From 29f19127daeac19c6e2264ded071f8b8e0db180f Mon Sep 17 00:00:00 2001
From: Florian Steffens <florian.steffens@nextcloud.com>
Date: Thu, 10 Aug 2023 09:07:49 +0200
Subject: [PATCH] ci fixes

Signed-off-by: Florian Steffens <florian.steffens@nextcloud.com>
---
 appinfo/routes.php                                      | 4 ++--
 lib/Controller/Api1Controller.php                       | 6 +++---
 lib/Service/PermissionsService.php                      | 8 +++++++-
 lib/Service/TableService.php                            | 3 +--
 tests/integration/features/bootstrap/FeatureContext.php | 1 +
 5 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/appinfo/routes.php b/appinfo/routes.php
index 70194aead..a342e7aae 100644
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -43,14 +43,14 @@
 		['name' => 'api1#indexTableRows',	'url' => '/api/1/tables/{tableId}/rows', 'verb' => 'GET'],
 		['name' => 'api1#indexViewRows',	'url' => '/api/1/views/{viewId}/rows', 'verb' => 'GET'],
 		['name' => 'api1#createRowInView',	'url' => '/api/1/views/{viewId}/rows', 'verb' => 'POST'],
-		['name' => 'row#createRowInTable', 'url' => '/api/1/tables/{tableId}/rows', 'verb' => 'POST'],
+		['name' => 'api1#createRowInTable', 'url' => '/api/1/tables/{tableId}/rows', 'verb' => 'POST'],
 
 		['name' => 'api1#getRow',	'url' => '/api/1/rows/{rowId}', 'verb' => 'GET'],
 		['name' => 'api1#deleteRowByView',	'url' => '/api/1/views/{viewId}/rows/{rowId}', 'verb' => 'DELETE'],
 		['name' => 'api1#updateRow',	'url' => '/api/1/rows/{rowId}', 'verb' => 'PUT'],
 		['name' => 'api1#deleteRow',	'url' => '/api/1/rows/{rowId}', 'verb' => 'DELETE'],
 		// -> import
-		['name' => 'api1#importInTable', 'url' => '/api/1/import/table/{tablesId}', 'verb' => 'POST'],
+		['name' => 'api1#importInTable', 'url' => '/api/1/import/table/{tableId}', 'verb' => 'POST'],
 		['name' => 'api1#importInView', 'url' => '/api/1/import/views/{viewId}', 'verb' => 'POST'],
 
 		// Deprecated API calls
diff --git a/lib/Controller/Api1Controller.php b/lib/Controller/Api1Controller.php
index 83535c345..e1e8c7241 100644
--- a/lib/Controller/Api1Controller.php
+++ b/lib/Controller/Api1Controller.php
@@ -100,9 +100,9 @@ public function getTable(int $tableId): DataResponse {
 	 * @CORS
 	 * @NoCSRFRequired
 	 */
-	public function updateTable(int $id, string $title = null, string $emoji = null): DataResponse {
-		return $this->handleError(function () use ($id, $title, $emoji) {
-			return $this->tableService->update($id, $title, $emoji, $this->userId);
+	public function updateTable(int $tableId, string $title = null, string $emoji = null): DataResponse {
+		return $this->handleError(function () use ($tableId, $title, $emoji) {
+			return $this->tableService->update($tableId, $title, $emoji, $this->userId);
 		});
 	}
 
diff --git a/lib/Service/PermissionsService.php b/lib/Service/PermissionsService.php
index 152e1864d..04ae6f0b1 100644
--- a/lib/Service/PermissionsService.php
+++ b/lib/Service/PermissionsService.php
@@ -67,6 +67,10 @@ public function preCheckUserId(string $userId = null, bool $canBeEmpty = true):
 
 	// ***** TABLES permissions *****
 
+	public function canReadTable(Table $table, ?string $userId = null): bool {
+		return $this->canReadColumnsByTableId($table->getId(), $userId);
+	}
+
 	/**
 	 * @param Table $table
 	 * @param string|null $userId
@@ -173,7 +177,9 @@ public function canReadColumnsByViewId(int $viewId, ?string $userId = null): boo
 	}
 
 	public function canReadColumnsByTableId(int $tableId, ?string $userId = null): bool {
-		return $this->canReadRowsByElementId($tableId, 'table', $userId);
+		$canReadRows = $this->checkPermissionById($tableId, 'table', 'read', $userId);
+		$canCreateRows = $this->checkPermissionById($tableId, 'table', 'create', $userId);
+		return $canCreateRows || $canReadRows;
 	}
 
 	/**
diff --git a/lib/Service/TableService.php b/lib/Service/TableService.php
index 3d0c2e985..fe03e90aa 100644
--- a/lib/Service/TableService.php
+++ b/lib/Service/TableService.php
@@ -197,7 +197,7 @@ public function find(int $id, bool $skipTableEnhancement = false, ?string $userI
 			$table = $this->mapper->find($id);
 
 			// security
-			if (!$this->permissionsService->canManageTable($table, $userId)) {
+			if (!$this->permissionsService->canReadTable($table, $userId)) {
 				throw new PermissionError('PermissionError: can not read table with id '.$id);
 			}
 
@@ -224,7 +224,6 @@ public function find(int $id, bool $skipTableEnhancement = false, ?string $userI
 	 * @throws DoesNotExistException
 	 * @throws InternalError
 	 * @throws MultipleObjectsReturnedException
-	 * @throws NotFoundError
 	 * @throws PermissionError
 	 * @throws \OCP\DB\Exception
 	 */
diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php
index ffa3584f9..63b0b79ec 100644
--- a/tests/integration/features/bootstrap/FeatureContext.php
+++ b/tests/integration/features/bootstrap/FeatureContext.php
@@ -207,6 +207,7 @@ public function userTables(string $user, TableNode $body = null): void {
 		);
 
 		$data = $this->getDataFromResponse($this->response);
+
 		Assert::assertEquals(200, $this->response->getStatusCode());
 
 		// check if tables are empty