Add missing permission checks.

ajax/contact/add.php

@@ -25,11 +25,12 @@ OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('contacts');
 OCP\JSON::callCheck();
 
+require_once __DIR__.'/../loghandler.php';
+
 $aid = isset($_POST['aid'])?$_POST['aid']:null;
 if(!$aid) {
 	$aid = min(OC_Contacts_Addressbook::activeIds()); // first active addressbook.
 }
-OC_Contacts_App::getAddressbook( $aid ); // is owner access check
 
 $isnew = isset($_POST['isnew'])?$_POST['isnew']:false;
 $fn = trim($_POST['fn']);
@@ -40,13 +41,15 @@ $vcard->setUID();
 $vcard->setString('FN', $fn);
 $vcard->setString('N', $n);
 
-$id = OC_Contacts_VCard::add($aid, $vcard, null, $isnew);
+$id = null;
+try {
+	$id = OC_Contacts_VCard::add($aid, $vcard, null, $isnew);
+} catch(Exception $e) {
+	bailOut($e->getMessage());
+}
+
 if(!$id) {
-	OCP\JSON::error(array(
-		'data' => array(
-			'message' => OC_Contacts_App::$l10n->t('There was an error adding the contact.'))));
-	OCP\Util::writeLog('contacts', 'ajax/addcontact.php: Recieved non-positive ID on adding card: '.$id, OCP\Util::ERROR);
-	exit();
+	bailOut('There was an error adding the contact.');
 }
 
 $lastmodified = OC_Contacts_App::lastModified($vcard);

lib/vcard.php

@@ -290,7 +290,11 @@ class OC_Contacts_VCard {
 		if ($addressbook['userid'] != OCP\User::getUser()) {
 			$sharedAddressbook = OCP\Share::getItemSharedWithBySource('addressbook', $aid);
 			if (!$sharedAddressbook || !($sharedAddressbook['permissions'] & OCP\Share::PERMISSION_CREATE)) {
-				return false;
+				throw new Exception(
+					OC_Contacts_App::$l10n->t(
+						'You do not have the permissions to add contacts to this addressbook.'
+					)
+				);
 			}
 		}
 		if(!$isChecked) {