viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-06-28 06:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

cs fixes

Browse Source
This commit is contained in:
Yuri Kuznetsov
2021-03-31 20:04:27 +03:00
parent e2814141d4
commit 622b27448f
32 changed files with 359 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/Espo/Controllers/App.php
View File

@@ -55,7 +55,9 @@ class App implements
if (empty($data->token)) {
throw new BadRequest();
}
$auth = $this->injectableFactory->create(Authentication::class);
return $auth->destroyAuthToken($data->token, $request);
}
}

18
application/Espo/Controllers/DashboardTemplate.php
View File

@@ -43,8 +43,13 @@ class DashboardTemplate extends \Espo\Core\Controllers\Record
public function postActionDeployToUsers($params, $data)
{
if (empty($data->id)) throw new BadRequest();
if (empty($data->userIdList)) throw new BadRequest();
if (empty($data->id)) {
throw new BadRequest();
}
if (empty($data->userIdList)) {
throw new BadRequest();
}
return $this->getServiceFactory()->create('DashboardTemplate')->deployToUsers(
$data->id,
@@ -55,8 +60,13 @@ class DashboardTemplate extends \Espo\Core\Controllers\Record
public function postActionDeployToTeam($params, $data)
{
if (empty($data->id)) throw new BadRequest();
if (empty($data->teamId)) throw new BadRequest();
if (empty($data->id)) {
throw new BadRequest();
}
if (empty($data->teamId)) {
throw new BadRequest();
}
return $this->getServiceFactory()->create('DashboardTemplate')->deployToTeam(
$data->id,

75
application/Espo/Controllers/Email.php
View File

@@ -56,7 +56,9 @@ class Email extends \Espo\Core\Controllers\Record
if (!$this->getUser()->isAdmin() && $data->id !== $this->getUser()->id) {
throw new Forbidden();
}
$preferences = $this->getEntityManager()->getEntity('Preferences', $data->id);
if (!$preferences) {
throw new NotFound();
}
@@ -64,15 +66,19 @@ class Email extends \Espo\Core\Controllers\Record
if (is_null($data->password)) {
$data->password = $this->getContainer()->get('crypt')->decrypt($preferences->get('smtpPassword'));
}
} else if ($data->type == 'emailAccount') {
}
else if ($data->type == 'emailAccount') {
if (!$this->getAcl()->checkScope('EmailAccount')) {
throw new Forbidden();
}
if (!empty($data->id)) {
$emailAccount = $this->getEntityManager()->getEntity('EmailAccount', $data->id);
if (!$emailAccount) {
throw new NotFound();
}
if (!$this->getUser()->isAdmin()) {
if ($emailAccount->get('assignedUserId') !== $this->getUser()->id) {
throw new Forbidden();
@@ -82,23 +88,31 @@ class Email extends \Espo\Core\Controllers\Record
$data->password = $this->getContainer()->get('crypt')->decrypt($emailAccount->get('smtpPassword'));
}
}
} else if ($data->type == 'inboundEmail') {
}
else if ($data->type == 'inboundEmail') {
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
if (!empty($data->id)) {
$emailAccount = $this->getEntityManager()->getEntity('InboundEmail', $data->id);
if (!$emailAccount) {
throw new NotFound();
}
if (is_null($data->password)) {
$data->password = $this->getContainer()->get('crypt')->decrypt($emailAccount->get('smtpPassword'));
$data->password = $this->getContainer()
->get('crypt')
->decrypt($emailAccount->get('smtpPassword'));
}
}
} else {
}
else {
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
if (is_null($data->password)) {
$data->password = $this->getConfig()->get('smtpPassword');
}
@@ -112,13 +126,16 @@ class Email extends \Espo\Core\Controllers\Record
{
if (!empty($data->ids)) {
$idList = $data->ids;
} else {
}
else {
if (!empty($data->id)) {
$idList = [$data->id];
} else {
}
else {
throw new BadRequest();
}
}
return $this->getRecordService()->markAsReadByIdList($idList);
}
@@ -126,13 +143,16 @@ class Email extends \Espo\Core\Controllers\Record
{
if (!empty($data->ids)) {
$idList = $data->ids;
} else {
}
else {
if (!empty($data->id)) {
$idList = [$data->id];
} else {
}
else {
throw new BadRequest();
}
}
return $this->getRecordService()->markAsNotReadByIdList($idList);
}
@@ -145,13 +165,16 @@ class Email extends \Espo\Core\Controllers\Record
{
if (!empty($data->ids)) {
$idList = $data->ids;
} else {
}
else {
if (!empty($data->id)) {
$idList = [$data->id];
} else {
}
else {
throw new BadRequest();
}
}
return $this->getRecordService()->markAsImportantByIdList($idList);
}
@@ -159,13 +182,16 @@ class Email extends \Espo\Core\Controllers\Record
{
if (!empty($data->ids)) {
$idList = $data->ids;
} else {
}
else {
if (!empty($data->id)) {
$idList = [$data->id];
} else {
}
else {
throw new BadRequest();
}
}
return $this->getRecordService()->markAsNotImportantByIdList($idList);
}
@@ -173,13 +199,16 @@ class Email extends \Espo\Core\Controllers\Record
{
if (!empty($data->ids)) {
$idList = $data->ids;
} else {
}
else {
if (!empty($data->id)) {
$idList = [$data->id];
} else {
}
else {
throw new BadRequest();
}
}
return $this->getRecordService()->moveToTrashByIdList($idList);
}
@@ -187,13 +216,16 @@ class Email extends \Espo\Core\Controllers\Record
{
if (!empty($data->ids)) {
$idList = $data->ids;
} else {
}
else {
if (!empty($data->id)) {
$idList = [$data->id];
} else {
}
else {
throw new BadRequest();
}
}
return $this->getRecordService()->retrieveFromTrashByIdList($idList);
}
@@ -226,10 +258,12 @@ class Email extends \Espo\Core\Controllers\Record
{
if (!empty($data->ids)) {
$idList = $data->ids;
} else {
}
else {
if (!empty($data->id)) {
$idList = [$data->id];
} else {
}
else {
throw new BadRequest();
}
}
@@ -237,12 +271,15 @@ class Email extends \Espo\Core\Controllers\Record
if (empty($data->folderId)) {
throw new BadRequest();
}
return $this->getRecordService()->moveToFolderByIdList($idList, $data->folderId);
}
public function getActionGetInsertFieldData($params, $data, $request)
{
if (!$this->getAcl()->checkScope('Email', 'create')) throw new Forbidden();
if (!$this->getAcl()->checkScope('Email', 'create')) {
throw new Forbidden();
}
return $this->getServiceFactory()->create('EmailTemplate')->getInsertFieldData([
'parentId' => $request->get('parentId'),

4
application/Espo/Controllers/EmailAddress.php
View File

@@ -38,11 +38,15 @@ class EmailAddress extends \Espo\Core\Controllers\Record
if (!$this->getAcl()->checkScope('Email')) {
throw new Forbidden();
}
if (!$this->getAcl()->checkScope('Email', 'create')) {
throw new Forbidden();
}
$q = $request->get('q');
$maxSize = intval($request->get('maxSize'));
if (empty($maxSize) || $maxSize > 50) {
$maxSize = $this->getConfig()->get('recordsPerPage', 20);
}

5
application/Espo/Controllers/EmailTemplate.php
View File

@@ -37,16 +37,17 @@ class EmailTemplate extends \Espo\Core\Controllers\Record
{
$id = $request->get('id');
$emailAddress = $request->get('emailAddress');
if (empty($id)) {
throw new Error();
}
return $this->getRecordService()->parse($id, array(
return $this->getRecordService()->parse($id, [
'emailAddress' => $request->get('emailAddress'),
'parentType' => $request->get('parentType'),
'parentId' => $request->get('parentId'),
'relatedType' => $request->get('relatedType'),
'relatedId' => $request->get('relatedId')
), true);
], true);
}
}

6
application/Espo/Controllers/EntityManager.php
View File

@@ -47,9 +47,13 @@ use Espo\Core\{
class EntityManager
{
protected $user;
protected $dataManager;
protected $config;
protected $entityManagerTool;
protected $configWriter;
public function __construct(
@@ -397,7 +401,7 @@ class EntityManager
}
$this->entityManagerTool->resetToDefaults($data->scope);
$this->dataManager->clearCache();
return true;

18
application/Espo/Controllers/Extension.php
View File

@@ -31,6 +31,8 @@ namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\ExtensionManager;
class Extension extends \Espo\Core\Controllers\Record
{
protected function checkControllerAccess()
@@ -46,7 +48,7 @@ class Extension extends \Espo\Core\Controllers\Record
throw new Forbidden();
}
$manager = new \Espo\Core\ExtensionManager($this->getContainer());
$manager = new ExtensionManager($this->getContainer());
$id = $manager->upload($data);
$manifest = $manager->getManifest();
@@ -64,13 +66,14 @@ class Extension extends \Espo\Core\Controllers\Record
if (!$request->isPost()) {
throw new Forbidden();
}
if ($this->getConfig()->get('restrictedMode')) {
if (!$this->getUser()->isSuperAdmin()) {
throw new Forbidden();
}
}
$manager = new \Espo\Core\ExtensionManager($this->getContainer());
$manager = new ExtensionManager($this->getContainer());
$manager->install(get_object_vars($data));
@@ -82,14 +85,17 @@ class Extension extends \Espo\Core\Controllers\Record
if (!$request->isPost()) {
throw new Forbidden();
}
if ($this->getConfig()->get('restrictedMode')) {
if (!$this->getUser()->isSuperAdmin()) {
throw new Forbidden();
}
}
$manager = new \Espo\Core\ExtensionManager($this->getContainer());
$manager = new ExtensionManager($this->getContainer());
$manager->uninstall(get_object_vars($data));
return true;
}
@@ -99,13 +105,17 @@ class Extension extends \Espo\Core\Controllers\Record
if (!$request->isDelete()) {
throw BadRequest();
}
if ($this->getConfig()->get('restrictedMode')) {
if (!$this->getUser()->isSuperAdmin()) {
throw new Forbidden();
}
}
$manager = new \Espo\Core\ExtensionManager($this->getContainer());
$manager = new ExtensionManager($this->getContainer());
$manager->delete($params);
return true;
}

18
application/Espo/Controllers/ExternalAccount.php
View File

@@ -49,8 +49,12 @@ class ExternalAccount extends \Espo\Core\Controllers\Record
$integrations = $this->getEntityManager()->getRepository('Integration')->find();
$list = [];
foreach ($integrations as $entity) {
if ($entity->get('enabled') && $this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts')) {
if (
$entity->get('enabled') &&
$this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts')
) {
$userAccountAclScope = $this->getMetadata()->get(['integrations', $entity->id, 'userAccountAclScope']);
@@ -61,10 +65,11 @@ class ExternalAccount extends \Espo\Core\Controllers\Record
}
$list[] = [
'id' => $entity->id
'id' => $entity->id,
];
}
}
return [
'list' => $list
];
@@ -73,6 +78,7 @@ class ExternalAccount extends \Espo\Core\Controllers\Record
public function actionGetOAuth2Info($params, $data, $request)
{
$id = $request->get('id');
list($integration, $userId) = explode('__', $id);
if ($this->getUser()->id != $userId && !$this->getUser()->isAdmin()) {
@@ -80,12 +86,13 @@ class ExternalAccount extends \Espo\Core\Controllers\Record
}
$entity = $this->getEntityManager()->getEntity('Integration', $integration);
if ($entity) {
return array(
return [
'clientId' => $entity->get('clientId'),
'redirectUri' => $this->getConfig()->get('siteUrl') . '?entryPoint=oauthCallback',
'isConnected' => $this->getRecordService()->ping($integration, $userId)
);
];
}
}
@@ -118,7 +125,9 @@ class ExternalAccount extends \Espo\Core\Controllers\Record
}
$entity = $this->getEntityManager()->getEntity('ExternalAccount', $params['id']);
$entity->set($data);
$this->getEntityManager()->saveEntity($entity);
return $entity->toArray();
@@ -140,6 +149,7 @@ class ExternalAccount extends \Espo\Core\Controllers\Record
}
$service = $this->getRecordService();
return $service->authorizationCode($integration, $userId, $code);
}
}

4
application/Espo/Controllers/Import.php
View File

@@ -92,9 +92,11 @@ class Import extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
if (!$request->isPost()) {
throw new BadRequest();
}
$this->getService('Import')->revert($data->id);
return true;
@@ -105,9 +107,11 @@ class Import extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
if (!$request->isPost()) {
throw new BadRequest();
}
$this->getService('Import')->removeDuplicates($data->id);
return true;

2
application/Espo/Controllers/InboundEmail.php
View File

@@ -56,9 +56,11 @@ class InboundEmail extends \Espo\Core\Controllers\Record
{
if (is_null($data->password)) {
$inboundEmail = $this->getEntityManager()->getEntity('InboundEmail', $data->id);
if (!$inboundEmail || !$inboundEmail->id) {
throw new Error();
}
$data->password = $this->getContainer()->get('crypt')->decrypt($inboundEmail->get('password'));
}

2
application/Espo/Controllers/LabelManager.php
View File

@@ -44,7 +44,9 @@ use Espo\{
class LabelManager
{
protected $user;
protected $dataManager;
protected $labelManagerTool;
public function __construct(User $user, DataManager $dataManager, LabelManagerTool $labelManagerTool)

8
application/Espo/Controllers/LastViewed.php
View File

@@ -31,6 +31,8 @@ namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Controllers\Record;
class LastViewed extends \Espo\Core\Controllers\Base
{
public function getActionIndex($params, $data, $request)
@@ -40,10 +42,12 @@ class LastViewed extends \Espo\Core\Controllers\Base
$params['offset'] = $request->get('offset', 0);
$params['maxSize'] = $request->get('maxSize');
$maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', \Espo\Core\Controllers\Record::MAX_SIZE_LIMIT);
$maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', Record::MAX_SIZE_LIMIT);
if (empty($params['maxSize'])) {
$params['maxSize'] = $maxSizeLimit;
}
if (!empty($params['maxSize']) && $params['maxSize'] > $maxSizeLimit) {
throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
}
@@ -52,7 +56,7 @@ class LastViewed extends \Espo\Core\Controllers\Base
return (object) [
'total' => $result->total,
'list' => $result->collection->getValueMapList()
'list' => $result->collection->getValueMapList(),
];
}
}

32
application/Espo/Controllers/Layout.php
View File

@@ -49,9 +49,13 @@ class Layout extends \Espo\Core\Controllers\Base
{
$data = json_decode($request->getBodyContents());
if (is_object($data)) $data = get_object_vars($data);
if (is_object($data)) {
$data = get_object_vars($data);
}
if (!$this->getUser()->isAdmin()) throw new Forbidden();
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
$scope = $params['scope'] ?? null;
$name = $params['name'] ?? null;
@@ -62,19 +66,29 @@ class Layout extends \Espo\Core\Controllers\Base
public function postActionResetToDefault($params, $data, $request)
{
if (!$this->getUser()->isAdmin()) throw new Forbidden();
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
if (empty($data->scope) || empty($data->name)) throw new BadRequest();
if (empty($data->scope) || empty($data->name)) {
throw new BadRequest();
}
return $this->getServiceFactory()->create('Layout')->resetToDefault($data->scope, $data->name, $data->setId ?? null);
return $this->getServiceFactory()
->create('Layout')
->resetToDefault($data->scope, $data->name, $data->setId ?? null);
}
public function getActionGetOriginal($params, $data, $request)
{
if (!$this->getUser()->isAdmin()) throw new Forbidden();
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
return $this->getServiceFactory()->create('Layout')->getOriginal(
$request->get('scope'), $request->get('name'), $request->get('setId')
);
return $this->getServiceFactory()
->create('Layout')
->getOriginal(
$request->get('scope'), $request->get('name'), $request->get('setId')
);
}
}

3
application/Espo/Controllers/Metadata.php
View File

@@ -41,8 +41,9 @@ class Metadata extends \Espo\Core\Controllers\Base
public function getActionGet($params, $data, $request)
{
if (!$this->getUser()->isAdmin()) {
throw new \Forbidden();
throw new Forbidden();
}
$key = $request->get('key');
return $this->getMetadata()->get($key, false);

2
application/Espo/Controllers/Notification.php
View File

@@ -64,12 +64,14 @@ class Notification extends \Espo\Core\Controllers\Record
public function actionNotReadCount()
{
$userId = $this->getUser()->id;
return $this->getService('Notification')->getNotReadCount($userId);
}
public function postActionMarkAllRead($params, $data, $request)
{
$userId = $this->getUser()->id;
return $this->getService('Notification')->markAllRead($userId);
}

8
application/Espo/Controllers/Pdf.php
View File

@@ -40,21 +40,27 @@ class Pdf extends \Espo\Core\Controllers\Base
if (empty($data->idList) || !is_array($data->idList)) {
throw new BadRequest();
}
if (empty($data->entityType)) {
throw new BadRequest();
}
if (empty($data->templateId)) {
throw new BadRequest();
}
if (!$this->getAcl()->checkScope('Template')) {
throw new Forbidden();
}
if (!$this->getAcl()->checkScope($data->entityType)) {
throw new Forbidden();
}
return [
'id' => $this->getServiceFactory()->create('Pdf')->massGenerate($data->entityType, $data->idList, $data->templateId, true)
'id' => $this->getServiceFactory()
->create('Pdf')
->massGenerate($data->entityType, $data->idList, $data->templateId, true)
];
}
}

1
application/Espo/Controllers/Portal.php
View File

@@ -36,6 +36,7 @@ class Portal extends \Espo\Core\Controllers\Record
protected function checkControllerAccess()
{
$portalPermission = $this->getAcl()->get('portalPermission');
if (!$portalPermission || $portalPermission === 'no') {
throw new Forbidden();
}

29
application/Espo/Controllers/Preferences.php
View File

@@ -63,12 +63,15 @@ class Preferences extends \Espo\Core\Controllers\Base
public function actionDelete($params, $data, $request)
{
$userId = $params['id'];
if (empty($userId)) {
throw new BadRequest();
}
if (!$request->isDelete()) {
throw new BadRequest();
}
$this->handleUserAccess($userId);
return $this->getEntityManager()->getRepository('Preferences')->resetToDefaults($userId);
@@ -82,6 +85,7 @@ class Preferences extends \Espo\Core\Controllers\Base
public function actionUpdate($params, $data, $request)
{
$userId = $params['id'];
$this->handleUserAccess($userId);
if (!$request->isPost() && !$request->isPatch() && !$request->isPut()) {
@@ -106,6 +110,7 @@ class Preferences extends \Espo\Core\Controllers\Base
if ($entity && $user) {
$entity->set($data);
$this->getEntityManager()->saveEntity($entity);
$entity->set('smtpEmailAddress', $user->get('emailAddress'));
@@ -115,12 +120,14 @@ class Preferences extends \Espo\Core\Controllers\Base
return $entity->getValueMap();
}
throw new Error();
}
public function actionRead($params)
{
$userId = $params['id'];
$this->handleUserAccess($userId);
$entity = $this->getEntityManager()->getEntity('Preferences', $userId);
@@ -145,7 +152,9 @@ class Preferences extends \Espo\Core\Controllers\Base
public function postActionResetDashboard($params, $data)
{
if (empty($data->id)) throw new BadRequest();
if (empty($data->id)) {
throw new BadRequest();
}
$userId = $data->id;
@@ -153,10 +162,18 @@ class Preferences extends \Espo\Core\Controllers\Base
$user = $this->getEntityManager()->getEntity('User', $userId);
$preferences = $this->getEntityManager()->getEntity('Preferences', $userId);
if (!$user) throw new NotFound();
if (!$preferences) throw new NotFound();
if ($user->isPortal()) throw new Forbidden();
if (!$user) {
throw new NotFound();
}
if (!$preferences) {
throw new NotFound();
}
if ($user->isPortal()) {
throw new Forbidden();
}
if ($this->getAcl()->getLevel('Preferences', 'edit') === 'no') {
throw new Forbidden();
@@ -173,14 +190,14 @@ class Preferences extends \Espo\Core\Controllers\Base
$preferences->set([
'dashboardLayout' => $dashboardLayout,
'dashletsOptions' => $dashletsOptions
'dashletsOptions' => $dashletsOptions,
]);
$this->getEntityManager()->saveEntity($preferences);
return (object) [
'dashboardLayout' => $preferences->get('dashboardLayout'),
'dashletsOptions' => $preferences->get('dashletsOptions')
'dashletsOptions' => $preferences->get('dashletsOptions'),
];
}
}

2
application/Espo/Controllers/Settings.php
View File

@@ -46,7 +46,9 @@ class Settings extends \Espo\Core\Controllers\Base
$data->jsLibs = $this->getMetadata()->get(['app', 'jsLibs']);
unset($data->loginView);
$loginView = $this->getMetadata()->get(['clientDefs', 'App', 'loginView']);
if ($loginView) {
$data->loginView = $loginView;
}

7
application/Espo/Controllers/Stream.php
View File

@@ -41,6 +41,7 @@ class Stream
public static $defaultAction = 'list';
protected $serviceFactory;
protected $config;
public function __construct(ServiceFactory $serviceFactory, Config $config)
@@ -56,14 +57,17 @@ class Stream
$offset = intval($request->get('offset'));
$maxSize = intval($request->get('maxSize'));
$after = $request->get('after');
$filter = $request->get('filter');
$skipOwn = $request->get('skipOwn') === 'true';
$maxSizeLimit = $this->config->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
if (empty($maxSize)) {
$maxSize = $maxSizeLimit;
}
if (!empty($maxSize) && $maxSize > $maxSizeLimit) {
throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
}
@@ -94,6 +98,7 @@ class Stream
$where = $request->get('where');
$maxSizeLimit = $this->config->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
if (empty($maxSize)) {
$maxSize = $maxSizeLimit;
}
@@ -111,7 +116,7 @@ class Stream
return (object) [
'total' => $result->total,
'list' => $result->collection->getValueMapList()
'list' => $result->collection->getValueMapList(),
];
}
}

24
application/Espo/Controllers/TemplateManager.php
View File

@@ -39,11 +39,16 @@ use Espo\Core\ApplicationState;
class TemplateManager
{
protected $metadata;
protected $templateFileManager;
protected $applicationState;
public function __construct(Metadata $metadata, TemplateFileManager $templateFileManager, ApplicationState $applicationState)
{
public function __construct(
Metadata $metadata,
TemplateFileManager $templateFileManager,
ApplicationState $applicationState
) {
$this->metadata = $metadata;
$this->templateFileManager = $templateFileManager;
$this->applicationState = $applicationState;
@@ -56,15 +61,21 @@ class TemplateManager
public function getActionGetTemplate($params, $data, $request)
{
$name = $request->get('name');
if (empty($name)) throw new BadRequest();
if (empty($name)) {
throw new BadRequest();
}
$scope = $request->get('scope');
$module = null;
$module = $this->metadata->get(['app', 'templates', $name, 'module']);
$hasSubject = !$this->metadata->get(['app', 'templates', $name, 'noSubject']);
$templateFileManager = $this->templateFileManager;
$returnData = (object) [];
$returnData->body = $templateFileManager->getTemplate($name, 'body', $scope, $module);
if ($hasSubject) {
@@ -77,9 +88,11 @@ class TemplateManager
public function postActionSaveTemplate($params, $data)
{
$scope = null;
if (empty($data->name)) {
throw new BadRequest();
}
if (!empty($data->scope)) {
$scope = $data->scope;
}
@@ -100,15 +113,19 @@ class TemplateManager
public function postActionResetTemplate($params, $data)
{
$scope = null;
if (empty($data->name)) {
throw new BadRequest();
}
if (!empty($data->scope)) {
$scope = $data->scope;
}
$module = null;
$module = $this->metadata->get(['app', 'templates', $data->name, 'module']);
$hasSubject = !$this->metadata->get(['app', 'templates', $data->name, 'noSubject']);
$templateFileManager = $this->templateFileManager;
@@ -120,6 +137,7 @@ class TemplateManager
$templateFileManager->resetTemplate($data->name, 'body', $scope);
$returnData = (object) [];
$returnData->body = $templateFileManager->getTemplate($data->name, 'body', $scope, $module);
if ($hasSubject) {

37
application/Espo/Controllers/User.php
View File

@@ -39,6 +39,7 @@ class User extends \Espo\Core\Controllers\Record
public function actionAcl($params, $data, $request)
{
$userId = $request->get('id');
if (empty($userId)) {
throw new Error();
}
@@ -48,6 +49,7 @@ class User extends \Espo\Core\Controllers\Record
}
$user = $this->getEntityManager()->getEntity('User', $userId);
if (empty($user)) {
throw new NotFound();
}
@@ -60,7 +62,9 @@ class User extends \Espo\Core\Controllers\Record
if (!property_exists($data, 'password') || !property_exists($data, 'currentPassword')) {
throw new BadRequest();
}
return $this->getService('User')->changePassword($this->getUser()->id, $data->password, true, $data->currentPassword);
return $this->getService('User')
->changePassword($this->getUser()->id, $data->password, true, $data->currentPassword);
}
public function postActionChangePasswordByRequest($params, $data, $request)
@@ -80,7 +84,9 @@ class User extends \Espo\Core\Controllers\Record
$userName = $data->userName;
$emailAddress = $data->emailAddress;
$url = null;
if (!empty($data->url)) {
$url = $data->url;
}
@@ -90,27 +96,44 @@ class User extends \Espo\Core\Controllers\Record
public function postActionGenerateNewApiKey($params, $data, $request)
{
if (empty($data->id)) throw new BadRequest();
if (!$this->getUser()->isAdmin()) throw new Forbidden();
if (empty($data->id)) {
throw new BadRequest();
}
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
return $this->getRecordService()->generateNewApiKeyForEntity($data->id)->getValueMap();
}
public function postActionGenerateNewPassword($params, $data, $request)
{
if (empty($data->id)) throw new BadRequest();
if (!$this->getUser()->isAdmin()) throw new Forbidden();
if (empty($data->id)) {
throw new BadRequest();
}
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
$this->getRecordService()->generateNewPasswordForUser($data->id);
return true;
}
public function beforeCreateLink()
{
if (!$this->getUser()->isAdmin()) throw new Forbidden();
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
}
public function beforeRemoveLink($params, $data, $request)
{
if (!$this->getUser()->isAdmin()) throw new Forbidden();
if (!$this->getUser()->isAdmin()) {
throw new Forbidden();
}
}
protected function fetchListParamsFromRequest(&$params, $request, $data)

28
application/Espo/Controllers/UserSecurity.php
View File

@@ -45,8 +45,13 @@ class UserSecurity extends \Espo\Core\Controllers\Base
{
$id = $params['id'] ?? null;
if (!$id) throw new BadRequest();
if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
if (!$id) {
throw new BadRequest();
}
if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) {
throw new Forbidden();
}
return $this->getService('UserSecurity')->read($id);
}
@@ -54,10 +59,16 @@ class UserSecurity extends \Espo\Core\Controllers\Base
public function postActionGenerate2FAData($params, $data)
{
$data = $data ?? (object) [];
$id = $data->id;
if (!$id) throw new BadRequest();
if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
if (!$id) {
throw new BadRequest();
}
if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) {
throw new Forbidden();
}
return $this->getService('UserSecurity')->generate2FAData($id, $data);
}
@@ -67,8 +78,13 @@ class UserSecurity extends \Espo\Core\Controllers\Base
$id = $params['id'] ?? null;
$data = $data ?? (object) [];
if (!$id) throw new BadRequest();
if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
if (!$id) {
throw new BadRequest();
}
if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) {
throw new Forbidden();
}
return $this->getService('UserSecurity')->update($id, $data);
}

6
application/Espo/Controllers/Webhook.php
View File

@@ -43,7 +43,11 @@ class Webhook extends \Espo\Core\Controllers\Record
public function actionCreate($params, $data, $request, $response = null)
{
$result = parent::actionCreate($params, $data, $request, $response);
if ($response) $response->setStatus(201);
if ($response) {
$response->setStatus(201);
}
return $result;
}
}

63
application/Espo/Modules/Crm/Controllers/Activities.php
View File

@@ -60,6 +60,7 @@ class Activities extends \Espo\Core\Controllers\Base
$service = $this->getService('Activities');
$scopeList = null;
if ($request->get('scopeList') !== null) {
$scopeList = explode(',', $request->get('scopeList'));
}
@@ -70,13 +71,16 @@ class Activities extends \Espo\Core\Controllers\Base
if ($teamIdList) {
$teamIdList = explode(',', $teamIdList);
return $userResultList = $service->getTeamsEventList($teamIdList, $from, $to, $scopeList);
}
if ($userIdList) {
$userIdList = explode(',', $userIdList);
return $service->getUsersEventList($userIdList, $from, $to, $scopeList);
} else {
}
else {
if (!$userId) {
$userId = $this->getUser()->id;
}
@@ -105,6 +109,7 @@ class Activities extends \Espo\Core\Controllers\Base
$service = $this->getService('Activities');
$scopeList = null;
if ($request->get('scopeList') !== null) {
$scopeList = explode(',', $request->get('scopeList'));
}
@@ -114,9 +119,11 @@ class Activities extends \Espo\Core\Controllers\Base
if ($userIdList) {
$userIdList = explode(',', $userIdList);
} else {
}
else {
$userIdList = [];
}
if ($userId) {
$userIdList[] = $userId;
}
@@ -129,6 +136,7 @@ class Activities extends \Espo\Core\Controllers\Base
$service = $this->getService('Activities');
$userId = $request->get('userId');
if (!$userId) {
$userId = $this->getUser()->id;
}
@@ -141,17 +149,24 @@ class Activities extends \Espo\Core\Controllers\Base
$futureDays = intval($request->get('futureDays'));
$maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
if (empty($maxSize)) {
$maxSize = $maxSizeLimit;
}
if (!empty($maxSize) && $maxSize > $maxSizeLimit) {
throw new Forbidden("Max should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
}
return $service->getUpcomingActivities($userId, array(
'offset' => $offset,
'maxSize' => $maxSize
), $entityTypeList, $futureDays);
return $service->getUpcomingActivities(
$userId,
[
'offset' => $offset,
'maxSize' => $maxSize
],
$entityTypeList,
$futureDays
);
}
public function actionPopupNotifications()
@@ -170,6 +185,7 @@ class Activities extends \Espo\Core\Controllers\Base
if (empty($data->id)) {
throw new BadRequest();
}
$id = $data->id;
return $this->getService('Activities')->removeReminder($id);
@@ -190,6 +206,7 @@ class Activities extends \Espo\Core\Controllers\Base
if (empty($params['scope'])) {
throw new BadRequest();
}
if (empty($params['id'])) {
throw new BadRequest();
}
@@ -204,14 +221,17 @@ class Activities extends \Espo\Core\Controllers\Base
$where = $request->get('where');
$maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
if (empty($maxSize)) {
$maxSize = $maxSizeLimit;
}
if (!empty($maxSize) && $maxSize > $maxSizeLimit) {
throw new Forbidden("Max should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
}
$scope = null;
if (is_array($where) && !empty($where[0]) && $where[0] !== 'false') {
$scope = $where[0];
}
@@ -231,10 +251,21 @@ class Activities extends \Espo\Core\Controllers\Base
public function getActionEntityTypeList($params, $data, $request)
{
if (empty($params['scope'])) throw new BadRequest();
if (empty($params['id'])) throw new BadRequest();
if (empty($params['name'])) throw new BadRequest();
if (empty($params['entityType'])) throw new BadRequest();
if (empty($params['scope'])) {
throw new BadRequest();
}
if (empty($params['id'])) {
throw new BadRequest();
}
if (empty($params['name'])) {
throw new BadRequest();
}
if (empty($params['entityType'])) {
throw new BadRequest();
}
$scope = $params['scope'];
$id = $params['id'];
@@ -243,9 +274,11 @@ class Activities extends \Espo\Core\Controllers\Base
if ($name === 'activities') {
$isHistory = false;
} else if ($name === 'history') {
}
else if ($name === 'history') {
$isHistory = true;
} else {
}
else {
throw new BadRequest();
}
@@ -254,9 +287,11 @@ class Activities extends \Espo\Core\Controllers\Base
ControllerUtil::fetchListParamsFromRequest($params, $request, $data);
$maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', 200);
if (empty($params['maxSize'])) {
$params['maxSize'] = $maxSizeLimit;
}
if (!empty($params['maxSize']) && $params['maxSize'] > $maxSizeLimit) {
throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
}
@@ -277,7 +312,9 @@ class Activities extends \Espo\Core\Controllers\Base
$to = $request->get('to');
$userIdList = $request->get('userIdList');
if (!$from || !$to || !$userIdList) throw new BadRequest();
if (!$from || !$to || !$userIdList) {
throw new BadRequest();
}
$userIdList = explode(',', $userIdList);

1
application/Espo/Modules/Crm/Controllers/Campaign.php
View File

@@ -39,6 +39,7 @@ class Campaign extends \Espo\Core\Controllers\Record
if (empty($data->campaignId)) {
throw new BadRequest();
}
if (empty($data->link)) {
throw new BadRequest();
}

9
application/Espo/Modules/Crm/Controllers/CaseObj.php
View File

@@ -35,8 +35,13 @@ class CaseObj extends \Espo\Core\Controllers\Record
public function getActionEmailAddressList($params, $data, $request)
{
if (!$request->get('id')) throw new BadRequest();
if (!$this->getAcl()->checkScope($this->name, 'read')) throw new Forbidden();
if (!$request->get('id')) {
throw new BadRequest();
}
if (!$this->getAcl()->checkScope($this->name, 'read')) {
throw new Forbidden();
}
return $this->getRecordService()->getEmailAddressList($request->get('id'));
}

8
application/Espo/Modules/Crm/Controllers/KnowledgeBaseArticle.php
View File

@@ -36,6 +36,7 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
$id = $data->id;
return $this->getRecordService()->getCopiedAttachments($id);
@@ -47,6 +48,7 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record
throw new BadRequest();
}
$where = null;
if (!empty($data->where)) {
$where = $data->where;
$where = json_decode(json_encode($where), true);
@@ -62,7 +64,9 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
$where = null;
if (!empty($data->where)) {
$where = $data->where;
$where = json_decode(json_encode($where), true);
@@ -78,7 +82,9 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
$where = null;
if (!empty($data->where)) {
$where = $data->where;
$where = json_decode(json_encode($where), true);
@@ -94,7 +100,9 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
$where = null;
if (!empty($data->where)) {
$where = $data->where;
$where = json_decode(json_encode($where), true);

2
application/Espo/Modules/Crm/Controllers/Lead.php
View File

@@ -38,6 +38,7 @@ class Lead extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
if (empty($data->records)) {
$data->records = (object) [];
}
@@ -51,6 +52,7 @@ class Lead extends \Espo\Core\Controllers\Record
if (!empty($entity)) {
return $entity->toArray();
}
throw new Error();
}

16
application/Espo/Modules/Crm/Controllers/Opportunity.php
View File

@@ -37,6 +37,7 @@ class Opportunity extends \Espo\Core\Controllers\Record
public function actionReportByLeadSource($params, $data, $request)
{
$level = $this->getAcl()->getLevel('Opportunity', 'read');
if (!$level || $level == 'no') {
throw new Forbidden();
}
@@ -51,6 +52,7 @@ class Opportunity extends \Espo\Core\Controllers\Record
public function actionReportByStage($params, $data, $request)
{
$level = $this->getAcl()->getLevel('Opportunity', 'read');
if (!$level || $level == 'no') {
throw new Forbidden();
}
@@ -65,6 +67,7 @@ class Opportunity extends \Espo\Core\Controllers\Record
public function actionReportSalesByMonth($params, $data, $request)
{
$level = $this->getAcl()->getLevel('Opportunity', 'read');
if (!$level || $level == 'no') {
throw new Forbidden();
}
@@ -79,6 +82,7 @@ class Opportunity extends \Espo\Core\Controllers\Record
public function actionReportSalesPipeline($params, $data, $request)
{
$level = $this->getAcl()->getLevel('Opportunity', 'read');
if (!$level || $level == 'no') {
throw new Forbidden();
}
@@ -89,13 +93,19 @@ class Opportunity extends \Espo\Core\Controllers\Record
$useLastStage = $request->get('useLastStage') === 'true';
$teamId = $request->get('teamId') ?? null;
return $this->getService('Opportunity')->reportSalesPipeline($dateFilter, $dateFrom, $dateTo, $useLastStage, $teamId);
return $this->getService('Opportunity')
->reportSalesPipeline($dateFilter, $dateFrom, $dateTo, $useLastStage, $teamId);
}
public function getActionEmailAddressList($params, $data, $request)
{
if (!$request->get('id')) throw new BadRequest();
if (!$this->getAcl()->checkScope($this->name, 'read')) throw new Forbidden();
if (!$request->get('id')) {
throw new BadRequest();
}
if (!$this->getAcl()->checkScope($this->name, 'read')) {
throw new Forbidden();
}
return $this->getRecordService()->getEmailAddressList($request->get('id'));
}

2
application/Espo/Modules/Crm/Controllers/Target.php
View File

@@ -38,11 +38,13 @@ class Target extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
$entity = $this->getRecordService()->convert($data->id);
if (!empty($entity)) {
return $entity->getValueMap();
}
throw new Error();
}
}

6
application/Espo/Modules/Crm/Controllers/TargetList.php
View File

@@ -56,12 +56,15 @@ class TargetList extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
if (empty($data->targetType)) {
throw new BadRequest();
}
if (empty($data->targetId)) {
throw new BadRequest();
}
$data->id = strval($data->id);
$data->targetId = strval($data->targetId);
@@ -73,12 +76,15 @@ class TargetList extends \Espo\Core\Controllers\Record
if (empty($data->id)) {
throw new BadRequest();
}
if (empty($data->targetType)) {
throw new BadRequest();
}
if (empty($data->targetId)) {
throw new BadRequest();
}
$data->id = strval($data->id);
$data->targetId = strval($data->targetId);