mirror of
https://github.com/espocrm/espocrm.git
synced 2026-06-28 06:56:05 +00:00
acl changes
This commit is contained in:
yuri
@@ -73,6 +73,8 @@ class Table
|
||||
|
||||
protected $forbiddenFieldsCache = array();
|
||||
|
||||
protected $isStrictModeForced = false;
|
||||
|
||||
protected $isStrictMode = false;
|
||||
|
||||
public function __construct(User $user, Config $config = null, FileManager $fileManager = null, Metadata $metadata = null, FieldManagerUtil $fieldManager = null)
|
||||
@@ -83,7 +85,11 @@ class Table
|
||||
'fieldTableQuickAccess' => (object) [],
|
||||
];
|
||||
|
||||
$this->isStrictMode = $config->get('aclStrictMode', false);
|
||||
if ($this->isStrictModeForced) {
|
||||
$this->isStrictMode = true;
|
||||
} else {
|
||||
$this->isStrictMode = $config->get('aclStrictMode', false);
|
||||
}
|
||||
|
||||
$this->user = $user;
|
||||
|
||||
@@ -405,7 +411,12 @@ class Table
|
||||
return;
|
||||
}
|
||||
|
||||
$data = $this->metadata->get('app.'.$this->type.'.default.scopeLevel', array());
|
||||
$defaultsGroupName = 'default';
|
||||
if ($this->isStrictMode) {
|
||||
$defaultsGroupName = 'strictDefault';
|
||||
}
|
||||
|
||||
$data = $this->metadata->get(['app', $this->type, $defaultsGroupName, 'scopeLevel'], []);
|
||||
|
||||
foreach ($data as $scope => $item) {
|
||||
if (isset($table->$scope)) continue;
|
||||
@@ -416,7 +427,7 @@ class Table
|
||||
$table->$scope = $value;
|
||||
}
|
||||
|
||||
$defaultFieldData = $this->metadata->get('app.'.$this->type.'.default.fieldLevel', array());
|
||||
$defaultFieldData = $this->metadata->get(['app', $this->type, $defaultsGroupName, 'fieldLevel'], []);
|
||||
|
||||
foreach ($this->getScopeList() as $scope) {
|
||||
if (isset($table->$scope) && $table->$scope === false) continue;
|
||||
@@ -424,7 +435,7 @@ class Table
|
||||
|
||||
$fieldList = array_keys($this->getMetadata()->get("entityDefs.{$scope}.fields", []));
|
||||
|
||||
$defaultScopeFieldData = $this->metadata->get('app.'.$this->type.'.default.scopeFieldLevel.' . $scope, array());
|
||||
$defaultScopeFieldData = $this->metadata->get('app.'.$this->type.'.'.$defaultsGroupName.'.scopeFieldLevel.' . $scope, []);
|
||||
|
||||
foreach (array_merge($defaultFieldData, $defaultScopeFieldData) as $field => $f) {
|
||||
if (!in_array($field, $fieldList)) continue;
|
||||
|
||||
@@ -50,6 +50,8 @@ class Table extends \Espo\Core\Acl\Table
|
||||
|
||||
protected $levelList = ['yes', 'all', 'account', 'contact', 'own', 'no'];
|
||||
|
||||
protected $isStrictModeForced = true;
|
||||
|
||||
public function __construct(User $user, Portal $portal, Config $config = null, FileManager $fileManager = null, Metadata $metadata = null, FieldManagerUtil $fieldManager = null)
|
||||
{
|
||||
if (empty($portal)) {
|
||||
|
||||
@@ -75,6 +75,23 @@
|
||||
},
|
||||
"default": {
|
||||
"scopeLevel": {
|
||||
"User": {
|
||||
"read": "all"
|
||||
}
|
||||
},
|
||||
"fieldLevel": {
|
||||
},
|
||||
"scopeFieldLevel": {
|
||||
"User": {
|
||||
"gender": false
|
||||
}
|
||||
}
|
||||
},
|
||||
"strictDefault": {
|
||||
"scopeLevel": {
|
||||
"User": {
|
||||
"read": "own"
|
||||
}
|
||||
},
|
||||
"fieldLevel": {
|
||||
},
|
||||
|
||||
@@ -86,7 +86,7 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"default": {
|
||||
"strictDefault": {
|
||||
"scopeLevel": {
|
||||
},
|
||||
"fieldLevel": {
|
||||
@@ -115,6 +115,9 @@
|
||||
},
|
||||
"leads": false
|
||||
},
|
||||
"KnowledgeBaseArticle": {
|
||||
"assignedUser": false
|
||||
},
|
||||
"User": {
|
||||
"gender": false
|
||||
}
|
||||
@@ -123,16 +126,9 @@
|
||||
"valuePermissionList": [
|
||||
"exportPermission"
|
||||
],
|
||||
"permissionsDefaults": {
|
||||
"exportPermission": "no"
|
||||
},
|
||||
"permissionsStrictDefaults": {
|
||||
"exportPermission": "no"
|
||||
},
|
||||
"scopeLevelTypesDefaults": {
|
||||
"boolean": false,
|
||||
"record": false
|
||||
},
|
||||
"scopeLevelTypesStrictDefaults": {
|
||||
"boolean": false,
|
||||
"record": false
|
||||
|
||||
Reference in New Issue
Block a user