+		}
+
+		$cacheKey = $boardId . '-' . $userId;
+		if ($cached = $this->permissionCache->get($cacheKey)) {
 			return $cached;
 		}
 
-		$owner = $this->userIsBoardOwner($boardId);
+		$owner = $this->userIsBoardOwner($boardId, $userId);
 		$acls = $this->aclMapper->findAll($boardId);
 		$permissions = [
-			Acl::PERMISSION_READ => $owner || $this->userCan($acls, Acl::PERMISSION_READ),
-			Acl::PERMISSION_EDIT => $owner || $this->userCan($acls, Acl::PERMISSION_EDIT),
-			Acl::PERMISSION_MANAGE => $owner || $this->userCan($acls, Acl::PERMISSION_MANAGE),
-			Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE))
-				&& (!$this->shareManager->sharingDisabledForUser($this->userId))
+			Acl::PERMISSION_READ => $owner || $this->userCan($acls, Acl::PERMISSION_READ, $userId),
+			Acl::PERMISSION_EDIT => $owner || $this->userCan($acls, Acl::PERMISSION_EDIT, $userId),
+			Acl::PERMISSION_MANAGE => $owner || $this->userCan($acls, Acl::PERMISSION_MANAGE, $userId),
+			Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE, $userId))
+				&& (!$this->shareManager->sharingDisabledForUser($userId))
 		];
-		$this->permissionCache->set($boardId, $permissions);
+		$this->permissionCache->set($cacheKey, $permissions);
 		return $permissions;
 	}
 
@@ -153,7 +158,7 @@ public function checkPermission($mapper, $id, $permission, $userId = null): bool
 			throw new NoPermissionException('Permission denied');
 		}
 
-		$permissions = $this->getPermissions($boardId);
+		$permissions = $this->getPermissions($boardId, $userId);
 		if ($permissions[$permission] === true) {
 			return true;
 		}