(core) Report memos consistently for blocked actions involving schema

Summary:
Currently actions blocked early because they could modify the
schema (e.g. changing formulas) do not report memo information
(comments in relevant rules).  This diff fixes that by using
more of the same code path in the two situations.  It also
adds information about what type of action was blocked to
error messages.

Test Plan: extended a test

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2995

app/server/lib/GranularAccess.ts

@@ -739,10 +739,9 @@ export class GranularAccess implements GranularAccessForBundle {
    * Asserts that user has schema access.
    */
   private async _assertSchemaAccess(docSession: OptDocSession) {
+    if (this._hasExceptionalFullAccess(docSession)) { return; }
     const permInfo = await this._getAccess(docSession);
-    if (permInfo.getFullAccess().perms.schemaEdit !== 'allow') {
+    accessChecks.fatal.schemaEdit.throwIfDenied(permInfo.getFullAccess());
-      throw new ErrorWithCode('ACL_DENY', `Schema access required`);
-    }
   }
 
   // The AccessCheck for the "read" permission is used enough to merit a shortcut.
@@ -1865,7 +1864,10 @@ class AccessCheck implements IAccessCheck {
     const result = ps.perms[this.access];
     if (result !== 'deny') { return; }
     const memos = ps.getMemos()[this.access];
-    throw new ErrorWithCode('ACL_DENY', `Blocked by ${ps.ruleType} access rules`, {
+    const label =
+      this.access === 'schemaEdit' ? 'structure' :
+      this.access;
+    throw new ErrorWithCode('ACL_DENY', `Blocked by ${ps.ruleType} ${label} access rules`, {
       memos,
       status: 403
     });