From cd9690a45af0e9e79d3bd073ca74d5916ca6fe2f Mon Sep 17 00:00:00 2001
From: yuri <yurikuzn@users.noreply.github.com>
Date: Mon, 4 Dec 2017 12:41:36 +0200
Subject: [PATCH] export permission

---
 application/Espo/Core/Controllers/Record.php         |  4 ++++
 application/Espo/Core/defaults/config.php            |  1 -
 .../Espo/Resources/i18n/en_US/PortalRole.json        |  4 ++++
 application/Espo/Resources/i18n/en_US/Role.json      |  6 ++++--
 .../Espo/Resources/layouts/PortalRole/detail.json    | 10 ++++++++++
 application/Espo/Resources/layouts/Role/detail.json  | 10 +++-------
 application/Espo/Resources/metadata/app/acl.json     | 12 ++++++++----
 .../Espo/Resources/metadata/app/aclPortal.json       |  9 +++++++++
 .../Resources/metadata/entityDefs/PortalRole.json    |  7 +++++++
 .../Espo/Resources/metadata/entityDefs/Role.json     |  7 +++++++
 client/src/views/record/list.js                      |  2 +-
 11 files changed, 57 insertions(+), 15 deletions(-)
 create mode 100644 application/Espo/Resources/layouts/PortalRole/detail.json

diff --git a/application/Espo/Core/Controllers/Record.php b/application/Espo/Core/Controllers/Record.php
index c139a0cefd..f5427faaba 100644
--- a/application/Espo/Core/Controllers/Record.php
+++ b/application/Espo/Core/Controllers/Record.php
@@ -237,6 +237,10 @@ class Record extends Base
             throw new Forbidden();
         }
 
+        if ($this->getAcl()->get('exportPermission') !== 'yes' && !$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+
         if (!$this->getAcl()->check($this->name, 'read')) {
             throw new Forbidden();
         }
diff --git a/application/Espo/Core/defaults/config.php b/application/Espo/Core/defaults/config.php
index ffbc377cb6..4a594ec908 100644
--- a/application/Espo/Core/defaults/config.php
+++ b/application/Espo/Core/defaults/config.php
@@ -105,7 +105,6 @@ return array (
     'tabList' => ["Account", "Contact", "Lead", "Opportunity", "Case", "Email", "Calendar", "Meeting", "Call", "Task", "_delimiter_", "Document", "Campaign", "KnowledgeBaseArticle", "Stream", "User"],
     'quickCreateList' => ["Account", "Contact", "Lead", "Opportunity", "Meeting", "Call", "Task", "Case", "Email"],
     'exportDisabled' => false,
-    'exportInPortalDisabled' => true,
     'adminNotifications' => true,
     'assignmentEmailNotifications' => false,
     'assignmentEmailNotificationsEntityList' => ['Lead', 'Opportunity', 'Task', 'Case'],
diff --git a/application/Espo/Resources/i18n/en_US/PortalRole.json b/application/Espo/Resources/i18n/en_US/PortalRole.json
index 1dd3e2f694..d54939bf25 100644
--- a/application/Espo/Resources/i18n/en_US/PortalRole.json
+++ b/application/Espo/Resources/i18n/en_US/PortalRole.json
@@ -1,5 +1,6 @@
 {
     "fields": {
+        "exportPermission": "Export Permission"
     },
     "links": {
         "users": "Users"
@@ -11,5 +12,8 @@
         "Create PortalRole": "Create Portal Role",
         "Scope Level": "Scope Level",
         "Field Level": "Field Level"
+    },
+    "tooltips": {
+        "exportPermission": "Defines wheter portal users have an ability to export records."
     }
 }
diff --git a/application/Espo/Resources/i18n/en_US/Role.json b/application/Espo/Resources/i18n/en_US/Role.json
index 3949c6cb57..56b2bd6f2b 100644
--- a/application/Espo/Resources/i18n/en_US/Role.json
+++ b/application/Espo/Resources/i18n/en_US/Role.json
@@ -5,7 +5,8 @@
         "assignmentPermission": "Assignment Permission",
         "userPermission": "User Permission",
         "portalPermission": "Portal Permission",
-        "groupEmailAccountPermission": "Group Email Account Permission"
+        "groupEmailAccountPermission": "Group Email Account Permission",
+        "exportPermission": "Export Permission"
     },
     "links": {
         "users": "Users",
@@ -15,7 +16,8 @@
         "assignmentPermission": "Allows to restrict an ability to assign records and post messages to other users.\n\nall - no restriction\n\nteam - can assign and post only to teammates\n\nno - can assign and post only to self",
         "userPermission": "Allows to restrict an ability for users to view activities, calendar and stream of other users.\n\nall - can view all\n\nteam - can view activities of teammates only\n\nno - can't view",
         "portalPermission": "Defines an access to portal information, ability to post messages to portal users.",
-        "groupEmailAccountPermission": "Defines an access to group email accounts, an ability to send emails from group SMTP."
+        "groupEmailAccountPermission": "Defines an access to group email accounts, an ability to send emails from group SMTP.",
+        "exportPermission": "Defines wheter users have an ability to export records."
     },
     "labels": {
         "Access": "Access",
diff --git a/application/Espo/Resources/layouts/PortalRole/detail.json b/application/Espo/Resources/layouts/PortalRole/detail.json
new file mode 100644
index 0000000000..a59350b3f6
--- /dev/null
+++ b/application/Espo/Resources/layouts/PortalRole/detail.json
@@ -0,0 +1,10 @@
+[
+    {
+        "rows": [
+            [
+                {"name": "name"},
+                {"name": "exportPermission"}
+            ]
+        ]
+    }
+]
diff --git a/application/Espo/Resources/layouts/Role/detail.json b/application/Espo/Resources/layouts/Role/detail.json
index 013506e01a..460e0b0896 100644
--- a/application/Espo/Resources/layouts/Role/detail.json
+++ b/application/Espo/Resources/layouts/Role/detail.json
@@ -3,18 +3,14 @@
         "rows": [
             [
                 {"name": "name"},
-                {"name": "assignmentPermission"}
+                {"name": "exportPermission"}
             ],
             [
-                false,
+                {"name": "assignmentPermission"},
                 {"name": "userPermission"}
             ],
             [
-                false,
-                {"name": "portalPermission"}
-            ],
-            [
-                false,
+                {"name": "portalPermission"},
                 {"name": "groupEmailAccountPermission"}
             ]
         ]
diff --git a/application/Espo/Resources/metadata/app/acl.json b/application/Espo/Resources/metadata/app/acl.json
index c2c10a3b9b..ebe3ae0243 100644
--- a/application/Espo/Resources/metadata/app/acl.json
+++ b/application/Espo/Resources/metadata/app/acl.json
@@ -86,25 +86,29 @@
         "assignmentPermission",
         "userPermission",
         "portalPermission",
-        "groupEmailAccountPermission"
+        "groupEmailAccountPermission",
+        "exportPermission"
     ],
     "valuePermissionHighestLevels": {
         "assignmentPermission": "all",
         "userPermission": "all",
         "portalPermission": "yes",
-        "groupEmailAccountPermission": "all"
+        "groupEmailAccountPermission": "all",
+        "exportPermission": "yes"
     },
     "permissionsDefaults": {
         "assignmentPermission": "all",
         "userPermission": "all",
         "portalPermission": "no",
-        "groupEmailAccountPermission": "no"
+        "groupEmailAccountPermission": "no",
+        "exportPermission": "yes"
     },
     "permissionsStrictDefaults": {
         "assignmentPermission": "no",
         "userPermission": "no",
         "portalPermission": "no",
-        "groupEmailAccountPermission": "no"
+        "groupEmailAccountPermission": "no",
+        "exportPermission": "no"
     },
     "scopeLevelTypesDefaults": {
         "boolean": true,
diff --git a/application/Espo/Resources/metadata/app/aclPortal.json b/application/Espo/Resources/metadata/app/aclPortal.json
index c4319e9bcb..f27d27788d 100644
--- a/application/Espo/Resources/metadata/app/aclPortal.json
+++ b/application/Espo/Resources/metadata/app/aclPortal.json
@@ -114,6 +114,15 @@
             }
         }
     },
+    "valuePermissionList": [
+        "exportPermission"
+    ],
+    "permissionsDefaults": {
+        "exportPermission": "no"
+    },
+    "permissionsStrictDefaults": {
+        "exportPermission": "no"
+    },
     "scopeLevelTypesDefaults": {
         "boolean": false,
         "record": false
diff --git a/application/Espo/Resources/metadata/entityDefs/PortalRole.json b/application/Espo/Resources/metadata/entityDefs/PortalRole.json
index 1232736938..47c88ae9bc 100644
--- a/application/Espo/Resources/metadata/entityDefs/PortalRole.json
+++ b/application/Espo/Resources/metadata/entityDefs/PortalRole.json
@@ -11,6 +11,13 @@
         },
         "fieldData": {
             "type": "jsonObject"
+        },
+        "exportPermission": {
+            "type": "enum",
+            "options": ["not-set", "yes", "no"],
+            "default": "not-set",
+            "tooltip": true,
+            "translation": "Role.options.levelList"
         }
     },
     "links": {
diff --git a/application/Espo/Resources/metadata/entityDefs/Role.json b/application/Espo/Resources/metadata/entityDefs/Role.json
index 3c2c538547..5061659905 100644
--- a/application/Espo/Resources/metadata/entityDefs/Role.json
+++ b/application/Espo/Resources/metadata/entityDefs/Role.json
@@ -34,6 +34,13 @@
             "tooltip": true,
             "translation": "Role.options.levelList"
         },
+        "exportPermission": {
+            "type": "enum",
+            "options": ["not-set", "yes", "no"],
+            "default": "not-set",
+            "tooltip": true,
+            "translation": "Role.options.levelList"
+        },
         "data": {
             "type": "jsonObject"
         },
diff --git a/client/src/views/record/list.js b/client/src/views/record/list.js
index 5f447ddece..479d2add5f 100644
--- a/client/src/views/record/list.js
+++ b/client/src/views/record/list.js
@@ -730,7 +730,7 @@ Espo.define('views/record/list', 'view', function (Dep) {
             if (
                 this.getConfig().get('exportDisabled') && !this.getUser().get('isAdmin')
                 ||
-                this.getUser().get('isPortalUser') && this.getConfig().get('exportInPortalDisabled')
+                this.getAcl().get('exportPermission') === 'no'
             ) {
             	this.removeMassAction('export');
             }