diff --git a/application/Espo/Core/Portal/AclManager.php b/application/Espo/Core/Portal/AclManager.php index 5ca8caf6ef..5b2b724d8f 100644 --- a/application/Espo/Core/Portal/AclManager.php +++ b/application/Espo/Core/Portal/AclManager.php @@ -37,6 +37,10 @@ class AclManager extends \Espo\Core\AclManager { protected $tableClassName = '\\Espo\\Core\\AclPortal\\Table'; + private $mainManager = null; + + private $portal = null; + public function getImplementation($scope) { if (empty($this->implementationHashMap[$scope])) { @@ -70,6 +74,29 @@ class AclManager extends \Espo\Core\AclManager return $this->implementationHashMap[$scope]; } + public function setMainManager($mainManager) + { + $this->mainManager = $mainManager; + } + + protected function getMainManager() + { + return $this->mainManager; + } + + public function setPortal($portal) + { + $this->portal = $portal; + } + + protected function getPortal() + { + if ($this->portal) { + return $this->portal; + } + return $this->getContainer()->get('portal'); + } + protected function getTable(User $user) { $key = $user->id; @@ -82,7 +109,7 @@ class AclManager extends \Espo\Core\AclManager $fileManager = $this->getContainer()->get('fileManager'); $metadata = $this->getContainer()->get('metadata'); $fieldManager = $this->getContainer()->get('fieldManager'); - $portal = $this->getContainer()->get('portal'); + $portal = $this->getPortal(); $this->tableHashMap[$key] = new $this->tableClassName($user, $portal, $config, $fileManager, $metadata, $fieldManager); } @@ -118,5 +145,114 @@ class AclManager extends \Espo\Core\AclManager return $this->getImplementation($entity->getEntityType())->checkIsOwnContact($user, $entity); } + public function getMap(User $user) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->getMap($user); + } + return parent::getMap($user); + } + + public function getLevel(User $user, $scope, $action) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->getLevel($user, $scope, $action); + } + return parent::getLevel($user, $scope, $action); + } + + public function get(User $user, $permission) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->get($user, $permission); + } + return parent::get($user, $permission); + } + + public function checkReadOnlyTeam(User $user, $permission) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->checkReadOnlyTeam($user, $permission); + } + return false; + } + + public function checkReadOnlyOwn(User $user, $permission) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->checkReadOnlyOwn($user, $permission); + } + return false; + } + + public function check(User $user, $subject, $action = null) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->check($user, $subject, $action); + } + return parent::check($user, $subject, $action); + } + + public function checkEntity(User $user, $subject, $action = null) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->checkEntity($user, $subject, $action); + } + return parent::checkEntity($user, $subject, $action); + } + + public function checkIsOwner(User $user, Entity $entity) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->checkIsOwner($user, $entity); + } + return parent::checkIsOwner($user, $entity); + } + + public function checkInTeam(User $user, Entity $entity) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->checkInTeam($user, $entity); + } + return parent::checkInTeam($user, $entity); + } + + public function checkScope(User $user, $scope, $action = null) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->checkScope($user, $scope, $action); + } + return parent::checkScope($user, $scope, $action); + } + + public function checkUser(User $user, $permission, User $entity) + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->checkUser($user, $permission, $entity); + } + return parent::checkUser($user, $permission, $entity); + } + + public function getScopeForbiddenAttributeList(User $user, $scope, $action = 'read', $thresholdLevel = 'no') + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->getScopeForbiddenAttributeList($user, $scope, $action, $thresholdLevel); + } + return parent::getScopeForbiddenAttributeList($user, $scope, $action, $thresholdLevel); + } + + public function getScopeForbiddenFieldList(User $user, $scope, $action = 'read', $thresholdLevel = 'no') + { + if ($this->checkUserIsNotPortal($user)) { + return $this->getMainManager()->getScopeForbiddenFieldList($user, $scope, $action, $thresholdLevel); + } + return parent::getScopeForbiddenFieldList($user, $scope, $action, $thresholdLevel); + } + + protected function checkUserIsNotPortal($user) + { + return !$user->get('isPortalUser'); + } + } diff --git a/application/Espo/Core/Portal/Container.php b/application/Espo/Core/Portal/Container.php index 9ca9d06482..82f1b0de48 100644 --- a/application/Espo/Core/Portal/Container.php +++ b/application/Espo/Core/Portal/Container.php @@ -38,12 +38,27 @@ class Container extends \Espo\Core\Container return $className; } + protected function getServiceMainClassName($name, $default) + { + $metadata = $this->get('metadata'); + $className = $metadata->get('app.serviceContainer.classNames.' . $name, $default); + return $className; + } + protected function loadAclManager() { $className = $this->getServiceClassName('aclManager', '\\Espo\\Core\\Portal\\AclManager'); - return new $className( + $mainClassName = $this->getServiceMainClassName('aclManager', '\\Espo\\Core\\AclManager'); + + $obj = new $className( $this->get('container') ); + $objMain = new $mainClassName( + $this->get('container') + ); + $obj->setMainManager($objMain); + + return $obj; } protected function loadAcl()