From 622b27448f982e5ca0c6035523ac2f8171bedfcb Mon Sep 17 00:00:00 2001 From: Yuri Kuznetsov Date: Wed, 31 Mar 2021 20:04:27 +0300 Subject: [PATCH] cs fixes --- application/Espo/Controllers/App.php | 2 + .../Espo/Controllers/DashboardTemplate.php | 18 ++++- application/Espo/Controllers/Email.php | 75 ++++++++++++++----- application/Espo/Controllers/EmailAddress.php | 4 + .../Espo/Controllers/EmailTemplate.php | 5 +- .../Espo/Controllers/EntityManager.php | 6 +- application/Espo/Controllers/Extension.php | 18 ++++- .../Espo/Controllers/ExternalAccount.php | 18 ++++- application/Espo/Controllers/Import.php | 4 + application/Espo/Controllers/InboundEmail.php | 2 + application/Espo/Controllers/LabelManager.php | 2 + application/Espo/Controllers/LastViewed.php | 8 +- application/Espo/Controllers/Layout.php | 32 +++++--- application/Espo/Controllers/Metadata.php | 3 +- application/Espo/Controllers/Notification.php | 2 + application/Espo/Controllers/Pdf.php | 8 +- application/Espo/Controllers/Portal.php | 1 + application/Espo/Controllers/Preferences.php | 29 +++++-- application/Espo/Controllers/Settings.php | 2 + application/Espo/Controllers/Stream.php | 7 +- .../Espo/Controllers/TemplateManager.php | 24 +++++- application/Espo/Controllers/User.php | 37 +++++++-- application/Espo/Controllers/UserSecurity.php | 28 +++++-- application/Espo/Controllers/Webhook.php | 6 +- .../Modules/Crm/Controllers/Activities.php | 63 ++++++++++++---- .../Espo/Modules/Crm/Controllers/Campaign.php | 1 + .../Espo/Modules/Crm/Controllers/CaseObj.php | 9 ++- .../Crm/Controllers/KnowledgeBaseArticle.php | 8 ++ .../Espo/Modules/Crm/Controllers/Lead.php | 2 + .../Modules/Crm/Controllers/Opportunity.php | 16 +++- .../Espo/Modules/Crm/Controllers/Target.php | 2 + .../Modules/Crm/Controllers/TargetList.php | 6 ++ 32 files changed, 359 insertions(+), 89 deletions(-) diff --git a/application/Espo/Controllers/App.php b/application/Espo/Controllers/App.php index 77eecf676a..b77dd77185 100644 --- a/application/Espo/Controllers/App.php +++ b/application/Espo/Controllers/App.php @@ -55,7 +55,9 @@ class App implements if (empty($data->token)) { throw new BadRequest(); } + $auth = $this->injectableFactory->create(Authentication::class); + return $auth->destroyAuthToken($data->token, $request); } } diff --git a/application/Espo/Controllers/DashboardTemplate.php b/application/Espo/Controllers/DashboardTemplate.php index 40ee6900cd..49dcbdfa98 100644 --- a/application/Espo/Controllers/DashboardTemplate.php +++ b/application/Espo/Controllers/DashboardTemplate.php @@ -43,8 +43,13 @@ class DashboardTemplate extends \Espo\Core\Controllers\Record public function postActionDeployToUsers($params, $data) { - if (empty($data->id)) throw new BadRequest(); - if (empty($data->userIdList)) throw new BadRequest(); + if (empty($data->id)) { + throw new BadRequest(); + } + + if (empty($data->userIdList)) { + throw new BadRequest(); + } return $this->getServiceFactory()->create('DashboardTemplate')->deployToUsers( $data->id, @@ -55,8 +60,13 @@ class DashboardTemplate extends \Espo\Core\Controllers\Record public function postActionDeployToTeam($params, $data) { - if (empty($data->id)) throw new BadRequest(); - if (empty($data->teamId)) throw new BadRequest(); + if (empty($data->id)) { + throw new BadRequest(); + } + + if (empty($data->teamId)) { + throw new BadRequest(); + } return $this->getServiceFactory()->create('DashboardTemplate')->deployToTeam( $data->id, diff --git a/application/Espo/Controllers/Email.php b/application/Espo/Controllers/Email.php index 086ebf9b88..a4e61695d4 100644 --- a/application/Espo/Controllers/Email.php +++ b/application/Espo/Controllers/Email.php @@ -56,7 +56,9 @@ class Email extends \Espo\Core\Controllers\Record if (!$this->getUser()->isAdmin() && $data->id !== $this->getUser()->id) { throw new Forbidden(); } + $preferences = $this->getEntityManager()->getEntity('Preferences', $data->id); + if (!$preferences) { throw new NotFound(); } @@ -64,15 +66,19 @@ class Email extends \Espo\Core\Controllers\Record if (is_null($data->password)) { $data->password = $this->getContainer()->get('crypt')->decrypt($preferences->get('smtpPassword')); } - } else if ($data->type == 'emailAccount') { + } + else if ($data->type == 'emailAccount') { if (!$this->getAcl()->checkScope('EmailAccount')) { throw new Forbidden(); } + if (!empty($data->id)) { $emailAccount = $this->getEntityManager()->getEntity('EmailAccount', $data->id); + if (!$emailAccount) { throw new NotFound(); } + if (!$this->getUser()->isAdmin()) { if ($emailAccount->get('assignedUserId') !== $this->getUser()->id) { throw new Forbidden(); @@ -82,23 +88,31 @@ class Email extends \Espo\Core\Controllers\Record $data->password = $this->getContainer()->get('crypt')->decrypt($emailAccount->get('smtpPassword')); } } - } else if ($data->type == 'inboundEmail') { + } + else if ($data->type == 'inboundEmail') { if (!$this->getUser()->isAdmin()) { throw new Forbidden(); } + if (!empty($data->id)) { $emailAccount = $this->getEntityManager()->getEntity('InboundEmail', $data->id); + if (!$emailAccount) { throw new NotFound(); } + if (is_null($data->password)) { - $data->password = $this->getContainer()->get('crypt')->decrypt($emailAccount->get('smtpPassword')); + $data->password = $this->getContainer() + ->get('crypt') + ->decrypt($emailAccount->get('smtpPassword')); } } - } else { + } + else { if (!$this->getUser()->isAdmin()) { throw new Forbidden(); } + if (is_null($data->password)) { $data->password = $this->getConfig()->get('smtpPassword'); } @@ -112,13 +126,16 @@ class Email extends \Espo\Core\Controllers\Record { if (!empty($data->ids)) { $idList = $data->ids; - } else { + } + else { if (!empty($data->id)) { $idList = [$data->id]; - } else { + } + else { throw new BadRequest(); } } + return $this->getRecordService()->markAsReadByIdList($idList); } @@ -126,13 +143,16 @@ class Email extends \Espo\Core\Controllers\Record { if (!empty($data->ids)) { $idList = $data->ids; - } else { + } + else { if (!empty($data->id)) { $idList = [$data->id]; - } else { + } + else { throw new BadRequest(); } } + return $this->getRecordService()->markAsNotReadByIdList($idList); } @@ -145,13 +165,16 @@ class Email extends \Espo\Core\Controllers\Record { if (!empty($data->ids)) { $idList = $data->ids; - } else { + } + else { if (!empty($data->id)) { $idList = [$data->id]; - } else { + } + else { throw new BadRequest(); } } + return $this->getRecordService()->markAsImportantByIdList($idList); } @@ -159,13 +182,16 @@ class Email extends \Espo\Core\Controllers\Record { if (!empty($data->ids)) { $idList = $data->ids; - } else { + } + else { if (!empty($data->id)) { $idList = [$data->id]; - } else { + } + else { throw new BadRequest(); } } + return $this->getRecordService()->markAsNotImportantByIdList($idList); } @@ -173,13 +199,16 @@ class Email extends \Espo\Core\Controllers\Record { if (!empty($data->ids)) { $idList = $data->ids; - } else { + } + else { if (!empty($data->id)) { $idList = [$data->id]; - } else { + } + else { throw new BadRequest(); } } + return $this->getRecordService()->moveToTrashByIdList($idList); } @@ -187,13 +216,16 @@ class Email extends \Espo\Core\Controllers\Record { if (!empty($data->ids)) { $idList = $data->ids; - } else { + } + else { if (!empty($data->id)) { $idList = [$data->id]; - } else { + } + else { throw new BadRequest(); } } + return $this->getRecordService()->retrieveFromTrashByIdList($idList); } @@ -226,10 +258,12 @@ class Email extends \Espo\Core\Controllers\Record { if (!empty($data->ids)) { $idList = $data->ids; - } else { + } + else { if (!empty($data->id)) { $idList = [$data->id]; - } else { + } + else { throw new BadRequest(); } } @@ -237,12 +271,15 @@ class Email extends \Espo\Core\Controllers\Record if (empty($data->folderId)) { throw new BadRequest(); } + return $this->getRecordService()->moveToFolderByIdList($idList, $data->folderId); } public function getActionGetInsertFieldData($params, $data, $request) { - if (!$this->getAcl()->checkScope('Email', 'create')) throw new Forbidden(); + if (!$this->getAcl()->checkScope('Email', 'create')) { + throw new Forbidden(); + } return $this->getServiceFactory()->create('EmailTemplate')->getInsertFieldData([ 'parentId' => $request->get('parentId'), diff --git a/application/Espo/Controllers/EmailAddress.php b/application/Espo/Controllers/EmailAddress.php index aec8ba938d..27191f9617 100644 --- a/application/Espo/Controllers/EmailAddress.php +++ b/application/Espo/Controllers/EmailAddress.php @@ -38,11 +38,15 @@ class EmailAddress extends \Espo\Core\Controllers\Record if (!$this->getAcl()->checkScope('Email')) { throw new Forbidden(); } + if (!$this->getAcl()->checkScope('Email', 'create')) { throw new Forbidden(); } + $q = $request->get('q'); + $maxSize = intval($request->get('maxSize')); + if (empty($maxSize) || $maxSize > 50) { $maxSize = $this->getConfig()->get('recordsPerPage', 20); } diff --git a/application/Espo/Controllers/EmailTemplate.php b/application/Espo/Controllers/EmailTemplate.php index f2889a108a..66247682c0 100644 --- a/application/Espo/Controllers/EmailTemplate.php +++ b/application/Espo/Controllers/EmailTemplate.php @@ -37,16 +37,17 @@ class EmailTemplate extends \Espo\Core\Controllers\Record { $id = $request->get('id'); $emailAddress = $request->get('emailAddress'); + if (empty($id)) { throw new Error(); } - return $this->getRecordService()->parse($id, array( + return $this->getRecordService()->parse($id, [ 'emailAddress' => $request->get('emailAddress'), 'parentType' => $request->get('parentType'), 'parentId' => $request->get('parentId'), 'relatedType' => $request->get('relatedType'), 'relatedId' => $request->get('relatedId') - ), true); + ], true); } } diff --git a/application/Espo/Controllers/EntityManager.php b/application/Espo/Controllers/EntityManager.php index 4db088f53d..b02a993cbc 100644 --- a/application/Espo/Controllers/EntityManager.php +++ b/application/Espo/Controllers/EntityManager.php @@ -47,9 +47,13 @@ use Espo\Core\{ class EntityManager { protected $user; + protected $dataManager; + protected $config; + protected $entityManagerTool; + protected $configWriter; public function __construct( @@ -397,7 +401,7 @@ class EntityManager } $this->entityManagerTool->resetToDefaults($data->scope); - + $this->dataManager->clearCache(); return true; diff --git a/application/Espo/Controllers/Extension.php b/application/Espo/Controllers/Extension.php index a9107937c5..9a7dcea1cf 100644 --- a/application/Espo/Controllers/Extension.php +++ b/application/Espo/Controllers/Extension.php @@ -31,6 +31,8 @@ namespace Espo\Controllers; use Espo\Core\Exceptions\Forbidden; +use Espo\Core\ExtensionManager; + class Extension extends \Espo\Core\Controllers\Record { protected function checkControllerAccess() @@ -46,7 +48,7 @@ class Extension extends \Espo\Core\Controllers\Record throw new Forbidden(); } - $manager = new \Espo\Core\ExtensionManager($this->getContainer()); + $manager = new ExtensionManager($this->getContainer()); $id = $manager->upload($data); $manifest = $manager->getManifest(); @@ -64,13 +66,14 @@ class Extension extends \Espo\Core\Controllers\Record if (!$request->isPost()) { throw new Forbidden(); } + if ($this->getConfig()->get('restrictedMode')) { if (!$this->getUser()->isSuperAdmin()) { throw new Forbidden(); } } - $manager = new \Espo\Core\ExtensionManager($this->getContainer()); + $manager = new ExtensionManager($this->getContainer()); $manager->install(get_object_vars($data)); @@ -82,14 +85,17 @@ class Extension extends \Espo\Core\Controllers\Record if (!$request->isPost()) { throw new Forbidden(); } + if ($this->getConfig()->get('restrictedMode')) { if (!$this->getUser()->isSuperAdmin()) { throw new Forbidden(); } } - $manager = new \Espo\Core\ExtensionManager($this->getContainer()); + $manager = new ExtensionManager($this->getContainer()); + $manager->uninstall(get_object_vars($data)); + return true; } @@ -99,13 +105,17 @@ class Extension extends \Espo\Core\Controllers\Record if (!$request->isDelete()) { throw BadRequest(); } + if ($this->getConfig()->get('restrictedMode')) { if (!$this->getUser()->isSuperAdmin()) { throw new Forbidden(); } } - $manager = new \Espo\Core\ExtensionManager($this->getContainer()); + + $manager = new ExtensionManager($this->getContainer()); + $manager->delete($params); + return true; } diff --git a/application/Espo/Controllers/ExternalAccount.php b/application/Espo/Controllers/ExternalAccount.php index 830937e2fa..6af22659f0 100644 --- a/application/Espo/Controllers/ExternalAccount.php +++ b/application/Espo/Controllers/ExternalAccount.php @@ -49,8 +49,12 @@ class ExternalAccount extends \Espo\Core\Controllers\Record $integrations = $this->getEntityManager()->getRepository('Integration')->find(); $list = []; + foreach ($integrations as $entity) { - if ($entity->get('enabled') && $this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts')) { + if ( + $entity->get('enabled') && + $this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts') + ) { $userAccountAclScope = $this->getMetadata()->get(['integrations', $entity->id, 'userAccountAclScope']); @@ -61,10 +65,11 @@ class ExternalAccount extends \Espo\Core\Controllers\Record } $list[] = [ - 'id' => $entity->id + 'id' => $entity->id, ]; } } + return [ 'list' => $list ]; @@ -73,6 +78,7 @@ class ExternalAccount extends \Espo\Core\Controllers\Record public function actionGetOAuth2Info($params, $data, $request) { $id = $request->get('id'); + list($integration, $userId) = explode('__', $id); if ($this->getUser()->id != $userId && !$this->getUser()->isAdmin()) { @@ -80,12 +86,13 @@ class ExternalAccount extends \Espo\Core\Controllers\Record } $entity = $this->getEntityManager()->getEntity('Integration', $integration); + if ($entity) { - return array( + return [ 'clientId' => $entity->get('clientId'), 'redirectUri' => $this->getConfig()->get('siteUrl') . '?entryPoint=oauthCallback', 'isConnected' => $this->getRecordService()->ping($integration, $userId) - ); + ]; } } @@ -118,7 +125,9 @@ class ExternalAccount extends \Espo\Core\Controllers\Record } $entity = $this->getEntityManager()->getEntity('ExternalAccount', $params['id']); + $entity->set($data); + $this->getEntityManager()->saveEntity($entity); return $entity->toArray(); @@ -140,6 +149,7 @@ class ExternalAccount extends \Espo\Core\Controllers\Record } $service = $this->getRecordService(); + return $service->authorizationCode($integration, $userId, $code); } } diff --git a/application/Espo/Controllers/Import.php b/application/Espo/Controllers/Import.php index 794fbee692..58ac6139bf 100644 --- a/application/Espo/Controllers/Import.php +++ b/application/Espo/Controllers/Import.php @@ -92,9 +92,11 @@ class Import extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + if (!$request->isPost()) { throw new BadRequest(); } + $this->getService('Import')->revert($data->id); return true; @@ -105,9 +107,11 @@ class Import extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + if (!$request->isPost()) { throw new BadRequest(); } + $this->getService('Import')->removeDuplicates($data->id); return true; diff --git a/application/Espo/Controllers/InboundEmail.php b/application/Espo/Controllers/InboundEmail.php index d3ce6901ac..b56d05df8a 100644 --- a/application/Espo/Controllers/InboundEmail.php +++ b/application/Espo/Controllers/InboundEmail.php @@ -56,9 +56,11 @@ class InboundEmail extends \Espo\Core\Controllers\Record { if (is_null($data->password)) { $inboundEmail = $this->getEntityManager()->getEntity('InboundEmail', $data->id); + if (!$inboundEmail || !$inboundEmail->id) { throw new Error(); } + $data->password = $this->getContainer()->get('crypt')->decrypt($inboundEmail->get('password')); } diff --git a/application/Espo/Controllers/LabelManager.php b/application/Espo/Controllers/LabelManager.php index a3f67d2f7b..89f1bdd6be 100644 --- a/application/Espo/Controllers/LabelManager.php +++ b/application/Espo/Controllers/LabelManager.php @@ -44,7 +44,9 @@ use Espo\{ class LabelManager { protected $user; + protected $dataManager; + protected $labelManagerTool; public function __construct(User $user, DataManager $dataManager, LabelManagerTool $labelManagerTool) diff --git a/application/Espo/Controllers/LastViewed.php b/application/Espo/Controllers/LastViewed.php index 98bc3026b0..7102c7ab05 100644 --- a/application/Espo/Controllers/LastViewed.php +++ b/application/Espo/Controllers/LastViewed.php @@ -31,6 +31,8 @@ namespace Espo\Controllers; use Espo\Core\Exceptions\Forbidden; +use Espo\Core\Controllers\Record; + class LastViewed extends \Espo\Core\Controllers\Base { public function getActionIndex($params, $data, $request) @@ -40,10 +42,12 @@ class LastViewed extends \Espo\Core\Controllers\Base $params['offset'] = $request->get('offset', 0); $params['maxSize'] = $request->get('maxSize'); - $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', \Espo\Core\Controllers\Record::MAX_SIZE_LIMIT); + $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', Record::MAX_SIZE_LIMIT); + if (empty($params['maxSize'])) { $params['maxSize'] = $maxSizeLimit; } + if (!empty($params['maxSize']) && $params['maxSize'] > $maxSizeLimit) { throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit."); } @@ -52,7 +56,7 @@ class LastViewed extends \Espo\Core\Controllers\Base return (object) [ 'total' => $result->total, - 'list' => $result->collection->getValueMapList() + 'list' => $result->collection->getValueMapList(), ]; } } diff --git a/application/Espo/Controllers/Layout.php b/application/Espo/Controllers/Layout.php index 342d65b2d7..661b327f4d 100644 --- a/application/Espo/Controllers/Layout.php +++ b/application/Espo/Controllers/Layout.php @@ -49,9 +49,13 @@ class Layout extends \Espo\Core\Controllers\Base { $data = json_decode($request->getBodyContents()); - if (is_object($data)) $data = get_object_vars($data); + if (is_object($data)) { + $data = get_object_vars($data); + } - if (!$this->getUser()->isAdmin()) throw new Forbidden(); + if (!$this->getUser()->isAdmin()) { + throw new Forbidden(); + } $scope = $params['scope'] ?? null; $name = $params['name'] ?? null; @@ -62,19 +66,29 @@ class Layout extends \Espo\Core\Controllers\Base public function postActionResetToDefault($params, $data, $request) { - if (!$this->getUser()->isAdmin()) throw new Forbidden(); + if (!$this->getUser()->isAdmin()) { + throw new Forbidden(); + } - if (empty($data->scope) || empty($data->name)) throw new BadRequest(); + if (empty($data->scope) || empty($data->name)) { + throw new BadRequest(); + } - return $this->getServiceFactory()->create('Layout')->resetToDefault($data->scope, $data->name, $data->setId ?? null); + return $this->getServiceFactory() + ->create('Layout') + ->resetToDefault($data->scope, $data->name, $data->setId ?? null); } public function getActionGetOriginal($params, $data, $request) { - if (!$this->getUser()->isAdmin()) throw new Forbidden(); + if (!$this->getUser()->isAdmin()) { + throw new Forbidden(); + } - return $this->getServiceFactory()->create('Layout')->getOriginal( - $request->get('scope'), $request->get('name'), $request->get('setId') - ); + return $this->getServiceFactory() + ->create('Layout') + ->getOriginal( + $request->get('scope'), $request->get('name'), $request->get('setId') + ); } } diff --git a/application/Espo/Controllers/Metadata.php b/application/Espo/Controllers/Metadata.php index 68a7709ef3..c9e59851ad 100644 --- a/application/Espo/Controllers/Metadata.php +++ b/application/Espo/Controllers/Metadata.php @@ -41,8 +41,9 @@ class Metadata extends \Espo\Core\Controllers\Base public function getActionGet($params, $data, $request) { if (!$this->getUser()->isAdmin()) { - throw new \Forbidden(); + throw new Forbidden(); } + $key = $request->get('key'); return $this->getMetadata()->get($key, false); diff --git a/application/Espo/Controllers/Notification.php b/application/Espo/Controllers/Notification.php index 11fbdd4197..ece5aff3cc 100644 --- a/application/Espo/Controllers/Notification.php +++ b/application/Espo/Controllers/Notification.php @@ -64,12 +64,14 @@ class Notification extends \Espo\Core\Controllers\Record public function actionNotReadCount() { $userId = $this->getUser()->id; + return $this->getService('Notification')->getNotReadCount($userId); } public function postActionMarkAllRead($params, $data, $request) { $userId = $this->getUser()->id; + return $this->getService('Notification')->markAllRead($userId); } diff --git a/application/Espo/Controllers/Pdf.php b/application/Espo/Controllers/Pdf.php index 19f5fe5073..6e8f8a5847 100644 --- a/application/Espo/Controllers/Pdf.php +++ b/application/Espo/Controllers/Pdf.php @@ -40,21 +40,27 @@ class Pdf extends \Espo\Core\Controllers\Base if (empty($data->idList) || !is_array($data->idList)) { throw new BadRequest(); } + if (empty($data->entityType)) { throw new BadRequest(); } + if (empty($data->templateId)) { throw new BadRequest(); } + if (!$this->getAcl()->checkScope('Template')) { throw new Forbidden(); } + if (!$this->getAcl()->checkScope($data->entityType)) { throw new Forbidden(); } return [ - 'id' => $this->getServiceFactory()->create('Pdf')->massGenerate($data->entityType, $data->idList, $data->templateId, true) + 'id' => $this->getServiceFactory() + ->create('Pdf') + ->massGenerate($data->entityType, $data->idList, $data->templateId, true) ]; } } diff --git a/application/Espo/Controllers/Portal.php b/application/Espo/Controllers/Portal.php index 813fbd8646..95992099ad 100644 --- a/application/Espo/Controllers/Portal.php +++ b/application/Espo/Controllers/Portal.php @@ -36,6 +36,7 @@ class Portal extends \Espo\Core\Controllers\Record protected function checkControllerAccess() { $portalPermission = $this->getAcl()->get('portalPermission'); + if (!$portalPermission || $portalPermission === 'no') { throw new Forbidden(); } diff --git a/application/Espo/Controllers/Preferences.php b/application/Espo/Controllers/Preferences.php index c5a5281b65..c0003a773d 100644 --- a/application/Espo/Controllers/Preferences.php +++ b/application/Espo/Controllers/Preferences.php @@ -63,12 +63,15 @@ class Preferences extends \Espo\Core\Controllers\Base public function actionDelete($params, $data, $request) { $userId = $params['id']; + if (empty($userId)) { throw new BadRequest(); } + if (!$request->isDelete()) { throw new BadRequest(); } + $this->handleUserAccess($userId); return $this->getEntityManager()->getRepository('Preferences')->resetToDefaults($userId); @@ -82,6 +85,7 @@ class Preferences extends \Espo\Core\Controllers\Base public function actionUpdate($params, $data, $request) { $userId = $params['id']; + $this->handleUserAccess($userId); if (!$request->isPost() && !$request->isPatch() && !$request->isPut()) { @@ -106,6 +110,7 @@ class Preferences extends \Espo\Core\Controllers\Base if ($entity && $user) { $entity->set($data); + $this->getEntityManager()->saveEntity($entity); $entity->set('smtpEmailAddress', $user->get('emailAddress')); @@ -115,12 +120,14 @@ class Preferences extends \Espo\Core\Controllers\Base return $entity->getValueMap(); } + throw new Error(); } public function actionRead($params) { $userId = $params['id']; + $this->handleUserAccess($userId); $entity = $this->getEntityManager()->getEntity('Preferences', $userId); @@ -145,7 +152,9 @@ class Preferences extends \Espo\Core\Controllers\Base public function postActionResetDashboard($params, $data) { - if (empty($data->id)) throw new BadRequest(); + if (empty($data->id)) { + throw new BadRequest(); + } $userId = $data->id; @@ -153,10 +162,18 @@ class Preferences extends \Espo\Core\Controllers\Base $user = $this->getEntityManager()->getEntity('User', $userId); $preferences = $this->getEntityManager()->getEntity('Preferences', $userId); - if (!$user) throw new NotFound(); - if (!$preferences) throw new NotFound(); - if ($user->isPortal()) throw new Forbidden(); + if (!$user) { + throw new NotFound(); + } + + if (!$preferences) { + throw new NotFound(); + } + + if ($user->isPortal()) { + throw new Forbidden(); + } if ($this->getAcl()->getLevel('Preferences', 'edit') === 'no') { throw new Forbidden(); @@ -173,14 +190,14 @@ class Preferences extends \Espo\Core\Controllers\Base $preferences->set([ 'dashboardLayout' => $dashboardLayout, - 'dashletsOptions' => $dashletsOptions + 'dashletsOptions' => $dashletsOptions, ]); $this->getEntityManager()->saveEntity($preferences); return (object) [ 'dashboardLayout' => $preferences->get('dashboardLayout'), - 'dashletsOptions' => $preferences->get('dashletsOptions') + 'dashletsOptions' => $preferences->get('dashletsOptions'), ]; } } diff --git a/application/Espo/Controllers/Settings.php b/application/Espo/Controllers/Settings.php index d1b350b931..ace62b9b2f 100644 --- a/application/Espo/Controllers/Settings.php +++ b/application/Espo/Controllers/Settings.php @@ -46,7 +46,9 @@ class Settings extends \Espo\Core\Controllers\Base $data->jsLibs = $this->getMetadata()->get(['app', 'jsLibs']); unset($data->loginView); + $loginView = $this->getMetadata()->get(['clientDefs', 'App', 'loginView']); + if ($loginView) { $data->loginView = $loginView; } diff --git a/application/Espo/Controllers/Stream.php b/application/Espo/Controllers/Stream.php index ffa3b1f7ef..e33a35af96 100644 --- a/application/Espo/Controllers/Stream.php +++ b/application/Espo/Controllers/Stream.php @@ -41,6 +41,7 @@ class Stream public static $defaultAction = 'list'; protected $serviceFactory; + protected $config; public function __construct(ServiceFactory $serviceFactory, Config $config) @@ -56,14 +57,17 @@ class Stream $offset = intval($request->get('offset')); $maxSize = intval($request->get('maxSize')); + $after = $request->get('after'); $filter = $request->get('filter'); $skipOwn = $request->get('skipOwn') === 'true'; $maxSizeLimit = $this->config->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT); + if (empty($maxSize)) { $maxSize = $maxSizeLimit; } + if (!empty($maxSize) && $maxSize > $maxSizeLimit) { throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit."); } @@ -94,6 +98,7 @@ class Stream $where = $request->get('where'); $maxSizeLimit = $this->config->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT); + if (empty($maxSize)) { $maxSize = $maxSizeLimit; } @@ -111,7 +116,7 @@ class Stream return (object) [ 'total' => $result->total, - 'list' => $result->collection->getValueMapList() + 'list' => $result->collection->getValueMapList(), ]; } } diff --git a/application/Espo/Controllers/TemplateManager.php b/application/Espo/Controllers/TemplateManager.php index 1bd5ac4279..89941f0f0b 100644 --- a/application/Espo/Controllers/TemplateManager.php +++ b/application/Espo/Controllers/TemplateManager.php @@ -39,11 +39,16 @@ use Espo\Core\ApplicationState; class TemplateManager { protected $metadata; + protected $templateFileManager; + protected $applicationState; - public function __construct(Metadata $metadata, TemplateFileManager $templateFileManager, ApplicationState $applicationState) - { + public function __construct( + Metadata $metadata, + TemplateFileManager $templateFileManager, + ApplicationState $applicationState + ) { $this->metadata = $metadata; $this->templateFileManager = $templateFileManager; $this->applicationState = $applicationState; @@ -56,15 +61,21 @@ class TemplateManager public function getActionGetTemplate($params, $data, $request) { $name = $request->get('name'); - if (empty($name)) throw new BadRequest(); + + if (empty($name)) { + throw new BadRequest(); + } + $scope = $request->get('scope'); $module = null; + $module = $this->metadata->get(['app', 'templates', $name, 'module']); $hasSubject = !$this->metadata->get(['app', 'templates', $name, 'noSubject']); $templateFileManager = $this->templateFileManager; $returnData = (object) []; + $returnData->body = $templateFileManager->getTemplate($name, 'body', $scope, $module); if ($hasSubject) { @@ -77,9 +88,11 @@ class TemplateManager public function postActionSaveTemplate($params, $data) { $scope = null; + if (empty($data->name)) { throw new BadRequest(); } + if (!empty($data->scope)) { $scope = $data->scope; } @@ -100,15 +113,19 @@ class TemplateManager public function postActionResetTemplate($params, $data) { $scope = null; + if (empty($data->name)) { throw new BadRequest(); } + if (!empty($data->scope)) { $scope = $data->scope; } $module = null; + $module = $this->metadata->get(['app', 'templates', $data->name, 'module']); + $hasSubject = !$this->metadata->get(['app', 'templates', $data->name, 'noSubject']); $templateFileManager = $this->templateFileManager; @@ -120,6 +137,7 @@ class TemplateManager $templateFileManager->resetTemplate($data->name, 'body', $scope); $returnData = (object) []; + $returnData->body = $templateFileManager->getTemplate($data->name, 'body', $scope, $module); if ($hasSubject) { diff --git a/application/Espo/Controllers/User.php b/application/Espo/Controllers/User.php index 72bc1b7242..bd7e7ccee6 100644 --- a/application/Espo/Controllers/User.php +++ b/application/Espo/Controllers/User.php @@ -39,6 +39,7 @@ class User extends \Espo\Core\Controllers\Record public function actionAcl($params, $data, $request) { $userId = $request->get('id'); + if (empty($userId)) { throw new Error(); } @@ -48,6 +49,7 @@ class User extends \Espo\Core\Controllers\Record } $user = $this->getEntityManager()->getEntity('User', $userId); + if (empty($user)) { throw new NotFound(); } @@ -60,7 +62,9 @@ class User extends \Espo\Core\Controllers\Record if (!property_exists($data, 'password') || !property_exists($data, 'currentPassword')) { throw new BadRequest(); } - return $this->getService('User')->changePassword($this->getUser()->id, $data->password, true, $data->currentPassword); + + return $this->getService('User') + ->changePassword($this->getUser()->id, $data->password, true, $data->currentPassword); } public function postActionChangePasswordByRequest($params, $data, $request) @@ -80,7 +84,9 @@ class User extends \Espo\Core\Controllers\Record $userName = $data->userName; $emailAddress = $data->emailAddress; + $url = null; + if (!empty($data->url)) { $url = $data->url; } @@ -90,27 +96,44 @@ class User extends \Espo\Core\Controllers\Record public function postActionGenerateNewApiKey($params, $data, $request) { - if (empty($data->id)) throw new BadRequest(); - if (!$this->getUser()->isAdmin()) throw new Forbidden(); + if (empty($data->id)) { + throw new BadRequest(); + } + + if (!$this->getUser()->isAdmin()) { + throw new Forbidden(); + } + return $this->getRecordService()->generateNewApiKeyForEntity($data->id)->getValueMap(); } public function postActionGenerateNewPassword($params, $data, $request) { - if (empty($data->id)) throw new BadRequest(); - if (!$this->getUser()->isAdmin()) throw new Forbidden(); + if (empty($data->id)) { + throw new BadRequest(); + } + + if (!$this->getUser()->isAdmin()) { + throw new Forbidden(); + } + $this->getRecordService()->generateNewPasswordForUser($data->id); + return true; } public function beforeCreateLink() { - if (!$this->getUser()->isAdmin()) throw new Forbidden(); + if (!$this->getUser()->isAdmin()) { + throw new Forbidden(); + } } public function beforeRemoveLink($params, $data, $request) { - if (!$this->getUser()->isAdmin()) throw new Forbidden(); + if (!$this->getUser()->isAdmin()) { + throw new Forbidden(); + } } protected function fetchListParamsFromRequest(&$params, $request, $data) diff --git a/application/Espo/Controllers/UserSecurity.php b/application/Espo/Controllers/UserSecurity.php index f4779d2197..9f3ed77b92 100644 --- a/application/Espo/Controllers/UserSecurity.php +++ b/application/Espo/Controllers/UserSecurity.php @@ -45,8 +45,13 @@ class UserSecurity extends \Espo\Core\Controllers\Base { $id = $params['id'] ?? null; - if (!$id) throw new BadRequest(); - if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden(); + if (!$id) { + throw new BadRequest(); + } + + if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) { + throw new Forbidden(); + } return $this->getService('UserSecurity')->read($id); } @@ -54,10 +59,16 @@ class UserSecurity extends \Espo\Core\Controllers\Base public function postActionGenerate2FAData($params, $data) { $data = $data ?? (object) []; + $id = $data->id; - if (!$id) throw new BadRequest(); - if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden(); + if (!$id) { + throw new BadRequest(); + } + + if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) { + throw new Forbidden(); + } return $this->getService('UserSecurity')->generate2FAData($id, $data); } @@ -67,8 +78,13 @@ class UserSecurity extends \Espo\Core\Controllers\Base $id = $params['id'] ?? null; $data = $data ?? (object) []; - if (!$id) throw new BadRequest(); - if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden(); + if (!$id) { + throw new BadRequest(); + } + + if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) { + throw new Forbidden(); + } return $this->getService('UserSecurity')->update($id, $data); } diff --git a/application/Espo/Controllers/Webhook.php b/application/Espo/Controllers/Webhook.php index 7c4cd6f1da..0d303e085b 100644 --- a/application/Espo/Controllers/Webhook.php +++ b/application/Espo/Controllers/Webhook.php @@ -43,7 +43,11 @@ class Webhook extends \Espo\Core\Controllers\Record public function actionCreate($params, $data, $request, $response = null) { $result = parent::actionCreate($params, $data, $request, $response); - if ($response) $response->setStatus(201); + + if ($response) { + $response->setStatus(201); + } + return $result; } } diff --git a/application/Espo/Modules/Crm/Controllers/Activities.php b/application/Espo/Modules/Crm/Controllers/Activities.php index abf26a92d6..37d24a5c87 100644 --- a/application/Espo/Modules/Crm/Controllers/Activities.php +++ b/application/Espo/Modules/Crm/Controllers/Activities.php @@ -60,6 +60,7 @@ class Activities extends \Espo\Core\Controllers\Base $service = $this->getService('Activities'); $scopeList = null; + if ($request->get('scopeList') !== null) { $scopeList = explode(',', $request->get('scopeList')); } @@ -70,13 +71,16 @@ class Activities extends \Espo\Core\Controllers\Base if ($teamIdList) { $teamIdList = explode(',', $teamIdList); + return $userResultList = $service->getTeamsEventList($teamIdList, $from, $to, $scopeList); } if ($userIdList) { $userIdList = explode(',', $userIdList); + return $service->getUsersEventList($userIdList, $from, $to, $scopeList); - } else { + } + else { if (!$userId) { $userId = $this->getUser()->id; } @@ -105,6 +109,7 @@ class Activities extends \Espo\Core\Controllers\Base $service = $this->getService('Activities'); $scopeList = null; + if ($request->get('scopeList') !== null) { $scopeList = explode(',', $request->get('scopeList')); } @@ -114,9 +119,11 @@ class Activities extends \Espo\Core\Controllers\Base if ($userIdList) { $userIdList = explode(',', $userIdList); - } else { + } + else { $userIdList = []; } + if ($userId) { $userIdList[] = $userId; } @@ -129,6 +136,7 @@ class Activities extends \Espo\Core\Controllers\Base $service = $this->getService('Activities'); $userId = $request->get('userId'); + if (!$userId) { $userId = $this->getUser()->id; } @@ -141,17 +149,24 @@ class Activities extends \Espo\Core\Controllers\Base $futureDays = intval($request->get('futureDays')); $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT); + if (empty($maxSize)) { $maxSize = $maxSizeLimit; } + if (!empty($maxSize) && $maxSize > $maxSizeLimit) { throw new Forbidden("Max should should not exceed " . $maxSizeLimit . ". Use offset and limit."); } - return $service->getUpcomingActivities($userId, array( - 'offset' => $offset, - 'maxSize' => $maxSize - ), $entityTypeList, $futureDays); + return $service->getUpcomingActivities( + $userId, + [ + 'offset' => $offset, + 'maxSize' => $maxSize + ], + $entityTypeList, + $futureDays + ); } public function actionPopupNotifications() @@ -170,6 +185,7 @@ class Activities extends \Espo\Core\Controllers\Base if (empty($data->id)) { throw new BadRequest(); } + $id = $data->id; return $this->getService('Activities')->removeReminder($id); @@ -190,6 +206,7 @@ class Activities extends \Espo\Core\Controllers\Base if (empty($params['scope'])) { throw new BadRequest(); } + if (empty($params['id'])) { throw new BadRequest(); } @@ -204,14 +221,17 @@ class Activities extends \Espo\Core\Controllers\Base $where = $request->get('where'); $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT); + if (empty($maxSize)) { $maxSize = $maxSizeLimit; } + if (!empty($maxSize) && $maxSize > $maxSizeLimit) { throw new Forbidden("Max should should not exceed " . $maxSizeLimit . ". Use offset and limit."); } $scope = null; + if (is_array($where) && !empty($where[0]) && $where[0] !== 'false') { $scope = $where[0]; } @@ -231,10 +251,21 @@ class Activities extends \Espo\Core\Controllers\Base public function getActionEntityTypeList($params, $data, $request) { - if (empty($params['scope'])) throw new BadRequest(); - if (empty($params['id'])) throw new BadRequest(); - if (empty($params['name'])) throw new BadRequest(); - if (empty($params['entityType'])) throw new BadRequest(); + if (empty($params['scope'])) { + throw new BadRequest(); + } + + if (empty($params['id'])) { + throw new BadRequest(); + } + + if (empty($params['name'])) { + throw new BadRequest(); + } + + if (empty($params['entityType'])) { + throw new BadRequest(); + } $scope = $params['scope']; $id = $params['id']; @@ -243,9 +274,11 @@ class Activities extends \Espo\Core\Controllers\Base if ($name === 'activities') { $isHistory = false; - } else if ($name === 'history') { + } + else if ($name === 'history') { $isHistory = true; - } else { + } + else { throw new BadRequest(); } @@ -254,9 +287,11 @@ class Activities extends \Espo\Core\Controllers\Base ControllerUtil::fetchListParamsFromRequest($params, $request, $data); $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', 200); + if (empty($params['maxSize'])) { $params['maxSize'] = $maxSizeLimit; } + if (!empty($params['maxSize']) && $params['maxSize'] > $maxSizeLimit) { throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit."); } @@ -277,7 +312,9 @@ class Activities extends \Espo\Core\Controllers\Base $to = $request->get('to'); $userIdList = $request->get('userIdList'); - if (!$from || !$to || !$userIdList) throw new BadRequest(); + if (!$from || !$to || !$userIdList) { + throw new BadRequest(); + } $userIdList = explode(',', $userIdList); diff --git a/application/Espo/Modules/Crm/Controllers/Campaign.php b/application/Espo/Modules/Crm/Controllers/Campaign.php index 78671106b4..f165a3b851 100644 --- a/application/Espo/Modules/Crm/Controllers/Campaign.php +++ b/application/Espo/Modules/Crm/Controllers/Campaign.php @@ -39,6 +39,7 @@ class Campaign extends \Espo\Core\Controllers\Record if (empty($data->campaignId)) { throw new BadRequest(); } + if (empty($data->link)) { throw new BadRequest(); } diff --git a/application/Espo/Modules/Crm/Controllers/CaseObj.php b/application/Espo/Modules/Crm/Controllers/CaseObj.php index e4659bf096..8842e7cdb2 100644 --- a/application/Espo/Modules/Crm/Controllers/CaseObj.php +++ b/application/Espo/Modules/Crm/Controllers/CaseObj.php @@ -35,8 +35,13 @@ class CaseObj extends \Espo\Core\Controllers\Record public function getActionEmailAddressList($params, $data, $request) { - if (!$request->get('id')) throw new BadRequest(); - if (!$this->getAcl()->checkScope($this->name, 'read')) throw new Forbidden(); + if (!$request->get('id')) { + throw new BadRequest(); + } + + if (!$this->getAcl()->checkScope($this->name, 'read')) { + throw new Forbidden(); + } return $this->getRecordService()->getEmailAddressList($request->get('id')); } diff --git a/application/Espo/Modules/Crm/Controllers/KnowledgeBaseArticle.php b/application/Espo/Modules/Crm/Controllers/KnowledgeBaseArticle.php index 73b1f07718..476be18e8d 100644 --- a/application/Espo/Modules/Crm/Controllers/KnowledgeBaseArticle.php +++ b/application/Espo/Modules/Crm/Controllers/KnowledgeBaseArticle.php @@ -36,6 +36,7 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + $id = $data->id; return $this->getRecordService()->getCopiedAttachments($id); @@ -47,6 +48,7 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record throw new BadRequest(); } $where = null; + if (!empty($data->where)) { $where = $data->where; $where = json_decode(json_encode($where), true); @@ -62,7 +64,9 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + $where = null; + if (!empty($data->where)) { $where = $data->where; $where = json_decode(json_encode($where), true); @@ -78,7 +82,9 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + $where = null; + if (!empty($data->where)) { $where = $data->where; $where = json_decode(json_encode($where), true); @@ -94,7 +100,9 @@ class KnowledgeBaseArticle extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + $where = null; + if (!empty($data->where)) { $where = $data->where; $where = json_decode(json_encode($where), true); diff --git a/application/Espo/Modules/Crm/Controllers/Lead.php b/application/Espo/Modules/Crm/Controllers/Lead.php index 50d9f33c4e..3b2d9dc70e 100644 --- a/application/Espo/Modules/Crm/Controllers/Lead.php +++ b/application/Espo/Modules/Crm/Controllers/Lead.php @@ -38,6 +38,7 @@ class Lead extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + if (empty($data->records)) { $data->records = (object) []; } @@ -51,6 +52,7 @@ class Lead extends \Espo\Core\Controllers\Record if (!empty($entity)) { return $entity->toArray(); } + throw new Error(); } diff --git a/application/Espo/Modules/Crm/Controllers/Opportunity.php b/application/Espo/Modules/Crm/Controllers/Opportunity.php index 6eca5fb215..693e09f570 100644 --- a/application/Espo/Modules/Crm/Controllers/Opportunity.php +++ b/application/Espo/Modules/Crm/Controllers/Opportunity.php @@ -37,6 +37,7 @@ class Opportunity extends \Espo\Core\Controllers\Record public function actionReportByLeadSource($params, $data, $request) { $level = $this->getAcl()->getLevel('Opportunity', 'read'); + if (!$level || $level == 'no') { throw new Forbidden(); } @@ -51,6 +52,7 @@ class Opportunity extends \Espo\Core\Controllers\Record public function actionReportByStage($params, $data, $request) { $level = $this->getAcl()->getLevel('Opportunity', 'read'); + if (!$level || $level == 'no') { throw new Forbidden(); } @@ -65,6 +67,7 @@ class Opportunity extends \Espo\Core\Controllers\Record public function actionReportSalesByMonth($params, $data, $request) { $level = $this->getAcl()->getLevel('Opportunity', 'read'); + if (!$level || $level == 'no') { throw new Forbidden(); } @@ -79,6 +82,7 @@ class Opportunity extends \Espo\Core\Controllers\Record public function actionReportSalesPipeline($params, $data, $request) { $level = $this->getAcl()->getLevel('Opportunity', 'read'); + if (!$level || $level == 'no') { throw new Forbidden(); } @@ -89,13 +93,19 @@ class Opportunity extends \Espo\Core\Controllers\Record $useLastStage = $request->get('useLastStage') === 'true'; $teamId = $request->get('teamId') ?? null; - return $this->getService('Opportunity')->reportSalesPipeline($dateFilter, $dateFrom, $dateTo, $useLastStage, $teamId); + return $this->getService('Opportunity') + ->reportSalesPipeline($dateFilter, $dateFrom, $dateTo, $useLastStage, $teamId); } public function getActionEmailAddressList($params, $data, $request) { - if (!$request->get('id')) throw new BadRequest(); - if (!$this->getAcl()->checkScope($this->name, 'read')) throw new Forbidden(); + if (!$request->get('id')) { + throw new BadRequest(); + } + + if (!$this->getAcl()->checkScope($this->name, 'read')) { + throw new Forbidden(); + } return $this->getRecordService()->getEmailAddressList($request->get('id')); } diff --git a/application/Espo/Modules/Crm/Controllers/Target.php b/application/Espo/Modules/Crm/Controllers/Target.php index a160233c91..c3491a3201 100644 --- a/application/Espo/Modules/Crm/Controllers/Target.php +++ b/application/Espo/Modules/Crm/Controllers/Target.php @@ -38,11 +38,13 @@ class Target extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + $entity = $this->getRecordService()->convert($data->id); if (!empty($entity)) { return $entity->getValueMap(); } + throw new Error(); } } diff --git a/application/Espo/Modules/Crm/Controllers/TargetList.php b/application/Espo/Modules/Crm/Controllers/TargetList.php index cff21d35ea..839c72c79e 100644 --- a/application/Espo/Modules/Crm/Controllers/TargetList.php +++ b/application/Espo/Modules/Crm/Controllers/TargetList.php @@ -56,12 +56,15 @@ class TargetList extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + if (empty($data->targetType)) { throw new BadRequest(); } + if (empty($data->targetId)) { throw new BadRequest(); } + $data->id = strval($data->id); $data->targetId = strval($data->targetId); @@ -73,12 +76,15 @@ class TargetList extends \Espo\Core\Controllers\Record if (empty($data->id)) { throw new BadRequest(); } + if (empty($data->targetType)) { throw new BadRequest(); } + if (empty($data->targetId)) { throw new BadRequest(); } + $data->id = strval($data->id); $data->targetId = strval($data->targetId);