viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-06-28 06:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

userAttribute forbid list

Browse Source
This commit is contained in:
Yuri Kuznetsov
2024-05-02 20:39:13 +03:00
parent 06771f2f3e
commit 4e9e71b1bb
1 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
application/Espo/Core/Formula/Functions/EnvGroup/UserAttributeType.php
View File

@@ -29,10 +29,8 @@
namespace Espo\Core\Formula\Functions\EnvGroup;
use Espo\Core\Formula\{
Functions\BaseFunction,
ArgumentList,
};
use Espo\Core\Formula\ArgumentList;
use Espo\Core\Formula\Functions\BaseFunction;
use Espo\Core\Di;
@@ -41,6 +39,13 @@ class UserAttributeType extends BaseFunction implements
{
use Di\UserSetter;
/** @var string[] */
private array $forbiddenAttributeList = [
'password',
'apiKey',
'secretKey',
];
public function process(ArgumentList $args)
{
if (count($args) < 1) {
@@ -53,6 +58,10 @@ class UserAttributeType extends BaseFunction implements
$this->throwBadArgumentType(1, 'string');
}
if (in_array($attribute, $this->forbiddenAttributeList)) {
return null;
}
return $this->user->get($attribute);
}
}