check access rights in controller, not before

controllers/class.AddDocument.php

@@ -86,9 +86,11 @@ class SeedDMS_Controller_AddDocument extends SeedDMS_Controller_Common {
 			}
 			/* Check if additional notification shall be added */
 			foreach($notificationusers as $notuser) {
+				if($document->getAccessMode($user) >= M_READ)
 					$res = $document->addNotify($notuser->getID(), true);
 			}
 			foreach($notificationgroups as $notgroup) {
+				if($document->getGroupAccessMode($notgroup) >= M_READ)
 					$res = $document->addNotify($notgroup->getID(), false);
 			}
 

op/op.AddDocument.php

@@ -299,7 +299,6 @@ if(!empty($_POST['notification_users'])) {
 	foreach($_POST['notification_users'] as $notuserid) {
 		$notuser = $dms->getUser($notuserid);
 		if($notuser) {
-			if($document->getAccessMode($user) >= M_READ)
 			$notusers[] = $notuser;
 		}
 	}
@@ -309,7 +308,6 @@ if(!empty($_POST['notification_groups'])) {
 	foreach($_POST['notification_groups'] as $notgroupid) {
 		$notgroup = $dms->getGroup($notgroupid);
 		if($notgroup) {
-			if($document->getGroupAccessMode($notgroup) >= M_READ)
 			$notgroups[] = $notgroup;
 		}
 	}