check access rights in controller, not before

controllers/class.AddDocument.php

@@ -86,10 +86,12 @@ class SeedDMS_Controller_AddDocument extends SeedDMS_Controller_Common {
 			}
 			/* Check if additional notification shall be added */
 			foreach($notificationusers as $notuser) {
+				if($document->getAccessMode($user) >= M_READ)
 					$res = $document->addNotify($notuser->getID(), true);
 			}
 			foreach($notificationgroups as $notgroup) {
-				$res = $document->addNotify($notgroup->getID(), false);
+				if($document->getGroupAccessMode($notgroup) >= M_READ)
+					$res = $document->addNotify($notgroup->getID(), false);
 			}
 
 			if(!$this->callHook('postAddDocument', $document)) {

op/op.AddDocument.php

@@ -299,8 +299,7 @@ if(!empty($_POST['notification_users'])) {
 	foreach($_POST['notification_users'] as $notuserid) {
 		$notuser = $dms->getUser($notuserid);
 		if($notuser) {
-			if($document->getAccessMode($user) >= M_READ)
+			$notusers[] = $notuser;
-				$notusers[] = $notuser;
 		}
 	}
 }
@@ -309,8 +308,7 @@ if(!empty($_POST['notification_groups'])) {
 	foreach($_POST['notification_groups'] as $notgroupid) {
 		$notgroup = $dms->getGroup($notgroupid);
 		if($notgroup) {
-			if($document->getGroupAccessMode($notgroup) >= M_READ)
+			$notgroups[] = $notgroup;
-				$notgroups[] = $notgroup;
 		}
 	}
 }