From 6f89c17ddf2ca7e5275aa4d7c3dbb6970ff352a2 Mon Sep 17 00:00:00 2001 From: Yurii Date: Mon, 18 May 2026 07:43:38 +0300 Subject: [PATCH] Import impr check --- application/Espo/Tools/Import/Import.php | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/application/Espo/Tools/Import/Import.php b/application/Espo/Tools/Import/Import.php index 287802696e..6c4103ad8c 100644 --- a/application/Espo/Tools/Import/Import.php +++ b/application/Espo/Tools/Import/Import.php @@ -204,19 +204,17 @@ class Import assert(is_string($this->entityType)); assert(is_string($this->attachmentId)); - if (!$this->user->isAdmin()) { - $forbiddenAttributeList = - $this->aclManager->getScopeForbiddenAttributeList($this->user, $this->entityType, Table::ACTION_EDIT); + $forbiddenAttributeList = + $this->aclManager->getScopeForbiddenAttributeList($this->user, $this->entityType, Table::ACTION_EDIT); - foreach ($attributeList as $i => $attribute) { - if (in_array($attribute, $forbiddenAttributeList)) { - unset($attributeList[$i]); - } + foreach ($attributeList as $i => $attribute) { + if (in_array($attribute, $forbiddenAttributeList)) { + unset($attributeList[$i]); } + } - if (!$this->aclManager->checkScope($this->user, $this->entityType, Table::ACTION_CREATE)) { - throw new Forbidden("Import: Create is forbidden for $this->entityType."); - } + if (!$this->aclManager->checkScope($this->user, $this->entityType, Table::ACTION_CREATE)) { + throw new Forbidden("Import: Create is forbidden for $this->entityType."); } /** @var ?Attachment $attachment */ @@ -458,7 +456,6 @@ class Import if ( $entity && - !$this->user->isAdmin() && !$this->aclManager->checkEntityEdit($this->user, $entity) ) { $this->createError(