viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-06-27 22:46:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Import impr check

Browse Source
This commit is contained in:
Yurii
2026-05-18 07:43:38 +03:00
parent 8c6516aaaa
commit 6f89c17ddf
1 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
application/Espo/Tools/Import/Import.php
View File

@@ -204,19 +204,17 @@ class Import
assert(is_string($this->entityType));
assert(is_string($this->attachmentId));
if (!$this->user->isAdmin()) {
$forbiddenAttributeList =
$this->aclManager->getScopeForbiddenAttributeList($this->user, $this->entityType, Table::ACTION_EDIT);
$forbiddenAttributeList =
$this->aclManager->getScopeForbiddenAttributeList($this->user, $this->entityType, Table::ACTION_EDIT);
foreach ($attributeList as $i => $attribute) {
if (in_array($attribute, $forbiddenAttributeList)) {
unset($attributeList[$i]);
}
foreach ($attributeList as $i => $attribute) {
if (in_array($attribute, $forbiddenAttributeList)) {
unset($attributeList[$i]);
}
}
if (!$this->aclManager->checkScope($this->user, $this->entityType, Table::ACTION_CREATE)) {
throw new Forbidden("Import: Create is forbidden for $this->entityType.");
}
if (!$this->aclManager->checkScope($this->user, $this->entityType, Table::ACTION_CREATE)) {
throw new Forbidden("Import: Create is forbidden for $this->entityType.");
}
/** @var ?Attachment $attachment */
@@ -458,7 +456,6 @@ class Import
if (
$entity &&
!$this->user->isAdmin() &&
!$this->aclManager->checkEntityEdit($this->user, $entity)
) {
$this->createError(