From 80dc443f913e5dc3f0258fb70b5d4f1cb1d28f59 Mon Sep 17 00:00:00 2001
From: Yurii <yurikuzn@users.noreply.github.com>
Date: Fri, 22 May 2026 12:26:29 +0300
Subject: [PATCH] Formula relate write access check

---
 .../Espo/Core/Formula/Functions/RecordGroup/RelateType.php    | 4 ++++
 .../Espo/Core/Formula/Functions/RecordGroup/UnrelateType.php  | 4 ++++
 .../Functions/RecordGroup/UpdateRelationColumnType.php        | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/application/Espo/Core/Formula/Functions/RecordGroup/RelateType.php b/application/Espo/Core/Formula/Functions/RecordGroup/RelateType.php
index a870828888..41e305db96 100644
--- a/application/Espo/Core/Formula/Functions/RecordGroup/RelateType.php
+++ b/application/Espo/Core/Formula/Functions/RecordGroup/RelateType.php
@@ -123,6 +123,10 @@ class RelateType extends BaseFunction implements
     {
         $restriction = $this->injectableFactory->create(SystemRestriction::class);
 
+        if (!$restriction->checkEntityTypeWrite($entityType)) {
+            throw new NotAllowedUsage("Cannot write '$entityType'.");
+        }
+
         if (!$restriction->checkLinkWrite($entityType, $link) ) {
             throw new NotAllowedUsage("Cannot write restricted link $entityType.$link.");
         }
diff --git a/application/Espo/Core/Formula/Functions/RecordGroup/UnrelateType.php b/application/Espo/Core/Formula/Functions/RecordGroup/UnrelateType.php
index b6d1c5a797..3bd019d333 100644
--- a/application/Espo/Core/Formula/Functions/RecordGroup/UnrelateType.php
+++ b/application/Espo/Core/Formula/Functions/RecordGroup/UnrelateType.php
@@ -99,6 +99,10 @@ class UnrelateType extends BaseFunction implements
     {
         $restriction = $this->injectableFactory->create(SystemRestriction::class);
 
+        if (!$restriction->checkEntityTypeWrite($entityType)) {
+            throw new NotAllowedUsage("Cannot write '$entityType'.");
+        }
+
         if (!$restriction->checkLinkWrite($entityType, $link) ) {
             throw new NotAllowedUsage("Cannot write restricted link $entityType.$link.");
         }
diff --git a/application/Espo/Core/Formula/Functions/RecordGroup/UpdateRelationColumnType.php b/application/Espo/Core/Formula/Functions/RecordGroup/UpdateRelationColumnType.php
index f18e3b574b..986eece1a2 100644
--- a/application/Espo/Core/Formula/Functions/RecordGroup/UpdateRelationColumnType.php
+++ b/application/Espo/Core/Formula/Functions/RecordGroup/UpdateRelationColumnType.php
@@ -111,6 +111,10 @@ class UpdateRelationColumnType extends BaseFunction implements
     {
         $restriction = $this->injectableFactory->create(SystemRestriction::class);
 
+        if (!$restriction->checkEntityTypeWrite($entityType)) {
+            throw new NotAllowedUsage("Cannot write '$entityType'.");
+        }
+
         if (!$restriction->checkLinkWrite($entityType, $link) ) {
             throw new NotAllowedUsage("Cannot write restricted link $entityType.$link.");
         }