Merge branch 'hotfix/4.2.2' of ssh://172.20.0.1/var/git/espo/backend into hotfix/4.2.2

Support AD with LDAP Auth

.gitignore

@@ -6,10 +6,14 @@
 /data/config.php
 /build
 /node_modules
-/client
 /test.php
 /main.html
-/frontend/client/css/bootstrap.css
+/client/css/espo.css
+/client/css/espo-vertical.css
+/client/css/sakura.css
+/client/css/sakura-vertical.css
+/client/css/violet.css
+/client/css/violet-vertical.css
 /tests/testData/cache/*
 composer.phar
 vendor/

CONTRIBUTING.md

@@ -0,0 +1,3 @@
+Before we can merge your pull request you need to accept our CLA [here](https://github.com/espocrm/cla). It's very simple to do.
+
+[Code Style Guidelines](https://github.com/espocrm/espocrm/wiki/Code-Style-Guidelines).

Gruntfile.js

@@ -23,6 +23,7 @@ module.exports = function (grunt) {
     var jsFilesToMinify = [
         'client/lib/jquery-2.1.4.min.js',
         'client/lib/underscore-min.js',
+        'client/lib/es6-promise.min.js',
         'client/lib/backbone-min.js',
         'client/lib/handlebars.js',
         'client/lib/base64.js',
@@ -33,7 +34,7 @@ module.exports = function (grunt) {
         'client/lib/jquery.autocomplete.js',
         'client/lib/bootstrap.min.js',
         'client/lib/bootstrap-datepicker.js',
-        'client/lib/bull.min.js',
+        'client/lib/bull.js',
         'client/src/namespace.js',
         'client/src/exceptions.js',
         'client/src/loader.js',
@@ -46,7 +47,7 @@ module.exports = function (grunt) {
         mkdir: {
             tmp: {
                 options: {
-                    mode: 0775,
+                    mode: 0755,
                     create: [
                         'build/tmp',
                     ]
@@ -59,22 +60,60 @@ module.exports = function (grunt) {
             final: ['build/tmp'],
         },
         less: {
-            bootstrap: {
+            espo: {
                 options: {
                     yuicompress: true,
                 },
                 files: {
-                    'frontend/client/css/bootstrap.css': 'frontend/less/espo/main.less',
-                },
+                    'client/css/espo.css': 'frontend/less/espo/main.less',
+                }
             },
+            espoVertical: {
+                options: {
+                    yuicompress: true,
+                },
+                files: {
+                    'client/css/espo-vertical.css': 'frontend/less/espo-vertical/main.less',
+                }
+            },
+            sakura: {
+                options: {
+                    yuicompress: true,
+                },
+                files: {
+                    'client/css/sakura.css': 'frontend/less/sakura/main.less',
+                }
+            },
+            sakuraVertical: {
+                options: {
+                    yuicompress: true,
+                },
+                files: {
+                    'client/css/sakura-vertical.css': 'frontend/less/sakura-vertical/main.less',
+                }
+            },
+            violet: {
+                options: {
+                    yuicompress: true,
+                },
+                files: {
+                    'client/css/violet.css': 'frontend/less/violet/main.less',
+                }
+            },
+            violetVertical: {
+                options: {
+                    yuicompress: true,
+                },
+                files: {
+                    'client/css/violet-vertical.css': 'frontend/less/violet-vertical/main.less',
+                }
+            }
         },
         cssmin: {
             minify: {
                 files: {
-                    'build/tmp/client/css/espo.min.css': [
-                        'frontend/client/css/bootstrap.css',
-                        'frontend/client/css/datepicker.css',
-                        'frontend/client/css/jquery.timepicker.css',
+                    'build/tmp/client/css/espo.css': [
+                        'client/css/espo.css',
                     ]
                 }
             },
@@ -85,13 +124,13 @@ module.exports = function (grunt) {
                 banner: '/*! <%= pkg.name %> <%= grunt.template.today("yyyy-mm-dd") %> */\n',
             },
             'build/tmp/client/espo.min.js': jsFilesToMinify.map(function (item) {
-                return 'frontend/' + item;
+                return '' + item;
             })
         },
         copy: {
             frontendFolders: {
                 expand: true,
-                cwd: 'frontend/client',
+                cwd: 'client',
                 src: [
                     'src/**',
                     'res/**',
@@ -106,13 +145,13 @@ module.exports = function (grunt) {
                 dest: 'build/tmp/client',
             },
             frontendHtml: {
-                src: 'frontend/html/reset.html',
+                src: 'frontend/reset.html',
                 dest: 'build/tmp/reset.html'
             },
             frontendLib: {
                 expand: true,
                 dot: true,
-                cwd: 'frontend/client/lib',
+                cwd: 'client/lib',
                 src: '**',
                 dest: 'build/tmp/client/lib/',
             },
@@ -125,12 +164,15 @@ module.exports = function (grunt) {
                     'custom/**',
                     'data/.data',
                     'install/**',
+                    'portal/**',
                     'vendor/**',
+                    'html/**',
                     'bootstrap.php',
                     'cron.php',
                     'rebuild.php',
                     'clear_cache.php',
                     'upgrade.php',
+                    'extension.php',
                     'index.php',
                     'LICENSE.txt',
                     '.htaccess',
@@ -165,6 +207,19 @@ module.exports = function (grunt) {
                     'build/EspoCRM-<%= pkg.version %>/**/*.html',
                     'build/EspoCRM-<%= pkg.version %>/**/*.txt',
                 ]
+            },
+            folders: {
+                options: {
+                    mode: '755'
+                },
+                src: [
+                    'build/EspoCRM-<%= pkg.version %>/install',
+                    'build/EspoCRM-<%= pkg.version %>/portal',
+                    'build/EspoCRM-<%= pkg.version %>/api',
+                    'build/EspoCRM-<%= pkg.version %>/api/v1',
+                    'build/EspoCRM-<%= pkg.version %>/api/v1/portal-access',
+                    'build/EspoCRM-<%= pkg.version %>',
+                ]
             }
         },
         replace: {
@@ -179,8 +234,12 @@ module.exports = function (grunt) {
                 },
                 files: [
                     {
-                        src: 'frontend/html/main.html',
-                        dest: 'build/tmp/main.html'
+                        src: 'build/tmp/html/main.html',
+                        dest: 'build/tmp/html/main.html'
+                    },
+                    {
+                        src: 'build/tmp/html/portal.html',
+                        dest: 'build/tmp/html/portal.html'
                     }
                 ]
             },

LICENSE.txt

@@ -631,29 +631,29 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
-    EspoCRM - Open Source CRM
-    Copyright (C) 2014  Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
 
-    EspoCRM is free software: you can redistribute it and/or modify
+    This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation, either version 3 of the License, or
     (at your option) any later version.
 
-    EspoCRM is distributed in the hope that it will be useful,
+    This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with EspoCRM.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
-    EspoCRM  Copyright (C) 2014  Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
-    EspoCRM comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.
 

README.md

@@ -26,9 +26,9 @@ Create an issue [here](https://github.com/espocrm/espocrm/issues) or post on our
 
 Never update composer dependencies if you are going to contribute code back.
 
-Now you can build.
+Now you can build. Build will create compiled css files.
 
-If your repository is accessible via a web server then you can run EspoCRM by url `http://PROJECT_URL/frontend`. To compose a proper config.php and populate database you can run install by opening `http(s)://{YOUR_CRM_URL}/install` location in a browser. Also you need to run build before to have compiled css.
+To compose a proper config.php and populate database you can run install by opening `http(s)://{YOUR_CRM_URL}/install` location in a browser. Then open `data/config.php` file and add `isDeveloperMode => true`.
 
 ### How to build
 
@@ -40,20 +40,24 @@ You need to have nodejs and Grunt CLI installed.
 
 The build will be created in the `build` directory.
 
-### How to make translation
+### How to contribute
+
+Before we can merge your pull request you need to accept our CLA [here](https://github.com/espocrm/cla). It's very simple to do.
+
+### How to make a translation
 
 Build po file with command:
 `node po.js en_EN`
 (specify needed language instead of en_EN)
 
-After that tranlate the generated po file.
+After that translate the generated po file.
 
 Build json files from the translated po file:
 
-1. Put your po file espocrm-en_EN.po to the `build` directory
+1. Put your po file espocrm-en_EN.po into `build` directory
 2. Run `node lang.js en_EN`
 
-The files will be created in build directory.
+Json files will be created in build directory grouped by folders.
 
 ### License
 

api/v1/index.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 require_once('../../bootstrap.php');

api/v1/portal-access/.htaccess

@@ -0,0 +1,12 @@
+RewriteEngine On
+
+# Some hosts may require you to use the `RewriteBase` directive.
+# If you need to use the `RewriteBase` directive, it should be the
+# absolute physical path to the directory that contains this htaccess file.
+#
+# RewriteBase /
+
+RewriteRule .* - [E=HTTP_ESPO_CGI_AUTH:%{HTTP:Authorization}]
+
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^ index.php [QSA,L]

api/v1/portal-access/index.php

@@ -18,20 +18,22 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
-include "../bootstrap.php";
+require_once('../../../bootstrap.php');
 
-$app = new \Espo\Core\Application();
-
-if (!empty($_GET['entryPoint'])) {
-    $app->runEntryPoint($_GET['entryPoint']);
-    exit;
+if (!empty($_GET['portalId'])) {
+    $portalId = $_GET['portalId'];
+} else {
+    $portalId = explode('/', $_SERVER['REQUEST_URI'])[count(explode('/', $_SERVER['SCRIPT_NAME'])) - 1];
 }
 
-$runScript = "app.start();";
-$html = file_get_contents("frontend/main.html");
-$html = str_replace('{{runScript}}', $runScript , $html);
-echo $html;
-exit;
-
+$app = new \Espo\Core\Portal\Application($portalId);
+$app->run();

api/v1/portal-access/web.config

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <system.webServer>
+        <rewrite>
+            <rules>
+                <rule name="rule 1G" stopProcessing="true">
+                    <match url="^"  />
+                    <action type="Rewrite" url="index.php"  appendQueryString="true" />
+				</rule>
+            </rules>
+        </rewrite>
+    </system.webServer>
+
+</configuration>

application/Espo/Acl/Attachment.php

@@ -0,0 +1,93 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Attachment extends \Espo\Core\Acl\Base
+{
+    public function checkEntityRead(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        if ($entity->get('parentType') === 'Settings') {
+            return true;
+        }
+
+        $parent = null;
+        $hasParent = false;
+        if ($entity->get('parentId') && $entity->get('parentType')) {
+            $hasParent = true;
+            $parent = $this->getEntityManager()->getEntity($entity->get('parentType'), $entity->get('parentId'));
+        } else if ($entity->get('relatedId') && $entity->get('relatedType')) {
+            $hasParent = true;
+            $parent = $this->getEntityManager()->getEntity($entity->get('relatedType'), $entity->get('relatedId'));
+        }
+
+        if ($hasParent) {
+            if ($parent) {
+                if ($parent->getEntityType() === 'Note') {
+                    if ($parent->get('parentId') && $parent->get('parentType')) {
+                        $parentOfParent = $this->getEntityManager()->getEntity($parent->get('parentType'), $parent->get('parentId'));
+                        if ($parentOfParent && $this->getAclManager()->checkEntity($user, $parentOfParent)) {
+                            return true;
+                        }
+                    } else {
+                        return true;
+                    }
+                } else {
+                    if ($this->getAclManager()->checkEntity($user, $parent)) {
+                        return true;
+                    }
+                }
+            }
+        } else {
+            return true;
+        }
+
+        if ($this->checkEntity($user, $entity, $data, 'read')) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        if ($user->id === $entity->get('createdById')) {
+            return true;
+        }
+        return false;
+    }
+}
+

application/Espo/Acl/Email.php

@@ -18,17 +18,24 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Acl;
 
-use \Espo\Entities\User;
+use \Espo\Entities\User as EntityUser;
 use \Espo\ORM\Entity;
 
 class Email extends \Espo\Core\Acl\Base
 {
 
-    public function checkEntityRead(User $user, Entity $entity, $data)
+    public function checkEntityRead(EntityUser $user, Entity $entity, $data)
     {
         if ($this->checkEntity($user, $entity, $data, 'read')) {
             return true;
@@ -37,8 +44,8 @@ class Email extends \Espo\Core\Acl\Base
         if ($data === false) {
             return false;
         }
-        if (is_array($data)) {
-            if (empty($data['read']) || $data['read'] == 'no') {
+        if (is_object($data)) {
+            if ($data->read === false || $data->read === 'no') {
                 return false;
             }
         }
@@ -53,20 +60,62 @@ class Email extends \Espo\Core\Acl\Base
         return false;
     }
 
-    public function checkIsOwner(User $user, Entity $entity)
+    public function checkIsOwner(EntityUser $user, Entity $entity)
     {
-        if ($entity->has('assignedUserId')) {
-            if ($user->id === $entity->get('assignedUserId')) {
-                return true;
-            }
+        if ($user->id === $entity->get('assignedUserId')) {
+            return true;
         }
 
         if ($user->id === $entity->get('createdById')) {
             return true;
         }
 
+        if ($entity->hasLinkMultipleId('assignedUsers', $user->id)) {
+            return true;
+        }
+
         return false;
     }
 
+    public function checkEntityDelete(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        if ($data === false) {
+            return false;
+        }
+
+        if ($data->delete === 'own') {
+            if ($user->id === $entity->get('assignedUserId')) {
+                return true;
+            }
+
+            if ($user->id === $entity->get('createdById')) {
+                return true;
+            }
+
+            $assignedUserIdList = $entity->getLinkMultipleIdList('assignedUsers');
+            if (count($assignedUserIdList) === 1 && $entity->hasLinkMultipleId('assignedUsers', $user->id)) {
+                return true;
+            }
+            return false;
+        }
+
+        if ($this->checkEntity($user, $entity, $data, 'delete')) {
+            return true;
+        }
+
+        if ($data->edit !== 'no' || $data->create !== 'no') {
+            if ($entity->get('createdById') === $user->id) {
+                if ($entity->get('status') !== 'Sent' && $entity->get('status') !== 'Archived') {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
 }
 

application/Espo/Acl/EmailFilter.php

@@ -0,0 +1,56 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class EmailFilter extends \Espo\Core\Acl\Base
+{
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        if ($entity->has('parentId') && $entity->has('parentType')) {
+            $parentType = $entity->get('parentType');
+            $parentId = $entity->get('parentId');
+            if (!$parentType || !$parentId) return;
+
+            $parent = $this->getEntityManager()->getEntity($parentType, $parentId);
+
+            if ($parent->getEntityType() === 'User') {
+                return $parent->id === $user->id;
+            }
+            if ($parent && $parent->has('assignedUserId') && $parent->get('assignedUserId') === $user->id) {
+                return true;
+            }
+        }
+        return;
+    }
+}
+

application/Espo/Acl/Notification.php

@@ -0,0 +1,45 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Notification extends \Espo\Core\Acl\Base
+{
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        if ($user->id === $entity->get('userId')) {
+            return true;
+        }
+        return false;
+    }
+}
+

application/Espo/Acl/User.php

@@ -0,0 +1,41 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\ORM\Entity;
+
+class User extends \Espo\Core\Acl\Base
+{
+    public function checkIsOwner(\Espo\Entities\User $user, Entity $entity)
+    {
+        return $user->id === $entity->id;
+    }
+}
+

application/Espo/AclPortal/Attachment.php

@@ -0,0 +1,93 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Attachment extends \Espo\Core\AclPortal\Base
+{
+    public function checkEntityRead(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        if ($entity->get('parentType') === 'Settings') {
+            return true;
+        }
+
+        $parent = null;
+        $hasParent = false;
+        if ($entity->get('parentId') && $entity->get('parentType')) {
+            $hasParent = true;
+            $parent = $this->getEntityManager()->getEntity($entity->get('parentType'), $entity->get('parentId'));
+        } else if ($entity->get('relatedId') && $entity->get('relatedType')) {
+            $hasParent = true;
+            $parent = $this->getEntityManager()->getEntity($entity->get('relatedType'), $entity->get('relatedId'));
+        }
+
+        if ($hasParent) {
+            if ($parent) {
+                if ($parent->getEntityType() === 'Note') {
+                    if ($parent->get('parentId') && $parent->get('parentType')) {
+                        $parentOfParent = $this->getEntityManager()->getEntity($parent->get('parentType'), $parent->get('parentId'));
+                        if ($parentOfParent && $this->getAclManager()->checkEntity($user, $parentOfParent)) {
+                            return true;
+                        }
+                    } else {
+                        return true;
+                    }
+                } else {
+                    if ($this->getAclManager()->checkEntity($user, $parent)) {
+                        return true;
+                    }
+                }
+            }
+        } else {
+            return true;
+        }
+
+        if ($this->checkEntity($user, $entity, $data, 'read')) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        if ($user->id === $entity->get('createdById')) {
+            return true;
+        }
+        return false;
+    }
+}
+

application/Espo/AclPortal/Email.php

@@ -0,0 +1,71 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Email extends \Espo\Core\AclPortal\Base
+{
+
+    public function checkEntityRead(EntityUser $user, Entity $entity, $data)
+    {
+        if ($this->checkEntity($user, $entity, $data, 'read')) {
+            return true;
+        }
+
+        if ($data === false) {
+            return false;
+        }
+        if (is_object($data)) {
+            if ($data->read === false || $data->read === 'no') {
+                return false;
+            }
+        }
+
+        if (!$entity->has('usersIds')) {
+            $entity->loadLinkMultipleField('users');
+        }
+        $userIdList = $entity->get('usersIds');
+        if (is_array($userIdList) && in_array($user->id, $userIdList)) {
+            return true;
+        }
+        return false;
+    }
+
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        if ($user->id === $entity->get('createdById')) {
+            return true;
+        }
+        return false;
+    }
+}
+

application/Espo/AclPortal/Notification.php

@@ -0,0 +1,45 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Notification extends \Espo\Core\AclPortal\Base
+{
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        if ($user->id === $entity->get('userId')) {
+            return true;
+        }
+        return false;
+    }
+}
+

application/Espo/AclPortal/User.php

@@ -0,0 +1,41 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\ORM\Entity;
+
+class User extends \Espo\Core\AclPortal\Base
+{
+    public function checkIsOwner(\Espo\Entities\User $user, Entity $entity)
+    {
+        return $user->id === $entity->id;
+    }
+}
+

application/Espo/Controllers/Admin.php

@@ -18,12 +18,21 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
 
-use \Espo\Core\Exceptions\Error,
-    \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\NotFound;
+use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
 
 class Admin extends \Espo\Core\Controllers\Base
 {
@@ -34,17 +43,19 @@ class Admin extends \Espo\Core\Controllers\Base
         }
     }
 
-    public function actionRebuild($params, $data)
+    public function postActionRebuild($params, $data, $request)
     {
+        if (!$request->isPost()) {
+            throw new BadRequest();
+        }
         $result = $this->getContainer()->get('dataManager')->rebuild();
 
         return $result;
     }
 
-    public function actionClearCache($params, $data)
+    public function postActionClearCache($params, $data)
     {
         $result = $this->getContainer()->get('dataManager')->clearCache();
-
         return $result;
     }
 
@@ -55,8 +66,13 @@ class Admin extends \Espo\Core\Controllers\Base
         return $scheduledJob->getAllNamesOnly();
     }
 
-    public function actionUploadUpgradePackage($params, $data)
+    public function postActionUploadUpgradePackage($params, $data)
     {
+        if ($this->getConfig()->get('restrictedMode')) {
+            if (!$this->getUser()->get('isSuperAdmin')) {
+                throw new Forbidden();
+            }
+        }
         $upgradeManager = new \Espo\Core\UpgradeManager($this->getContainer());
 
         $upgradeId = $upgradeManager->upload($data);
@@ -68,10 +84,15 @@ class Admin extends \Espo\Core\Controllers\Base
         );
     }
 
-    public function actionRunUpgrade($params, $data)
+    public function postActionRunUpgrade($params, $data)
     {
-        $upgradeManager = new \Espo\Core\UpgradeManager($this->getContainer());
+        if ($this->getConfig()->get('restrictedMode')) {
+            if (!$this->getUser()->get('isSuperAdmin')) {
+                throw new Forbidden();
+            }
+        }
 
+        $upgradeManager = new \Espo\Core\UpgradeManager($this->getContainer());
         $upgradeManager->install($data);
 
         return true;

application/Espo/Controllers/App.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -28,23 +35,40 @@ class App extends \Espo\Core\Controllers\Base
 {
     public function actionUser()
     {
-        $preferences = $this->getPreferences()->toArray();
+        $preferences = $this->getPreferences()->getValues();
         unset($preferences['smtpPassword']);
 
         $user = $this->getUser();
         if (!$user->has('teamsIds')) {
             $user->loadLinkMultipleField('teams');
         }
+        if ($user->get('isPortalUser')) {
+            $user->loadAccountField();
+            $user->loadLinkMultipleField('accounts');
+        }
+
+        $userData = $user->getValues();
+
+        $emailAddressList = [];
+        foreach ($user->get('emailAddresses') as $emailAddress) {
+            if ($emailAddress->get('invalid')) continue;
+            if ($user->get('emailAddrses') === $emailAddress->get('name')) continue;
+            $emailAddressList[] = $emailAddress->get('name');
+        }
+        if ($user->get('emailAddrses')) {
+            array_unshift($emailAddressList, $user->get('emailAddrses'));
+        }
+        $userData['emailAddressList'] = $emailAddressList;
 
         return array(
-            'user' => $user->toArray(),
+            'user' => $userData,
             'acl' => $this->getAcl()->getMap(),
             'preferences' => $preferences,
             'token' => $this->getUser()->get('token')
         );
     }
 
-    public function actionDestroyAuthToken($params, $data)
+    public function postActionDestroyAuthToken($params, $data)
     {
         $token = $data['token'];
         if (empty($token)) {

application/Espo/Controllers/Attachment.php

@@ -18,15 +18,32 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
 
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
+
 class Attachment extends \Espo\Core\Controllers\Record
 {
-
-    public function actionUpload($params, $data)
+    public function actionUpload($params, $data, $request)
     {
+        if (!$request->isPost()) {
+            throw new BadRequest();
+        }
+
+        if (!$this->getAcl()->checkScope('Attachment', 'create')) {
+            throw new Forbidden();
+        }
+
         list($prefix, $contents) = explode(',', $data);
         $contents = base64_decode($contents);
 

application/Espo/Controllers/AuthToken.php

@@ -18,49 +18,56 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
 use \Espo\Core\Exceptions\Forbidden;
 
 class AuthToken extends \Espo\Core\Controllers\Record
-{    
+{
     protected function checkControllerAccess()
     {
         if (!$this->getUser()->isAdmin()) {
             throw new Forbidden();
         }
     }
-    
+
     public function actionUpdate($params, $data)
     {
         throw new Forbidden();
-    }    
-    
+    }
+
     public function actionCreate($params, $data)
     {
         throw new Forbidden();
     }
-    
+
     public function actionListLinked($params, $data)
     {
         throw new Forbidden();
     }
-    
+
     public function actionMassUpdate($params, $data)
     {
         throw new Forbidden();
     }
-    
+
     public function actionCreateLink($params, $data)
     {
         throw new Forbidden();
     }
-    
+
     public function actionRemoveLink($params, $data)
     {
         throw new Forbidden();
-    }    
+    }
 }
 

application/Espo/Controllers/Email.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -25,12 +32,16 @@ namespace Espo\Controllers;
 use \Espo\Core\Exceptions\BadRequest;
 use \Espo\Core\Exceptions\Forbidden;
 use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\NotFound;
 
 class Email extends \Espo\Core\Controllers\Record
 {
-    public function actionGetCopiedAttachments($params, $data, $request)
+    public function postActionGetCopiedAttachments($params, $data, $request)
     {
-        $id = $request->get('id');
+        if (empty($data['id'])) {
+            throw new BadRequest();
+        }
+        $id = $data['id'];
 
         return $this->getRecordService()->getCopiedAttachments($id);
     }
@@ -41,47 +52,174 @@ class Email extends \Espo\Core\Controllers\Record
             throw new BadRequest();
         }
 
+        if (!$this->getAcl()->checkScope('Email')) {
+            throw new Forbidden();
+        }
+
         if (is_null($data['password'])) {
             if ($data['type'] == 'preferences') {
-                if (!$this->getUser()->isAdmin() && $data['id'] != $this->getUser()->id) {
+                if (!$this->getUser()->isAdmin() && $data['id'] !== $this->getUser()->id) {
                     throw new Forbidden();
                 }
                 $preferences = $this->getEntityManager()->getEntity('Preferences', $data['id']);
                 if (!$preferences) {
-                    throw new Error();
+                    throw new NotFound();
                 }
 
-                $data['password'] = $this->getContainer()->get('crypt')->decrypt($preferences->get('smtpPassword'));
+                if (is_null($data['password'])) {
+                    $data['password'] = $this->getContainer()->get('crypt')->decrypt($preferences->get('smtpPassword'));
+                }
+            } else if ($data['type'] == 'emailAccount') {
+                if (!$this->getAcl()->checkScope('EmailAccount')) {
+                    throw new Forbidden();
+                }
+                if (!empty($data['id'])) {
+                    $emailAccount = $this->getEntityManager()->getEntity('EmailAccount', $data['id']);
+                    if (!$emailAccount) {
+                        throw new NotFound();
+                    }
+                    if (!$this->getUser()->isAdmin()) {
+                        if ($emailAccount->get('assigniedUserId') !== $this->getUser()->id) {
+                            throw new Forbidden();
+                        }
+                    }
+                    if (is_null($data['password'])) {
+                        $data['password'] = $this->getContainer()->get('crypt')->decrypt($emailAccount->get('smtpPassword'));
+                    }
+                }
             } else {
                 if (!$this->getUser()->isAdmin()) {
                     throw new Forbidden();
                 }
-                $data['password'] = $this->getConfig()->get('smtpPassword');
+                if (is_null($data['password'])) {
+                    $data['password'] = $this->getConfig()->get('smtpPassword');
+                }
             }
         }
 
         return $this->getRecordService()->sendTestEmail($data);
     }
 
-    public function actionMarkAsRead($params, $data, $request)
+    public function postActionMarkAsRead($params, $data, $request)
     {
-        if (!$request->isPost()) {
-            throw new BadRequest();
+        if (!empty($data['ids'])) {
+            $ids = $data['ids'];
+        } else {
+            if (!empty($data['id'])) {
+                $ids = [$data['id']];
+            } else {
+                throw new BadRequest();
+            }
         }
-        if (empty($data['ids']) || !is_array($data['ids'])) {
-            throw new BadRequest();
-        }
-        $ids = $data['ids'];
-
-        return $this->getRecordService()->markAsReadByIds($ids);
+        return $this->getRecordService()->markAsReadByIdList($ids);
     }
 
-    public function actionMarkAllAsRead($params, $data, $request)
+    public function postActionMarkAsNotRead($params, $data, $request)
     {
-        if (!$request->isPost()) {
+        if (!empty($data['ids'])) {
+            $ids = $data['ids'];
+        } else {
+            if (!empty($data['id'])) {
+                $ids = [$data['id']];
+            } else {
+                throw new BadRequest();
+            }
+        }
+        return $this->getRecordService()->markAsNotReadByIdList($ids);
+    }
+
+    public function postActionMarkAllAsRead($params, $data, $request)
+    {
+        return $this->getRecordService()->markAllAsRead();
+    }
+
+    public function postActionMarkAsImportant($params, $data, $request)
+    {
+        if (!empty($data['ids'])) {
+            $ids = $data['ids'];
+        } else {
+            if (!empty($data['id'])) {
+                $ids = [$data['id']];
+            } else {
+                throw new BadRequest();
+            }
+        }
+        return $this->getRecordService()->markAsImportantByIdList($ids);
+    }
+
+    public function postActionMarkAsNotImportant($params, $data, $request)
+    {
+        if (!empty($data['ids'])) {
+            $ids = $data['ids'];
+        } else {
+            if (!empty($data['id'])) {
+                $ids = [$data['id']];
+            } else {
+                throw new BadRequest();
+            }
+        }
+        return $this->getRecordService()->markAsNotImportantByIdList($ids);
+    }
+
+    public function postActionMoveToTrash($params, $data)
+    {
+        if (!empty($data['ids'])) {
+            $ids = $data['ids'];
+        } else {
+            if (!empty($data['id'])) {
+                $ids = [$data['id']];
+            } else {
+                throw new BadRequest();
+            }
+        }
+        return $this->getRecordService()->moveToTrashByIdList($ids);
+    }
+
+    public function postActionRetrieveFromTrash($params, $data)
+    {
+        if (!empty($data['ids'])) {
+            $ids = $data['ids'];
+        } else {
+            if (!empty($data['id'])) {
+                $ids = [$data['id']];
+            } else {
+                throw new BadRequest();
+            }
+        }
+        return $this->getRecordService()->retrieveFromTrashByIdList($ids);
+    }
+
+    public function getActionGetFoldersNotReadCounts(&$params, $request, $data)
+    {
+        return $this->getRecordService()->getFoldersNotReadCounts();
+    }
+
+    protected function fetchListParamsFromRequest(&$params, $request, $data)
+    {
+        parent::fetchListParamsFromRequest($params, $request, $data);
+
+        $folderId = $request->get('folderId');
+        if ($folderId) {
+            $params['folderId'] = $request->get('folderId');
+        }
+    }
+
+    public function postActionMoveToFolder($params, $data)
+    {
+        if (!empty($data['ids'])) {
+            $ids = $data['ids'];
+        } else {
+            if (!empty($data['id'])) {
+                $ids = [$data['id']];
+            } else {
+                throw new BadRequest();
+            }
+        }
+
+        if (empty($data['folderId'])) {
             throw new BadRequest();
         }
-        return $this->getRecordService()->markAllAsRead();
+        return $this->getRecordService()->moveToFolderByIdList($ids, $data['folderId']);
     }
 }
 

application/Espo/Controllers/EmailAccount.php

@@ -18,11 +18,19 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
 
 use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
 
 class EmailAccount extends \Espo\Core\Controllers\Record
 {

application/Espo/Controllers/EmailAddress.php

@@ -18,14 +18,29 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
+use \Espo\Core\Exceptions\Forbidden;
+
 class EmailAddress extends \Espo\Core\Controllers\Record
 {
     public function actionSearchInAddressBook($params, $data, $request)
     {
+        if (!$this->getAcl()->checkScope('Email')) {
+            throw new Forbidden();
+        }
+        if (!$this->getAcl()->checkScope('Email', 'create')) {
+            throw new Forbidden();
+        }
         $q = $request->get('q');
         $limit = intval($request->get('limit'));
         if (empty($limit) || $limit > 30) {

application/Espo/Controllers/EmailFilter.php

@@ -0,0 +1,36 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+class EmailFilter extends \Espo\Core\Controllers\Record
+{
+
+}
+

application/Espo/Controllers/EmailFolder.php

@@ -0,0 +1,63 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\BadRequest;
+
+class EmailFolder extends \Espo\Core\Controllers\Record
+{
+    public function postActionMoveUp($params, $data, $request)
+    {
+        if (empty($data['id'])) {
+            throw new BadRequest();
+        }
+
+        $this->getRecordService()->moveUp($data['id']);
+
+        return true;
+    }
+
+    public function postActionMoveDown($params, $data, $request)
+    {
+        if (empty($data['id'])) {
+            throw new BadRequest();
+        }
+
+        $this->getRecordService()->moveDown($data['id']);
+
+        return true;
+    }
+
+    public function getActionListAll()
+    {
+        return $this->getRecordService()->listAll();
+    }
+}
+

application/Espo/Controllers/EmailTemplate.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Controllers;

application/Espo/Controllers/EntityManager.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -62,20 +69,29 @@ class EntityManager extends \Espo\Core\Controllers\Base
         if (!empty($data['stream'])) {
             $params['stream'] = $data['stream'];
         }
+        if (!empty($data['disabled'])) {
+            $params['disabled'] = $data['disabled'];
+        }
         if (!empty($data['sortBy'])) {
             $params['sortBy'] = $data['sortBy'];
         }
         if (!empty($data['sortDirection'])) {
             $params['asc'] = $data['sortDirection'] === 'asc';
         }
+        if (isset($data['textFilterFields']) && is_array($data['textFilterFields'])) {
+            $params['textFilterFields'] = $data['textFilterFields'];
+        }
 
         $result = $this->getContainer()->get('entityManagerUtil')->create($name, $type, $params);
 
         if ($result) {
             $tabList = $this->getConfig()->get('tabList', []);
-            $tabList[] = $name;
-            $this->getConfig()->set('tabList', $tabList);
-            $this->getConfig()->save();
+
+            if (!in_array($name, $tabList)) {
+                $tabList[] = $name;
+                $this->getConfig()->set('tabList', $tabList);
+                $this->getConfig()->save();
+            }
 
             $this->getContainer()->get('dataManager')->rebuild();
         } else {
@@ -158,15 +174,31 @@ class EntityManager extends \Espo\Core\Controllers\Base
         	'linkType'
         ];
 
-        $d = array();
+        $additionalParamList = [
+            'relationName',
+        ];
+
+        $params = array();
+
         foreach ($paramList as $item) {
         	if (empty($data[$item])) {
         		throw new BadRequest();
         	}
-        	$d[$item] = filter_var($data[$item], \FILTER_SANITIZE_STRING);
+        	$params[$item] = filter_var($data[$item], \FILTER_SANITIZE_STRING);
         }
 
-        $result = $this->getContainer()->get('entityManagerUtil')->createLink($d);
+        foreach ($additionalParamList as $item) {
+            $params[$item] = filter_var($data[$item], \FILTER_SANITIZE_STRING);
+        }
+
+        if (array_key_exists('linkMultipleField', $data)) {
+            $params['linkMultipleField'] = $data['linkMultipleField'];
+        }
+        if (array_key_exists('linkMultipleFieldForeign', $data)) {
+            $params['linkMultipleFieldForeign'] = $data['linkMultipleFieldForeign'];
+        }
+
+        $result = $this->getContainer()->get('entityManagerUtil')->createLink($params);
 
         if ($result) {
             $this->getContainer()->get('dataManager')->rebuild();
@@ -192,12 +224,25 @@ class EntityManager extends \Espo\Core\Controllers\Base
         	'labelForeign'
         ];
 
-        $d = array();
+        $additionalParamList = [];
+
+        $params = array();
         foreach ($paramList as $item) {
-        	$d[$item] = filter_var($data[$item], \FILTER_SANITIZE_STRING);
+        	$params[$item] = filter_var($data[$item], \FILTER_SANITIZE_STRING);
         }
 
-        $result = $this->getContainer()->get('entityManagerUtil')->updateLink($d);
+        foreach ($additionalParamList as $item) {
+            $params[$item] = filter_var($data[$item], \FILTER_SANITIZE_STRING);
+        }
+
+        if (array_key_exists('linkMultipleField', $data)) {
+            $params['linkMultipleField'] = $data['linkMultipleField'];
+        }
+        if (array_key_exists('linkMultipleFieldForeign', $data)) {
+            $params['linkMultipleFieldForeign'] = $data['linkMultipleFieldForeign'];
+        }
+
+        $result = $this->getContainer()->get('entityManagerUtil')->updateLink($params);
 
         if ($result) {
             $this->getContainer()->get('dataManager')->clearCache();

application/Espo/Controllers/Extension.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -58,6 +65,11 @@ class Extension extends \Espo\Core\Controllers\Record
         if (!$request->isPost()) {
             throw new Forbidden();
         }
+        if ($this->getConfig()->get('restrictedMode')) {
+            if (!$this->getUser()->get('isSuperAdmin')) {
+                throw new Forbidden();
+            }
+        }
 
         $manager = new \Espo\Core\ExtensionManager($this->getContainer());
 
@@ -71,11 +83,14 @@ class Extension extends \Espo\Core\Controllers\Record
         if (!$request->isPost()) {
             throw new Forbidden();
         }
+        if ($this->getConfig()->get('restrictedMode')) {
+            if (!$this->getUser()->get('isSuperAdmin')) {
+                throw new Forbidden();
+            }
+        }
 
         $manager = new \Espo\Core\ExtensionManager($this->getContainer());
-
         $manager->uninstall($data);
-
         return true;
     }
 
@@ -99,12 +114,18 @@ class Extension extends \Espo\Core\Controllers\Record
         throw new Forbidden();
     }
 
-    public function actionDelete($params)
+    public function actionDelete($params, $data, $request)
     {
+        if (!$request->isDelete()) {
+            throw BadRequest();
+        }
+        if ($this->getConfig()->get('restrictedMode')) {
+            if (!$this->getUser()->get('isSuperAdmin')) {
+                throw new Forbidden();
+            }
+        }
         $manager = new \Espo\Core\ExtensionManager($this->getContainer());
-
         $manager->delete($params);
-
         return true;
     }
 

application/Espo/Controllers/ExternalAccount.php

@@ -18,23 +18,38 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
 use \Espo\Core\Exceptions\Error;
 use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
 
 class ExternalAccount extends \Espo\Core\Controllers\Record
 {
     public static $defaultAction = 'list';
 
+    protected function checkControllerAccess()
+    {
+        if (!$this->getAcl()->checkScope('ExternalAccount')) {
+            throw new Forbidden();
+        }
+    }
+
     public function actionList($params, $data, $request)
     {
         $integrations = $this->getEntityManager()->getRepository('Integration')->find();
         $arr = array();
         foreach ($integrations as $entity) {
-            if ($entity->get('enabled') && $this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts')) {                
+            if ($entity->get('enabled') && $this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts')) {
                 $arr[] = array(
                     'id' => $entity->id
                 );
@@ -77,15 +92,18 @@ class ExternalAccount extends \Espo\Core\Controllers\Record
         return $entity->toArray();
     }
 
-    public function actionUpdate($params, $data)
+    public function actionUpdate($params, $data, $request)
     {
-        return $this->actionPatch($params, $data);
+        return $this->actionPatch($params, $data, $request);
     }
 
-    public function actionPatch($params, $data)
+    public function actionPatch($params, $data, $request)
     {
-        list($integration, $userId) = explode('__', $params['id']);
+        if (!$request->isPut() && !$request->isPost() && !$request->isPatch()) {
+            throw new BadRequest();
+        }
 
+        list($integration, $userId) = explode('__', $params['id']);
 
         if ($this->getUser()->id != $userId) {
             throw new Forbidden();

application/Espo/Controllers/FieldManager.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;

application/Espo/Controllers/GlobalSearch.php

@@ -18,7 +18,14 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
@@ -29,11 +36,11 @@ class GlobalSearch extends \Espo\Core\Controllers\Base
 {
     public function actionSearch($params, $data, $request)
     {
-        $query = $params['query'];
-        
-        $offset = $request->get('offset');
-        $maxSize = $request->get('maxSize');        
-        
+        $query = $request->get('q');
+
+        $offset = intval($request->get('offset'));
+        $maxSize = intval($request->get('maxSize'));
+
         return $this->getService('GlobalSearch')->find($query, $offset, $maxSize);
     }
 }

application/Espo/Controllers/I18n.php

@@ -18,13 +18,19 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
 
 class I18n extends \Espo\Core\Controllers\Base
 {
-
     public function actionRead($params, $data)
     {
         return $this->getContainer()->get('language')->getAll();

application/Espo/Controllers/Import.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -36,12 +43,12 @@ class Import extends \Espo\Core\Controllers\Record
         }
     }
 
-    public function actionPatch($params, $data)
+    public function actionPatch($params, $data, $request)
     {
         throw new BadRequest();
     }
 
-    public function actionUpdate($params, $data)
+    public function actionUpdate($params, $data, $request)
     {
         throw new BadRequest();
     }
@@ -51,12 +58,12 @@ class Import extends \Espo\Core\Controllers\Record
         throw new BadRequest();
     }
 
-    public function actionCreateLink($params, $data)
+    public function actionCreateLink($params, $data, $request)
     {
         throw new BadRequest();
     }
 
-    public function actionRemoveLink($params, $data)
+    public function actionRemoveLink($params, $data, $request)
     {
         throw new BadRequest();
     }
@@ -71,10 +78,14 @@ class Import extends \Espo\Core\Controllers\Record
         return $this->getContainer()->get('entityManager');
     }
 
-    public function actionUploadFile($params, $data)
+    public function actionUploadFile($params, $data, $request)
     {
         $contents = $data;
 
+        if (!$request->isPost()) {
+            throw new BadRequest();
+        }
+
         $attachment = $this->getEntityManager()->getEntity('Attachment');
         $attachment->set('type', 'text/csv');
         $attachment->set('role', 'Import File');
@@ -88,24 +99,34 @@ class Import extends \Espo\Core\Controllers\Record
         );
     }
 
-    public function actionRevert($params, $data)
+    public function actionRevert($params, $data, $request)
     {
         if (empty($data['id'])) {
             throw new BadRequest();
         }
+        if (!$request->isPost()) {
+            throw new BadRequest();
+        }
         return $this->getService('Import')->revert($data['id']);
     }
 
-    public function actionRemoveDuplicates($params, $data)
+    public function actionRemoveDuplicates($params, $data, $request)
     {
         if (empty($data['id'])) {
             throw new BadRequest();
         }
+        if (!$request->isPost()) {
+            throw new BadRequest();
+        }
         return $this->getService('Import')->removeDuplicates($data['id']);
     }
 
-    public function actionCreate($params, $data)
+    public function actionCreate($params, $data, $request)
     {
+        if (!$request->isPost() && !$request->isPut()) {
+            throw new BadRequest();
+        }
+
         $importParams = array(
             'headerRow' => $data['headerRow'],
             'fieldDelimiter' => $data['fieldDelimiter'],
@@ -119,6 +140,10 @@ class Import extends \Espo\Core\Controllers\Record
             'action' => $data['action'],
         );
 
+        if (array_key_exists('updateBy', $data)) {
+            $importParams['updateBy'] = $data['updateBy'];
+        }
+
         $attachmentId = $data['attachmentId'];
 
         if (!$this->getAcl()->check($data['entityType'], 'edit')) {
@@ -127,5 +152,14 @@ class Import extends \Espo\Core\Controllers\Record
 
         return $this->getService('Import')->import($data['entityType'], $data['fields'], $attachmentId, $importParams);
     }
+
+    public function postActionUnmarkAsDuplicate($params, $data)
+    {
+        if (empty($data['id']) || empty($data['entityType']) || empty($data['entityId'])) {
+            throw new BadRequest();
+        }
+        $this->getService('Import')->unmarkAsDuplicate($data['id'], $data['entityType'], $data['entityId']);
+        return true;
+    }
 }
 

application/Espo/Controllers/InboundEmail.php

@@ -18,10 +18,20 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
 
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
+
 class InboundEmail extends \Espo\Core\Controllers\Record
 {
     protected function checkControllerAccess()

application/Espo/Controllers/Integration.php

@@ -18,21 +18,30 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
 use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
 
 class Integration extends \Espo\Core\Controllers\Record
-{    
+{
     protected function checkControllerAccess()
     {
         if (!$this->getUser()->isAdmin()) {
             throw new Forbidden();
         }
     }
-    
+
     public function actionIndex($params, $data, $request)
     {
         return false;
@@ -40,22 +49,25 @@ class Integration extends \Espo\Core\Controllers\Record
 
     public function actionRead($params, $data, $request)
     {
-        $entity = $this->getEntityManager()->getEntity('Integration', $params['id']);        
+        $entity = $this->getEntityManager()->getEntity('Integration', $params['id']);
         return $entity->toArray();
     }
-    
-    public function actionUpdate($params, $data)
+
+    public function actionUpdate($params, $data, $request)
     {
-        return $this->actionPatch($params, $data);
+        return $this->actionPatch($params, $data, $request);
     }
-    
-    public function actionPatch($params, $data)
+
+    public function actionPatch($params, $data, $request)
     {
+        if (!$request->isPut() && !$request->isPatch()) {
+            throw new BadRequest();
+        }
         $entity = $this->getEntityManager()->getEntity('Integration', $params['id']);
         $entity->set($data);
         $this->getEntityManager()->saveEntity($entity);
-        
-        return $entity->toArray();        
+
+        return $entity->toArray();
     }
 }
 

application/Espo/Controllers/Job.php

@@ -0,0 +1,79 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\Forbidden;
+
+class Job extends \Espo\Core\Controllers\Record
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function actionCreate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionUpdate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionPatch($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionListLinked($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionMassUpdate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionCreateLink($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionRemoveLink($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+}
+

application/Espo/Controllers/Layout.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -26,6 +33,7 @@ use Espo\Core\Utils as Utils;
 use \Espo\Core\Exceptions\NotFound;
 use \Espo\Core\Exceptions\Error;
 use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
 
 class Layout extends \Espo\Core\Controllers\Base
 {
@@ -38,12 +46,16 @@ class Layout extends \Espo\Core\Controllers\Base
         return $data;
     }
 
-    public function actionUpdate($params, $data)
+    public function actionUpdate($params, $data, $request)
     {
         if (!$this->getUser()->isAdmin()) {
             throw new Forbidden();
         }
 
+        if (!$request->isPut() && !$request->isPatch()) {
+            throw new BadRequest();
+        }
+
         $layoutManager = $this->getContainer()->get('layout');
         $layoutManager->set($data, $params['scope'], $params['name']);
         $result = $layoutManager->save();
@@ -57,8 +69,20 @@ class Layout extends \Espo\Core\Controllers\Base
         return $layoutManager->get($params['scope'], $params['name']);
     }
 
-    public function actionPatch($params, $data)
+    public function actionPatch($params, $data, $request)
     {
-        return $this->actionUpdate($params, $data);
+        return $this->actionUpdate($params, $data, $request);
+    }
+
+    public function actionResetToDefault($params, $data, $request)
+    {
+        if (!$request->isPost()) {
+            throw new BadRequest();
+        }
+        if (empty($data['scope']) || empty($data['name'])) {
+            throw new BadRequest();
+        }
+
+        return $this->getContainer()->get('layout')->resetToDefault($data['scope'], $data['name']);
     }
 }

application/Espo/Controllers/Metadata.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Controllers;

application/Espo/Controllers/Note.php

@@ -18,7 +18,14 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 

application/Espo/Controllers/Notification.php

@@ -18,49 +18,80 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
 use \Espo\Core\Exceptions\Error;
 
-class Notification extends \Espo\Core\Controllers\Base
+class Notification extends \Espo\Core\Controllers\Record
 {
     public static $defaultAction = 'list';
 
     public function actionList($params, $data, $request)
     {
-        $scope = $params['scope'];
-        $id = $params['id'];
-        
         $userId = $this->getUser()->id;
-        
+
         $offset = intval($request->get('offset'));
-        $maxSize = intval($request->get('maxSize'));        
-        
+        $maxSize = intval($request->get('maxSize'));
+        $after = $request->get('after');
+
         $params = array(
             'offset' => $offset,
             'maxSize' => $maxSize,
+            'after' => $after
         );
-        
-        $result = $this->getService('Notification')->getList($userId, $params);    
-        
+
+        $result = $this->getService('Notification')->getList($userId, $params);
+
         return array(
             'total' => $result['total'],
             'list' => $result['collection']->toArray()
         );
     }
-    
+
     public function actionNotReadCount()
     {
         $userId = $this->getUser()->id;
         return $this->getService('Notification')->getNotReadCount($userId);
     }
-    
-    public function actionMarkAllRead($params, $data, $request)
+
+    public function postActionMarkAllRead($params, $data, $request)
     {
         $userId = $this->getUser()->id;
         return $this->getService('Notification')->markAllRead($userId);
     }
+
+    public function actionExport($params, $data, $request)
+    {
+        throw new Error();
+    }
+
+    public function actionMassUpdate($params, $data, $request)
+    {
+        throw new Error();
+    }
+
+    public function actionCreateLink($params, $data, $request)
+    {
+        throw new Error();
+    }
+
+    public function actionRemoveLink($params, $data, $request)
+    {
+        throw new Error();
+    }
+
+    public function actionMerge($params, $data, $request)
+    {
+        throw new Error();
+    }
 }
 

application/Espo/Controllers/Portal.php

@@ -0,0 +1,43 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Forbidden;
+
+class Portal extends \Espo\Core\Controllers\Record
+{
+    protected function checkControllerAccess()
+    {
+        $portalPermission = $this->getAcl()->get('portalPermission');
+        if (!$portalPermission || $portalPermission === 'no') {
+            throw new Forbidden();
+        }
+    }
+}

application/Espo/Controllers/PortalRole.php

@@ -0,0 +1,34 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+class PortalRole extends \Espo\Core\Controllers\Record
+{
+}

application/Espo/Controllers/Preferences.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -53,27 +60,42 @@ class Preferences extends \Espo\Core\Controllers\Base
         }
     }
 
-    public function actionDelete($params, $data)
+    public function actionDelete($params, $data, $request)
     {
         $userId = $params['id'];
         if (empty($userId)) {
             throw new BadRequest();
         }
+        if (!$request->isDelete()) {
+            throw new BadRequest();
+        }
         $this->handleUserAccess($userId);
 
         return $this->getEntityManager()->getRepository('Preferences')->resetToDefaults($userId);
     }
 
-    public function actionPatch($params, $data)
+    public function actionPatch($params, $data, $request)
     {
-        return $this->actionUpdate($params, $data);
+        return $this->actionUpdate($params, $data, $request);
     }
 
-    public function actionUpdate($params, $data)
+    public function actionUpdate($params, $data, $request)
     {
         $userId = $params['id'];
         $this->handleUserAccess($userId);
 
+        if (!$request->isPost() && !$request->isPatch() && !$request->isPut()) {
+            throw new BadRequest();
+        }
+
+        if ($this->getAcl()->getLevel('Preferences', 'read') === 'no') {
+            throw new Forbidden();
+        }
+
+        foreach ($this->getAcl()->getScopeForbiddenAttributeList('Preferences', 'edit') as $attribute) {
+            unset($data[$attribute]);
+        }
+
         if (array_key_exists('smtpPassword', $data)) {
             $data['smtpPassword'] = $this->getCrypt()->encrypt($data['smtpPassword']);
         }
@@ -110,9 +132,14 @@ class Preferences extends \Espo\Core\Controllers\Base
 
         $entity->set('smtpEmailAddress', $user->get('emailAddress'));
         $entity->set('name', $user->get('name'));
+        $entity->set('isPortalUser', $user->get('isPortalUser'));
 
         $entity->clear('smtpPassword');
 
+        foreach ($this->getAcl()->getScopeForbiddenAttributeList('Preferences', 'read') as $attribute) {
+            $entity->clear($attribute);
+        }
+
         return $entity->toArray();
     }
 }

application/Espo/Controllers/Role.php

@@ -18,12 +18,17 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
 class Role extends \Espo\Core\Controllers\Record
 {
-
 }
-

application/Espo/Controllers/ScheduledJob.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Controllers;

application/Espo/Controllers/ScheduledJobLogRecord.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Controllers;

application/Espo/Controllers/Settings.php

@@ -18,12 +18,20 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
 
 use \Espo\Core\Exceptions\Error;
 use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
 
 class Settings extends \Espo\Core\Controllers\Base
 {
@@ -38,6 +46,9 @@ class Settings extends \Espo\Core\Controllers\Base
                 unset($data[$field]);
             }
         }
+
+        $data['jsLibs'] = $this->getMetadata()->get('app.jsLibs');
+
         return $data;
     }
 
@@ -46,17 +57,21 @@ class Settings extends \Espo\Core\Controllers\Base
         return $this->getConfigData();
     }
 
-    public function actionUpdate($params, $data)
+    public function actionUpdate($params, $data, $request)
     {
-        return $this->actionPatch($params, $data);
+        return $this->actionPatch($params, $data, $request);
     }
 
-    public function actionPatch($params, $data)
+    public function actionPatch($params, $data, $request)
     {
         if (!$this->getUser()->isAdmin()) {
             throw new Forbidden();
         }
 
+        if (!$request->isPut() && !$request->isPatch()) {
+            throw new BadRequest();
+        }
+
         if (isset($data['useCache']) && $data['useCache'] != $this->getConfig()->get('useCache')) {
             $this->getContainer()->get('dataManager')->clearCache();
         }
@@ -75,4 +90,23 @@ class Settings extends \Espo\Core\Controllers\Base
 
         return $this->getConfigData();
     }
+
+    public function postActionTestLdapConnection($params, $data)
+    {
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+
+        if (!isset($data['password'])) {
+            $data['password'] = $this->getConfig()->get('ldapPassword');
+        }
+
+        $ldapUtils = new \Espo\Core\Utils\Authentication\LDAP\Utils();
+        $options = $ldapUtils->normalizeOptions($data);
+
+        $ldapClient = new \Espo\Core\Utils\Authentication\LDAP\Client($options);
+        $ldapClient->bind(); //an exception if no connection
+
+        return true;
+    }
 }

application/Espo/Controllers/Stream.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -26,7 +33,7 @@ use \Espo\Core\Exceptions\Error;
 
 class Stream extends \Espo\Core\Controllers\Base
 {
-    const MAX_SIZE_LIMIT = 400;
+    const MAX_SIZE_LIMIT = 200;
 
     public static $defaultAction = 'list';
 

application/Espo/Controllers/Team.php

@@ -18,12 +18,19 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
 class Team extends \Espo\Core\Controllers\Record
 {
-    
+
 
 }

application/Espo/Controllers/Template.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;

application/Espo/Controllers/User.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Controllers;
@@ -48,22 +55,16 @@ class User extends \Espo\Core\Controllers\Record
         return $this->getAclManager()->getMap($user);
     }
 
-    public function actionChangeOwnPassword($params, $data, $request)
+    public function postActionChangeOwnPassword($params, $data, $request)
     {
-        if (!$request->isPost()) {
-            throw new BadRequest();
-        }
         if (!array_key_exists('password', $data) || !array_key_exists('currentPassword', $data)) {
             throw new BadRequest();
         }
         return $this->getService('User')->changePassword($this->getUser()->id, $data['password'], true, $data['currentPassword']);
     }
 
-    public function actionChangePasswordByRequest($params, $data, $request)
+    public function postActionChangePasswordByRequest($params, $data, $request)
     {
-        if (!$request->isPost()) {
-            throw new BadRequest();
-        }
         if (empty($data['requestId']) || empty($data['password'])) {
             throw new BadRequest();
         }
@@ -82,23 +83,27 @@ class User extends \Espo\Core\Controllers\Record
 
         $this->getEntityManager()->removeEntity($p);
 
-        return $this->getService('User')->changePassword($userId, $data['password']);
+        if ($this->getService('User')->changePassword($userId, $data['password'])) {
+            return array(
+                'url' => $p->get('url')
+            );
+        }
     }
 
-    public function actionPasswordChangeRequest($params, $data, $request)
+    public function postActionPasswordChangeRequest($params, $data, $request)
     {
-        if (!$request->isPost()) {
-            throw new Forbidden();
-        }
-
         if (empty($data['userName']) || empty($data['emailAddress'])) {
             throw new BadRequest();
         }
 
         $userName = $data['userName'];
         $emailAddress = $data['emailAddress'];
+        $url = null;
+        if (!empty($data['url'])) {
+            $url = $data['url'];
+        }
 
-        return $this->getService('User')->passwordChangeRequest($userName, $emailAddress);
+        return $this->getService('User')->passwordChangeRequest($userName, $emailAddress, $url);
     }
 }
 

application/Espo/Core/Acl.php

@@ -18,17 +18,27 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;
 
+use \Espo\ORM\Entity;
+use \Espo\Entities\User;
+
 class Acl
 {
     private $user;
 
     private $aclManager;
 
-    public function __construct(AclManager $aclManager, \Espo\Entities\User $user)
+    public function __construct(AclManager $aclManager, User $user)
     {
         $this->aclManager = $aclManager;
         $this->user = $user;
@@ -69,14 +79,54 @@ class Acl
         return $this->getAclManager()->checkReadOnlyOwn($this->getUser(), $scope);
     }
 
-    public function check($subject, $action = null, $isOwner = null, $inTeam = null)
+    public function check($subject, $action = null)
     {
-        return $this->getAclManager()->check($this->getUser(), $subject, $action, $isOwner, $inTeam) ;
+        return $this->getAclManager()->check($this->getUser(), $subject, $action);
     }
 
-    public function checkScope($scope, $action = null, $isOwner = null, $inTeam = null, $entity = null)
+    public function checkScope($scope, $action = null)
     {
-        return $this->getAclManager()->checkScope($this->getUser(), $subject, $action, $isOwner, $inTeam, $entity) ;
+        return $this->getAclManager()->checkScope($this->getUser(), $scope, $action);
+    }
+
+    public function checkEntity(Entity $entity, $action = 'read')
+    {
+        return $this->getAclManager()->checkEntity($this->getUser(), $entity, $action);
+    }
+
+    public function checkUser($permission, User $entity)
+    {
+        return $this->getAclManager()->checkUser($this->getUser(), $permission, $entity);
+    }
+
+    public function checkIsOwner(Entity $entity)
+    {
+        return $this->getAclManager()->checkIsOwner($this->getUser(), $entity);
+    }
+
+    public function checkInTeam(Entity $entity)
+    {
+        return $this->getAclManager()->checkInTeam($this->getUser(), $entity);
+    }
+
+    public function getScopeForbiddenAttributeList($scope, $action = 'read', $thresholdLevel = 'no')
+    {
+        return $this->getAclManager()->getScopeForbiddenAttributeList($this->getUser(), $scope, $action, $thresholdLevel);
+    }
+
+    public function getScopeForbiddenFieldList($scope, $action = 'read', $thresholdLevel = 'no')
+    {
+        return $this->getAclManager()->getScopeForbiddenFieldList($this->getUser(), $scope, $action, $thresholdLevel);
+    }
+
+    public function checkUserPermission($target, $permissionType = 'userPermission')
+    {
+        return $this->getAclManager()->checkUserPermission($this->getUser(), $target, $permissionType);
+    }
+
+    public function checkAssignmentPermission($target)
+    {
+        return $this->getAclManager()->checkAssignmentPermission($this->getUser(), $target);
     }
 }
 

application/Espo/Core/Acl/Base.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Acl;
@@ -35,6 +42,8 @@ class Base implements Injectable
         'aclManager'
     );
 
+    protected $scope;
+
     protected $injections = array();
 
     public function inject($name, $object)
@@ -42,9 +51,10 @@ class Base implements Injectable
         $this->injections[$name] = $object;
     }
 
-    public function __construct()
+    public function __construct($scope)
     {
         $this->init();
+        $this->scope = $scope;
     }
 
     protected function init()
@@ -56,6 +66,13 @@ class Base implements Injectable
         return $this->injections[$name];
     }
 
+    protected function addDependencyList(array $list)
+    {
+        foreach ($list as $item) {
+            $this->addDependency($item);
+        }
+    }
+
     protected function addDependency($name)
     {
         $this->dependencies[] = $name;
@@ -81,29 +98,36 @@ class Base implements Injectable
         return $this->getInjection('aclManager');
     }
 
-    public function checkReadOnlyTeam(User $user, $scope, $data)
+    public function checkReadOnlyTeam(User $user, $data)
     {
-        if (empty($data) || !is_array($data) || !isset($data['read'])) {
+        if (empty($data) || !is_object($data) || !isset($data->read)) {
             return false;
         }
-        return $data['read'] === 'team';
+        return $data->read === 'team';
     }
 
-    public function checkReadOnlyOwn(User $user, $scope, $data)
+    public function checkReadOnlyOwn(User $user, $data)
     {
-        if (empty($data) || !is_array($data) || !isset($data['read'])) {
+        if (empty($data) || !is_object($data) || !isset($data->read)) {
             return false;
         }
-        return $data['read'] === 'own';
+        return $data->read === 'own';
     }
 
     public function checkEntity(User $user, Entity $entity, $data, $action)
     {
-        return $this->checkScope($user, $data, $entity->getEntityType(), $action, null, null, $entity);
+        if ($user->isAdmin()) {
+            return true;
+        }
+        return $this->checkScope($user, $data, $action, $entity);
     }
 
-    public function checkScope(User $user, $data, $scope, $action = null, $isOwner = null, $inTeam = null, Entity $entity = null)
+    public function checkScope(User $user, $data, $action = null, Entity $entity = null, $entityAccessData = array())
     {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
         if (is_null($data)) {
             return false;
         }
@@ -113,82 +137,103 @@ class Base implements Injectable
         if ($data === true) {
             return true;
         }
-
-        if (!is_null($action)) {
-            if (array_key_exists($action, $data)) {
-                $value = $data[$action];
-
-                if ($value === 'all' || $value === true) {
-                    return true;
-                }
-
-                if (!$value || $value === 'no') {
-                    return false;
-                }
-
-                if (is_null($isOwner)) {
-                    if ($entity) {
-                        $isOwner = $this->checkIsOwner($user, $entity);
-                    } else {
-                        return true;
-                    }
-                }
-
-                if ($isOwner) {
-                    if ($value === 'own' || $value === 'team') {
-                        return true;
-                    }
-                }
-                if (is_null($inTeam) && $entity) {
-                    $inTeam = $this->checkInTeam($user, $entity);
-                }
-
-                if ($inTeam) {
-                    if ($value === 'team') {
-                        return true;
-                    }
-                }
-                return false;
-            }
+        if (is_string($data)) {
+            return true;
         }
-        return true;
-    }
 
-    public function checkIsOwner(User $user, Entity $entity)
-    {
-        if ($entity->has('assignedUserId')) {
-            if ($user->id === $entity->get('assignedUserId')) {
+        $isOwner = null;
+        if (isset($entityAccessData['isOwner'])) {
+            $isOwner = $entityAccessData['isOwner'];
+        }
+        $inTeam = null;
+        if (isset($entityAccessData['inTeam'])) {
+            $inTeam = $entityAccessData['inTeam'];
+        }
+
+        if (is_null($action)) {
+            return true;
+        }
+
+        if (!isset($data->$action)) {
+            return true;
+        }
+
+        $value = $data->$action;
+
+        if ($value === 'all' || $value === 'yes' || $value === true) {
+            return true;
+        }
+
+        if (!$value || $value === 'no') {
+            return false;
+        }
+
+        if (is_null($isOwner)) {
+            if ($entity) {
+                $isOwner = $this->checkIsOwner($user, $entity);
+            } else {
                 return true;
             }
         }
-        if ($entity->has('createdById')) {
-            if ($user->id === $entity->get('createdById')) {
+
+        if ($isOwner) {
+            if ($value === 'own' || $value === 'team') {
+                return true;
+            }
+        }
+        if (is_null($inTeam) && $entity) {
+            $inTeam = $this->checkInTeam($user, $entity);
+        }
+
+        if ($inTeam) {
+            if ($value === 'team') {
                 return true;
             }
         }
         return false;
     }
 
+    public function checkIsOwner(User $user, Entity $entity)
+    {
+        if ($entity->hasAttribute('assignedUserId')) {
+            if ($entity->has('assignedUserId')) {
+                if ($user->id === $entity->get('assignedUserId')) {
+                    return true;
+                }
+            }
+        } else if ($entity->hasAttribute('createdById')) {
+            if ($entity->has('createdById')) {
+                if ($user->id === $entity->get('createdById')) {
+                    return true;
+                }
+            }
+        }
+
+        if ($entity->hasAttribute('assignedUsersIds') && $entity->hasRelation('assignedUsers')) {
+            if ($entity->hasLinkMultipleId('assignedUsers', $user->id)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     public function checkInTeam(User $user, Entity $entity)
     {
-        $userTeamIds = $user->get('teamsIds');
+        $userTeamIdList = $user->getLinkMultipleIdList('teams');
 
-        if (!$entity->hasRelation('teams') || !$entity->hasField('teamsIds')) {
+        if (!$entity->hasRelation('teams') || !$entity->hasAttribute('teamsIds')) {
             return false;
         }
 
-        if (!$entity->has('teamsIds')) {
-            $entity->loadLinkMultipleField('teams');
-        }
+        $entityTeamIdList = $entity->getLinkMultipleIdList('teams');
 
-        $teamIds = $entity->get('teamsIds');
-
-        if (empty($teamIds)) {
+        if (empty($entityTeamIdList)) {
             return false;
         }
 
-        foreach ($userTeamIds as $id) {
-            if (in_array($id, $teamIds)) {
+        foreach ($userTeamIdList as $id) {
+            if (in_array($id, $entityTeamIdList)) {
                 return true;
             }
         }
@@ -197,27 +242,32 @@ class Base implements Injectable
 
     public function checkEntityDelete(User $user, Entity $entity, $data)
     {
-        $result = $this->checkEntity($user, $entity, $data, 'delete');
-        if (!$result) {
-            if (is_array($data)) {
-                if ($data['edit'] != 'no') {
-                    if ($entity->has('createdById') && $entity->get('createdById') == $user->id) {
-                        if (!$entity->has('assignedUserId')) {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        if ($this->checkEntity($user, $entity, $data, 'delete')) {
+            return true;
+        }
+
+        if (is_object($data)) {
+            if ($data->edit !== 'no' || $data->create !== 'no') {
+                if ($entity->has('createdById') && $entity->get('createdById') == $user->id) {
+                    if (!$entity->has('assignedUserId')) {
+                        return true;
+                    } else {
+                        if (!$entity->get('assignedUserId')) {
+                            return true;
+                        }
+                        if ($entity->get('assignedUserId') == $entity->get('createdById')) {
                             return true;
-                        } else {
-                            if (!$entity->get('assignedUserId')) {
-                                return true;
-                            }
-                            if ($entity->get('assignedUserId') == $entity->get('createdById')) {
-                                return true;
-                            }
                         }
                     }
                 }
             }
         }
 
-        return $result;
+        return false;
     }
 }
 

application/Espo/Core/Acl/Table.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Acl;
@@ -25,54 +32,114 @@ namespace Espo\Core\Acl;
 use \Espo\Core\Exceptions\Error;
 
 use \Espo\ORM\Entity;
+use \Espo\Entities\User;
+
+use \Espo\Core\Utils\Config;
+use \Espo\Core\Utils\Metadata;
+use \Espo\Core\Utils\FieldManager;
+use \Espo\Core\Utils\File\Manager as FileManager;
 
 class Table
 {
-    private $data = array(
-        'table' => array()
+    protected $type = 'acl';
+
+    protected $defaultAclType = 'recordAllTeamOwnNo';
+
+    private $data = null;
+
+    protected $cacheFilePath;
+
+    protected $actionList = ['read', 'stream', 'edit', 'delete', 'create'];
+
+    protected $booleanActionList = ['create'];
+
+    protected $levelList = ['yes', 'all', 'team', 'own', 'no'];
+
+    protected $fieldActionList = ['read', 'edit'];
+
+    protected $fieldLevelList = ['yes', 'no'];
+
+    protected $valuePermissionList = ['assignmentPermission', 'userPermission', 'portalPermission'];
+
+    protected $valuePrtmissionHighestLevels = array(
+        'assignmentPermission' => 'all',
+        'userPermission' => 'all',
+        'portalPermission' => 'yes'
     );
 
-    private $cacheFile;
+    private $fileManager;
 
-    private $actionList = ['read', 'edit', 'delete'];
+    private $metadata;
 
-    private $levelList = ['all', 'team', 'own', 'no'];
+    private $fieldManager;
 
-    protected $fileManager;
+    protected $forbiddenAttributesCache = array();
 
-    protected $metadata;
+    protected $forbiddenFieldsCache = array();
 
-    public function __construct(\Espo\Entities\User $user, $config = null, $fileManager = null, $metadata = null)
+    public function __construct(User $user, Config $config = null, FileManager $fileManager = null, Metadata $metadata = null, FieldManager $fieldManager = null)
     {
+        $this->data = (object) [
+            'table' => (object) [],
+            'fieldTable' => (object) [],
+            'fieldTableQuickAccess' => (object) [],
+        ];
+
         $this->user = $user;
 
         $this->metadata = $metadata;
 
-        if (!$this->user->isFetched()) {
-            throw new Error();
+        if ($fieldManager) {
+            $this->fieldManager = $fieldManager;
         }
 
-        $this->user->loadLinkMultipleField('teams');
+        if (!$this->user->isFetched()) {
+            throw new Error('User must be fetched before ACL check.');
+        }
 
         if ($fileManager) {
             $this->fileManager = $fileManager;
         }
+        $this->valuePermissionList = $this->metadata->get('app.' . $this->type . '.defs.valuePermissionList', $this->valuePermissionList);
 
-        $this->cacheFile = 'data/cache/application/acl/' . $user->id . '.php';
+        $this->initCacheFilePath();
 
-        if ($config && $config->get('useCache') && file_exists($this->cacheFile)) {
-            $cached = include $this->cacheFile;
+        if ($config && $config->get('useCache') && file_exists($this->cacheFilePath)) {
+            $cached = include $this->cacheFilePath;
             $this->data = $cached;
-            $this->initSolid();
         } else {
             $this->load();
-            $this->initSolid();
             if ($config && $fileManager && $config->get('useCache')) {
                 $this->buildCache();
             }
         }
     }
 
+    protected function initCacheFilePath()
+    {
+        $this->cacheFilePath = 'data/cache/application/acl/' . $this->getUser()->id . '.php';
+    }
+
+    protected function getUser()
+    {
+        return $this->user;
+    }
+
+    protected function getMetadata()
+    {
+        return $this->metadata;
+    }
+
+    protected function getFieldManager()
+    {
+        return $this->fieldManager;
+    }
+
+    protected function getConfig()
+    {
+        return $this->config;
+    }
+
     public function getMap()
     {
         return $this->data;
@@ -80,8 +147,13 @@ class Table
 
     public function getScopeData($scope)
     {
-        if (array_key_exists($scope, $this->data['table'])) {
-            return $this->data['table'][$scope];
+        if (isset($this->data->table->$scope)) {
+            $data = $this->data->table->$scope;
+            if (is_string($data)) {
+                $data = $this->getScopeData($data);
+                return $data;
+            }
+            return $data;
         }
         return null;
     }
@@ -92,17 +164,17 @@ class Table
             return null;
         }
 
-        if (array_key_exists($permission, $this->data)) {
-            return $this->data[$permission];
+        if (isset($this->data->$permission)) {
+            return $this->data->$permission;
         }
         return null;
     }
 
     public function getLevel($scope, $action)
     {
-        if (array_key_exists($scope, $this->data['table'])) {
-            if (array_key_exists($action, $this->data['table'][$scope])) {
-                return $this->data['table'][$scope][$action];
+        if (isset($this->data->table->$scope)) {
+            if (isset($this->data->table->$scope->$action)) {
+                return $this->data->table->$scope->$action;
             }
         }
         return false;
@@ -110,48 +182,363 @@ class Table
 
     private function load()
     {
-        $aclTables = [];
-        $assignmentPermissionList = [];
-        $userPermissionList = [];
-
-        $userRoles = $this->user->get('roles');
-
-        foreach ($userRoles as $role) {
-            $aclTables[] = $role->get('data');
-            $assignmentPermissionList[] = $role->get('assignmentPermission');
-            $userPermissionList[] = $role->get('userPermission');
+        $valuePermissionLists = (object)[];
+        foreach ($this->valuePermissionList as $permission) {
+            $valuePermissionLists->$permission = [];
         }
 
-        $teams = $this->user->get('teams');
-        foreach ($teams as $team) {
-            $teamRoles = $team->get('roles');
-            foreach ($teamRoles as $role) {
-                $aclTables[] = $role->get('data');
-                $assignmentPermissionList[] = $role->get('assignmentPermission');
-                $userPermissionList[] = $role->get('userPermission');
+        $aclTableList = [];
+        $fieldTableList = [];
+
+        if (!$this->getUser()->isAdmin()) {
+            $roleList = $this->getRoleList();
+
+            foreach ($roleList as $role) {
+                $aclTableList[] = $role->get('data');
+                $fieldTableList[] = $role->get('fieldData');
+                foreach ($this->valuePermissionList as $permission) {
+                    $valuePermissionLists->{$permission}[] = $role->get($permission);
+                }
+            }
+
+            $aclTable = $this->mergeTableList($aclTableList);
+            $fieldTable = $this->mergeFieldTableList($fieldTableList);
+
+            $this->applyDefault($aclTable, $fieldTable);
+            $this->applyDisabled($aclTable, $fieldTable);
+            $this->applyMandatory($aclTable, $fieldTable);
+            $this->applyAdditional($aclTable, $fieldTable, $valuePermissionLists);
+        } else {
+            $aclTable = (object) [];
+            foreach ($this->getScopeList() as $scope) {
+                if ($this->metadata->get("scopes.{$scope}.{$this->type}") === 'boolean') {
+                    $aclTable->$scope = true;
+                } else {
+                    if ($this->metadata->get("scopes.{$scope}.entity")) {
+                        $aclTable->$scope = (object) [];
+                        foreach ($this->actionList as $action) {
+                            $aclTable->$scope->$action = 'all';
+                            if (in_array($action, $this->booleanActionList)) {
+                                $aclTable->$scope->$action = 'yes';
+                            }
+                        }
+                    }
+                }
+            }
+            $fieldTable = (object) [];
+        }
+
+        foreach ($aclTable as $scope => $data) {
+            if (is_string($data)) {
+                if (isset($aclTable->$data)) {
+                    $aclTable->$scope = $aclTable->$data;
+                }
             }
         }
 
-        $this->data['table'] = $this->merge($aclTables);
+        $this->data->table = $aclTable;
+        $this->data->fieldTable = $fieldTable;
 
-        $this->data['assignmentPermission'] = $this->mergeValues($assignmentPermissionList, $this->metadata->get('app.acl.valueDefaults.assignmentPermission', 'all'));
-        $this->data['userPermission'] = $this->mergeValues($userPermissionList, $this->metadata->get('app.acl.valueDefaults.userPermission', 'no'));
+        $this->fillFieldTableQuickAccess();
+
+        if (!$this->getUser()->isAdmin()) {
+            foreach ($this->valuePermissionList as $permission) {
+                $this->data->$permission = $this->mergeValueList($valuePermissionLists->$permission, $this->metadata->get('app.'.$this->type.'.default.' . $permission, 'yes'));
+                if ($this->metadata->get('app.'.$this->type.'.mandatory.' . $permission)) {
+                    $this->data->$permission = $this->metadata->get('app.'.$this->type.'.mandatory.' . $permission);
+                }
+            }
+
+        } else {
+            foreach ($this->valuePermissionList as $permission) {
+                if (isset($this->valuePrtmissionHighestLevels[$permission])) {
+                    $this->data->$permission = $this->valuePrtmissionHighestLevels[$permission];
+                    continue;
+                }
+                $this->data->$permission = 'all';
+            }
+        }
     }
 
-    private function initSolid()
+    protected function getRoleList()
     {
-        if (!$this->metadata) {
+        $roleList = [];
+
+        $userRoleList = $this->getUser()->get('roles');
+        if (!(is_array($userRoleList) || $userRoleList instanceof \Traversable)) {
+            throw new Error();
+        }
+        foreach ($userRoleList as $role) {
+            $roleList[] = $role;
+        }
+
+        $teamList = $this->getUser()->get('teams');
+        if (!(is_array($teamList) || $teamList instanceof \Traversable)) {
+            throw new Error();
+        }
+        foreach ($teamList as $team) {
+            $teamRoleList = $team->get('roles');
+            foreach ($teamRoleList as $role) {
+                $roleList[] = $role;
+            }
+        }
+
+        return $roleList;
+    }
+
+    public function getScopeForbiddenAttributeList($scope, $action = 'read', $thresholdLevel = 'no')
+    {
+        $key = $scope . '_'. $action . '_' . $thresholdLevel;
+        if (isset($this->forbiddenAttributesCache[$key])) {
+            return $this->forbiddenAttributesCache[$key];
+        }
+
+        $fieldTableQuickAccess = $this->data->fieldTableQuickAccess;
+
+        if (!isset($fieldTableQuickAccess->$scope) || !isset($fieldTableQuickAccess->$scope->attributes) || !isset($fieldTableQuickAccess->$scope->attributes->$action)) {
+            $this->forbiddenAttributesCache[$key] = [];
+            return [];
+        }
+
+        $levelList = [];
+        foreach ($this->fieldLevelList as $level) {
+            if (array_search($level, $this->fieldLevelList) >= array_search($thresholdLevel, $this->fieldLevelList)) {
+                $levelList[] = $level;
+            }
+        }
+
+        $attributeList = [];
+
+        foreach ($levelList as $level) {
+            if (!isset($fieldTableQuickAccess->$scope->attributes->$action->$level)) continue;
+            foreach ($fieldTableQuickAccess->$scope->attributes->$action->$level as $attribute) {
+                if (in_array($attribute, $attributeList)) continue;
+                $attributeList[] = $attribute;
+            }
+        }
+
+        $this->forbiddenAttributesCache[$key] = $attributeList;
+
+        return $attributeList;
+    }
+
+    public function getScopeForbiddenFieldList($scope, $action = 'read', $thresholdLevel = 'no')
+    {
+        $key = $scope . '_'. $action . '_' . $thresholdLevel;
+        if (isset($this->forbiddenFieldsCache[$key])) {
+            return $this->forbiddenFieldsCache[$key];
+        }
+
+        $fieldTableQuickAccess = $this->data->fieldTableQuickAccess;
+
+        if (!isset($fieldTableQuickAccess->$scope) || !isset($fieldTableQuickAccess->$scope->fields) || !isset($fieldTableQuickAccess->$scope->fields->$action)) {
+            $this->forbiddenFieldsCache[$key] = [];
+            return [];
+        }
+
+        $levelList = [];
+        foreach ($this->fieldLevelList as $level) {
+            if (array_search($level, $this->fieldLevelList) >= array_search($thresholdLevel, $this->fieldLevelList)) {
+                $levelList[] = $level;
+            }
+        }
+
+        $fieldList = [];
+
+        foreach ($levelList as $level) {
+            if (!isset($fieldTableQuickAccess->$scope->fields->$action->$level)) continue;
+            foreach ($fieldTableQuickAccess->$scope->fields->$action->$level as $field) {
+                if (in_array($field, $fieldList)) continue;
+                $fieldList[] = $field;
+            }
+        }
+
+        $this->forbiddenFieldsCache[$key] = $fieldList;
+
+        return $fieldList;
+    }
+
+    protected function fillFieldTableQuickAccess()
+    {
+        $fieldTable = $this->data->fieldTable;
+
+        $fieldTableQuickAccess = (object) [];
+
+        foreach (get_object_vars($fieldTable) as $scope => $scopeData) {
+            $fieldTableQuickAccess->$scope = (object) [
+                'attributes' => (object) [],
+                'fields' => (object) []
+            ];
+
+            foreach ($this->fieldActionList as $action) {
+                $fieldTableQuickAccess->$scope->attributes->$action = (object) [];
+                $fieldTableQuickAccess->$scope->fields->$action = (object) [];
+                foreach ($this->fieldLevelList as $level) {
+                    $fieldTableQuickAccess->$scope->attributes->$action->$level = [];
+                    $fieldTableQuickAccess->$scope->fields->$action->$level = [];
+                }
+            }
+
+            foreach (get_object_vars($scopeData) as $field => $fieldData) {
+                $attributeList = $this->getFieldManager()->getAttributeList($scope, $field);
+
+                foreach ($this->fieldActionList as $action) {
+                    if (!isset($fieldData->$action)) continue;
+                    foreach ($this->fieldLevelList as $level) {
+                        if ($fieldData->$action === $level) {
+                            $fieldTableQuickAccess->$scope->fields->$action->{$level}[] = $field;
+                            foreach ($attributeList as $attribute) {
+                                $fieldTableQuickAccess->$scope->attributes->$action->{$level}[] = $attribute;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        $this->data->fieldTableQuickAccess = $fieldTableQuickAccess;
+    }
+
+    protected function applyDefault(&$table, &$fieldTable)
+    {
+        if ($this->getUser()->isAdmin()) {
             return;
         }
 
-        $data = $this->metadata->get('app.acl.solid', array());
+        $data = $this->metadata->get('app.'.$this->type.'.default.scopeLevel', array());
 
-        foreach ($data as $entityType => $item) {
-            $this->data['table'][$entityType] = $item;
+        foreach ($data as $scope => $item) {
+            if (isset($table->$scope)) continue;
+            $value = $item;
+            if (is_array($item)) {
+                $value = (object) $item;
+            }
+            $table->$scope = $value;
+        }
+
+        $defaultFieldData = $this->metadata->get('app.'.$this->type.'.default.fieldLevel', array());
+
+        foreach ($this->getScopeList() as $scope) {
+            if (isset($table->$scope) && $table->$scope === false) continue;
+            if (!$this->getMetadata()->get('scopes.' . $scope . '.entity')) continue;
+
+            $fieldList = array_keys($this->getMetadata()->get("entityDefs.{$scope}.fields", []));
+
+            $defaultScopeFieldData = $this->metadata->get('app.'.$this->type.'.default.scopeFieldLevel.' . $scope, array());
+
+            foreach (array_merge($defaultFieldData, $defaultScopeFieldData) as $field => $f) {
+                if (!in_array($field, $fieldList)) continue;
+                if (!isset($fieldTable->$scope)) {
+                    $fieldTable->$scope = (object) [];
+                }
+                if (isset($fieldTable->$scope->$field)) continue;
+                $fieldTable->$scope->$field = (object) [];
+                foreach ($this->fieldActionList as $action) {
+                    $level = 'no';
+                    if ($f === true) {
+                        $level = 'yes';
+                    } else {
+                        if (is_array($f) && isset($f[$action])) {
+                            $level = $f[$action];
+                        }
+                    }
+                    $fieldTable->$scope->$field->$action = $level;
+                }
+            }
+        }
+
+        foreach ($this->getScopeWithAclList() as $scope) {
+            if (!isset($table->$scope)) {
+                $aclType = $this->metadata->get('scopes.' . $scope . '.' . $this->type);
+                if ($aclType === true) {
+                    $aclType = $this->defaultAclType;
+                }
+                if (!empty($aclType)) {
+                    $defaultValue = $this->metadata->get('app.'.$this->type.'.scopeLevelTypesDefaults.' . $aclType, $this->metadata->get('app.'.$this->type.'.scopeLevelTypesDefaults.record'));
+                    if (is_array($defaultValue)) {
+                        $defaultValue = (object) $defaultValue;
+                    }
+                    $table->$scope = $defaultValue;
+                }
+            }
         }
     }
 
-    private function mergeValues(array $list, $defaultValue)
+    protected function applyMandatory(&$table, &$fieldTable)
+    {
+        if ($this->getUser()->isAdmin()) {
+            return;
+        }
+
+        $data = $this->metadata->get('app.'.$this->type.'.mandatory.scopeLevel', array());
+
+        foreach ($data as $scope => $item) {
+            $value = $item;
+            if (is_array($item)) {
+                $value = (object) $item;
+            }
+            $table->$scope = $value;
+        }
+
+        $mandatoryFieldData = $this->metadata->get('app.'.$this->type.'.mandatory.fieldLevel', array());
+
+        foreach ($this->getScopeList() as $scope) {
+            if (isset($table->$scope) && $table->$scope === false) continue;
+            if (!$this->getMetadata()->get('scopes.' . $scope . '.entity')) continue;
+
+            $fieldList = array_keys($this->getMetadata()->get("entityDefs.{$scope}.fields", []));
+
+            $mandatoryScopeFieldData = $this->metadata->get('app.'.$this->type.'.mandatory.scopeFieldLevel.' . $scope, array());
+
+            foreach (array_merge($mandatoryFieldData, $mandatoryScopeFieldData) as $field => $f) {
+                if (!in_array($field, $fieldList)) continue;
+                if (!isset($fieldTable->$scope)) {
+                    $fieldTable->$scope = (object) [];
+                }
+                $fieldTable->$scope->$field = (object) [];
+                foreach ($this->fieldActionList as $action) {
+                    $level = 'no';
+                    if ($f === true) {
+                        $level = 'yes';
+                    } else {
+                        if (is_array($f) && isset($f[$action])) {
+                            $level = $f[$action];
+                        }
+                    }
+                    $fieldTable->$scope->$field->$action = $level;
+                }
+            }
+        }
+    }
+
+    protected function applyDisabled(&$table, &$fieldTable)
+    {
+        if ($this->getUser()->isAdmin()) {
+            return;
+        }
+
+        foreach ($this->getScopeList() as $scope) {
+            if ($this->getMetadata()->get('scopes.' . $scope . '.disabled')) {
+                $table->$scope = false;
+                unset($fieldTable->$scope);
+            }
+        }
+    }
+
+    protected function applyAdditional(&$table, &$fieldTable, &$valuePermissionLists)
+    {
+        if ($this->getUser()->get('isPortalUser')) {
+            foreach ($this->getScopeList() as $scope) {
+                $table->$scope = false;
+                unset($fieldTable->$scope);
+            }
+            foreach ($this->valuePermissionList as $permission) {
+                $valuePermissionLists->{$permission}[] = 'no';
+            }
+        }
+    }
+
+    private function mergeValueList(array $list, $defaultValue)
     {
         $result = null;
         foreach ($list as $level) {
@@ -171,51 +558,74 @@ class Table
         return $result;
     }
 
-    private function getScopeList()
+    protected function getScopeWithAclList()
     {
         $scopeList = [];
         $scopes = $this->metadata->get('scopes');
         foreach ($scopes as $scope => $d) {
-        	if (!empty($d['acl'])) {
-        		$scopeList[] = $scope;
-        	}
+        	if (empty($d['acl'])) continue;
+        	$scopeList[] = $scope;
         }
         return $scopeList;
     }
 
-    private function merge($tables)
+    protected function getScopeList()
     {
-        $data = array();
-        $scopeList = $this->getScopeList();
+        $scopeList = [];
+        $scopes = $this->metadata->get('scopes');
+        foreach ($scopes as $scope => $d) {
+            $scopeList[] = $scope;
+        }
+        return $scopeList;
+    }
 
-        foreach ($tables as $table) {
+    private function mergeTableList(array $tableList)
+    {
+        $data = (object) [];
+        $scopeList = $this->getScopeWithAclList();
+
+        foreach ($tableList as $table) {
             foreach ($scopeList as $scope) {
-            	if (!isset($table->$scope)) {
-            		continue;
-            	}
+            	if (!isset($table->$scope)) continue;
+
             	$row = $table->$scope;
 
                 if ($row == false) {
-                    if (!isset($data[$scope])) {
-                        $data[$scope] = false;
+                    if (!isset($data->$scope)) {
+                        $data->$scope = false;
                     }
                 } else if ($row === true) {
-                    $data[$scope] = true;
+                    $data->$scope = true;
                 } else {
-                    if (!isset($data[$scope])) {
-                        $data[$scope] = array();
+                    if (!isset($data->$scope)) {
+                        $data->$scope = (object) [];
                     }
-                    if ($data[$scope] == false) {
-                        $data[$scope] = array();
+                    if ($data->$scope === false) {
+                        $data->$scope = (object) [];
                     }
 
-                    if (is_array($row) || $row instanceof \stdClass) {
-                        foreach ($row as $action => $level) {
-                            if (!isset($data[$scope][$action])) {
-                                $data[$scope][$action] = $level;
+                    if (!is_object($row)) continue;
+
+                    foreach ($this->actionList as $i => $action) {
+                        if (isset($row->$action)) {
+                            $level = $row->$action;
+                            if (!isset($data->$scope->$action)) {
+                                $data->$scope->$action = $level;
                             } else {
-                                if (array_search($data[$scope][$action], $this->levelList) > array_search($level, $this->levelList)) {
-                                    $data[$scope][$action] = $level;
+                                if (array_search($data->$scope->$action, $this->levelList) > array_search($level, $this->levelList)) {
+                                    $data->$scope->$action = $level;
+                                }
+                            }
+                        } else {
+                            if ($i > 0) {
+                                // TODO remove it
+                                $previousAction = $this->actionList[$i - 1];
+                                if (in_array($action, $this->booleanActionList)) {
+                                    $data->$scope->$action = 'yes';
+                                } else {
+                                    if (isset($data->$scope->$previousAction)) {
+                                        $data->$scope->$action = $data->$scope->$previousAction;
+                                    }
                                 }
                             }
                         }
@@ -224,24 +634,75 @@ class Table
             }
         }
 
-        foreach ($scopeList as $scope) {
-        	if (!array_key_exists($scope, $data)) {
-        		$aclType = $this->metadata->get('scopes.' . $scope . '.acl');
-                if ($aclType === true) {
-                    $aclType = 'recordAllTeamOwnNo';
+        return $data;
+    }
+
+    private function mergeFieldTableList(array $tableList)
+    {
+        $data = (object) [];
+        $scopeList = $this->getScopeWithAclList();
+
+        foreach ($tableList as $table) {
+            foreach ($scopeList as $scope) {
+                if (!isset($table->$scope)) continue;
+
+                if (!isset($data->$scope)) {
+                    $data->$scope = (object) [];
                 }
-        		if (!empty($aclType)) {
-	        		$data[$scope] = $this->metadata->get('app.acl.defaults.' . $aclType, true);
-        		}
-        	}
+
+                if (!is_object($table->$scope)) continue;
+
+                $fieldList = array_keys($this->getMetadata()->get("entityDefs.{$scope}.fields", []));
+
+                foreach (get_object_vars($table->$scope) as $field => $row) {
+                    if (!is_object($row)) continue;
+
+                    if (!in_array($field, $fieldList)) continue;
+
+                    if (!isset($data->$scope->$field)) {
+                        $data->$scope->$field = (object) [];
+                    }
+
+                    foreach ($this->fieldActionList as $i => $action) {
+                        if (!isset($row->$action)) continue;
+
+                        $level = $row->$action;
+                        if (!isset($data->$scope->$field->$action)) {
+                            $data->$scope->$field->$action = $level;
+                        } else {
+                            if (array_search($data->$scope->$field->$action, $this->fieldLevelList) > array_search($level, $this->fieldLevelList)) {
+                                $data->$scope->$field->$action = $level;
+                            }
+                        }
+                    }
+                }
+            }
         }
+
         return $data;
     }
 
     private function buildCache()
     {
-        $contents = '<' . '?'. 'php return ' .  var_export($this->data, true)  . ';';
-        $this->fileManager->putContents($this->cacheFile, $contents);
+        $contents = '<' . '?'. 'php return ' .  $this->varExport($this->data)  . ';';
+        $this->fileManager->putContents($this->cacheFilePath, $contents);
+    }
+
+    private function varExport($variable)
+    {
+        if ($variable instanceof \StdClass) {
+            $result = '(object) ' . $this->varExport(get_object_vars($variable), true);
+        } else if (is_array($variable)) {
+            $array = array();
+            foreach ($variable as $key => $value) {
+                $array[] = var_export($key, true).' => ' . $this->varExport($value, true);
+            }
+            $result = '['.implode(', ', $array).']';
+        } else {
+            $result = var_export($variable, true);
+        }
+
+        return $result;
     }
 }
 

application/Espo/Core/AclManager.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;
@@ -38,6 +45,8 @@ class AclManager
 
     private $tableHashMap = array();
 
+    protected $tableClassName = '\\Espo\\Core\\Acl\\Table';
+
     public function __construct(Container $container)
     {
         $this->container = $container;
@@ -49,6 +58,11 @@ class AclManager
         return $this->container;
     }
 
+    protected function getMetadata()
+    {
+        return $this->metadata;
+    }
+
     public function getImplementation($scope)
     {
         if (empty($this->implementationHashMap[$scope])) {
@@ -68,10 +82,10 @@ class AclManager
             }
 
             if (class_exists($className)) {
-                $acl = new $className();
+                $acl = new $className($scope);
                 $dependencies = $acl->getDependencyList();
                 foreach ($dependencies as $name) {
-                    $acl->inject($name, $this->container->get($name));
+                    $acl->inject($name, $this->getContainer()->get($name));
                 }
                 $this->implementationHashMap[$scope] = $acl;
             } else {
@@ -84,14 +98,18 @@ class AclManager
 
     protected function getTable(User $user)
     {
-        $key = spl_object_hash($user);
+        $key = $user->id;
+        if (empty($key)) {
+            $key = spl_object_hash($user);
+        }
 
         if (empty($this->tableHashMap[$key])) {
             $config = $this->getContainer()->get('config');
             $fileManager = $this->getContainer()->get('fileManager');
             $metadata = $this->getContainer()->get('metadata');
+            $fieldManager = $this->getContainer()->get('fieldManager');
 
-            $this->tableHashMap[$key] = new \Espo\Core\Acl\Table($user, $config, $fileManager, $metadata);
+            $this->tableHashMap[$key] = new $this->tableClassName($user, $config, $fileManager, $metadata, $fieldManager);
         }
 
         return $this->tableHashMap[$key];
@@ -112,9 +130,6 @@ class AclManager
 
     public function get(User $user, $permission)
     {
-        if ($user->isAdmin()) {
-            return true;
-        }
         return $this->getTable($user)->get($permission);
     }
 
@@ -124,7 +139,7 @@ class AclManager
             return false;
         }
         $data = $this->getTable($user)->getScopeData($scope);
-        return $this->getImplementation($scope)->checkReadOnlyTeam($user, $scope, $data);
+        return $this->getImplementation($scope)->checkReadOnlyTeam($user, $data);
     }
 
     public function checkReadOnlyOwn(User $user, $scope)
@@ -133,49 +148,127 @@ class AclManager
             return false;
         }
         $data = $this->getTable($user)->getScopeData($scope);
-        return $this->getImplementation($scope)->checkReadOnlyOwn($user, $scope, $data);
+        return $this->getImplementation($scope)->checkReadOnlyOwn($user, $data);
     }
 
-    public function check(User $user, $subject, $action = null, $isOwner = null, $inTeam = null)
+    public function check(User $user, $subject, $action = null)
     {
-        if ($user->isAdmin()) {
-            return true;
-        }
         if (is_string($subject)) {
-            return $this->checkScope($user, $subject, $action, $isOwner, $inTeam);
+            return $this->checkScope($user, $subject, $action);
         } else {
             $entity = $subject;
             if ($entity instanceof Entity) {
-                $entityType = $entity->getEntityType();
-
-                $impl = $this->getImplementation($entityType);
-                $methodName = 'checkEntity' . ucfirst($action);
-                if (method_exists($impl, $methodName)) {
-                    $data = $this->getTable($user)->getScopeData($entityType);
-                    return $impl->$methodName($user, $entity, $data);
-                }
-
                 return $this->checkEntity($user, $entity, $action);
             }
         }
     }
 
-    public function checkEntity(User $user, Entity $entity, $action)
+    public function checkEntity(User $user, Entity $entity, $action = 'read')
     {
-        if ($user->isAdmin()) {
-            return true;
+        $scope = $entity->getEntityType();
+
+        $data = $this->getTable($user)->getScopeData($scope);
+
+        $impl = $this->getImplementation($scope);
+
+        $methodName = 'checkEntity' . ucfirst($action);
+        if (method_exists($impl, $methodName)) {
+            return $impl->$methodName($user, $entity, $data);
         }
-        $data = $this->getTable($user)->getScopeData($entity->getEntityType());
-        return $this->getImplementation($scope)->checkEntity($user, $entity, $data, $action);
+
+        return $impl->checkEntity($user, $entity, $data, $action);
     }
 
-    public function checkScope(User $user, $scope, $action = null, $isOwner = null, $inTeam = null, $entity = null)
+    public function checkIsOwner(User $user, Entity $entity)
+    {
+        return $this->getImplementation($entity->getEntityType())->checkIsOwner($user, $entity);
+    }
+
+    public function checkInTeam(User $user, Entity $entity)
+    {
+        return $this->getImplementation($entity->getEntityType())->checkInTeam($user, $entity);
+    }
+
+    public function checkScope(User $user, $scope, $action = null)
+    {
+        $data = $this->getTable($user)->getScopeData($scope);
+        return $this->getImplementation($scope)->checkScope($user, $data, $action);
+    }
+
+    public function checkUser(User $user, $permission, User $entity)
     {
         if ($user->isAdmin()) {
             return true;
         }
-        $data = $this->getTable($user)->getScopeData($scope);
-        return $this->getImplementation($scope)->checkScope($user, $data, $scope, $action, $isOwner, $inTeam, $entity);
+        if ($this->get($user, $permission) === 'no') {
+            if ($entity->id !== $user->id) {
+                return false;
+            }
+        } else if ($this->get($user, $permission) === 'team') {
+            if ($entity->id != $user->id) {
+                $teamIdList1 = $user->getTeamIdList();
+                $teamIdList2 = $entity->getTeamIdList();
+
+                $inTeam = false;
+                foreach ($teamIdList1 as $id) {
+                    if (in_array($id, $teamIdList2)) {
+                        $inTeam = true;
+                        break;
+                    }
+                }
+                if (!$inTeam) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+
+    public function getScopeForbiddenAttributeList(User $user, $scope, $action = 'read', $thresholdLevel = 'no')
+    {
+        if ($user->isAdmin()) return [];
+        return $this->getTable($user)->getScopeForbiddenAttributeList($scope, $action, $thresholdLevel);
+    }
+
+    public function getScopeForbiddenFieldList(User $user, $scope, $action = 'read', $thresholdLevel = 'no')
+    {
+        if ($user->isAdmin()) return [];
+        return $this->getTable($user)->getScopeForbiddenFieldList($scope, $action, $thresholdLevel);
+    }
+
+    public function checkUserPermission(User $user, $target, $permissionType = 'userPermission')
+    {
+        $permission = $this->get($user, $permissionType);
+
+        if (is_object($target)) {
+            $userId = $target->id;
+        } else {
+            $userId = $target;
+        }
+
+        if ($user->id === $userId) return true;
+
+        if ($permission === 'no') {
+            return false;
+        }
+
+        if ($permission === 'yes') {
+            return true;
+        }
+
+        if ($permission === 'team') {
+            $teamIdList = $user->getLinkMultipleIdList('teams');
+            if (!$this->getContainer()->get('entityManager')->getRepository('User')->checkBelongsToAnyOfTeams($userId, $teamIdList)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    public function checkAssignmentPermission(User $user, $target)
+    {
+        return $this->checkUserPermission($user, $target, 'assignmentPermission');
     }
 }
 

application/Espo/Core/AclPortal/Base.php

@@ -0,0 +1,212 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\AclPortal;
+
+use \Espo\Entities\User;
+use \Espo\ORM\Entity;
+
+class Base extends \Espo\Core\Acl\Base
+{
+    public function checkScope(User $user, $data, $action = null, Entity $entity = null, $entityAccessData = array())
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        if (is_null($data)) {
+            return false;
+        }
+        if ($data === false) {
+            return false;
+        }
+        if ($data === true) {
+            return true;
+        }
+        if (is_string($data)) {
+            return true;
+        }
+
+        $isOwner = null;
+        if (isset($entityAccessData['isOwner'])) {
+            $isOwner = $entityAccessData['isOwner'];
+        }
+        $inAccount = null;
+        if (isset($entityAccessData['inAccount'])) {
+            $inAccount = $entityAccessData['inAccount'];
+        }
+        $isOwnContact = null;
+        if (isset($entityAccessData['isOwnContact'])) {
+            $isOwnContact = $entityAccessData['isOwnContact'];
+        }
+
+        if (is_null($action)) {
+            return true;
+        }
+
+        if (!isset($data->$action)) {
+            return true;
+        }
+
+        $value = $data->$action;
+
+        if ($value === 'all' || $value === 'yes' || $value === true) {
+            return true;
+        }
+
+        if (!$value || $value === 'no') {
+            return false;
+        }
+
+        if (is_null($isOwner)) {
+            if ($entity) {
+                $isOwner = $this->checkIsOwner($user, $entity);
+            } else {
+                return true;
+            }
+        }
+
+        if ($isOwner) {
+            if ($value === 'own' || $value === 'account' || $value === 'contact') {
+                return true;
+            }
+        }
+
+        if ($value === 'account') {
+            if (is_null($inAccount) && $entity) {
+                $inAccount = $this->checkInAccount($user, $entity);
+            }
+            if ($inAccount) {
+                return true;
+            }
+        }
+
+        if ($value === 'contact') {
+            if (is_null($isOwnContact) && $entity) {
+                $isOwnContact = $this->checkIsOwnContact($user, $entity);
+            }
+            if ($isOwnContact) {
+                return true;
+            }
+        }
+
+        return false;
+
+    }
+
+    public function checkReadOnlyAccount(User $user, $data)
+    {
+        if (empty($data) || !is_object($data) || !isset($data->read)) {
+            return false;
+        }
+        return $data->read === 'account';
+    }
+
+    public function checkReadOnlyContact(User $user, $data)
+    {
+        if (empty($data) || !is_object($data) || !isset($data->read)) {
+            return false;
+        }
+        return $data->read === 'contact';
+    }
+
+    public function checkIsOwner(User $user, Entity $entity)
+    {
+        if ($entity->hasAttribute('createdById')) {
+            if ($entity->has('createdById')) {
+                if ($user->id === $entity->get('createdById')) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
+    public function checkInAccount(User $user, Entity $entity)
+    {
+        $accountIdList = $user->getLinkMultipleIdList('accounts');
+        if (count($accountIdList)) {
+            if ($entity->hasAttribute('accountId')) {
+                if (in_array($entity->get('accountId'), $accountIdList)) {
+                    return true;
+                }
+            }
+
+            if ($entity->hasRelation('accounts')) {
+                $repository = $this->getEntityManager()->getRepository($entity->getEntityType());
+                foreach ($accountIdList as $accountId) {
+                    if ($repository->isRelated($entity, 'accounts', $accountId)) {
+                        return true;
+                    }
+                }
+            }
+
+            if ($entity->hasAttribute('parentId') && $entity->hasRelation('parent')) {
+                if ($entity->get('parentType') === 'Account') {
+                    if (in_array($entity->get('parentId'), $accountIdList)) {
+                        return true;
+                    }
+                }
+            }
+        }
+
+        return false;
+    }
+
+    public function checkIsOwnContact(User $user, Entity $entity)
+    {
+        $contactId = $user->get('contactId');
+        if ($contactId) {
+            if ($entity->hasAttribute('contactId')) {
+                if ($entity->get('contactId') === $contactId) {
+                    return true;
+                }
+            }
+
+            if ($entity->hasRelation('contacts')) {
+                $repository = $this->getEntityManager()->getRepository($entity->getEntityType());
+                if ($repository->isRelated($entity, 'contacts', $contactId)) {
+                    return true;
+                }
+            }
+
+            if ($entity->hasAttribute('parentId') && $entity->hasRelation('parent')) {
+                if ($entity->get('parentType') === 'Contact') {
+                    if ($entity->get('parentId') === $contactId) {
+                        return true;
+                    }
+                }
+            }
+        }
+
+        return false;
+    }
+
+}
+

application/Espo/Core/AclPortal/Table.php

@@ -0,0 +1,135 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\AclPortal;
+
+use \Espo\Core\Exceptions\Error;
+
+use \Espo\ORM\Entity;
+use \Espo\Entities\User;
+use \Espo\Entities\Portal;
+
+use \Espo\Core\Utils\Config;
+use \Espo\Core\Utils\Metadata;
+use \Espo\Core\Utils\FieldManager;
+use \Espo\Core\Utils\File\Manager as FileManager;
+
+class Table extends \Espo\Core\Acl\Table
+{
+    protected $type = 'aclPortal';
+
+    protected $portal;
+
+    protected $defaultAclType = 'recordAllOwnNo';
+
+    protected $levelList = ['yes', 'all', 'account', 'contact', 'own', 'no'];
+
+    protected $valuePermissionList = [];
+
+    public function __construct(User $user, Portal $portal, Config $config = null, FileManager $fileManager = null, Metadata $metadata = null, FieldManager $fieldManager = null)
+    {
+        if (empty($portal)) {
+            throw new Error("No portal was passed to AclPortal\\Table constructor.");
+        }
+        $this->portal = $portal;
+        parent::__construct($user, $config, $fileManager, $metadata, $fieldManager);
+    }
+
+    protected function getPortal()
+    {
+        return $this->portal;
+    }
+
+    protected function initCacheFilePath()
+    {
+        $this->cacheFilePath = 'data/cache/application/acl-portal/'.$this->getPortal()->id.'/' . $this->getUser()->id . '.php';
+    }
+
+    protected function getRoleList()
+    {
+        $roleList = [];
+
+        $userRoleList = $this->getUser()->get('portalRoles');
+        if (!(is_array($userRoleList) || $userRoleList instanceof \Traversable)) {
+            throw new Error();
+        }
+        foreach ($userRoleList as $role) {
+            $roleList[] = $role;
+        }
+
+        $portalRoleList = $this->getPortal()->get('portalRoles');
+        if (!(is_array($portalRoleList) || $portalRoleList instanceof \Traversable)) {
+            throw new Error();
+        }
+        foreach ($portalRoleList as $role) {
+            $roleList[] = $role;
+        }
+
+        return $roleList;
+    }
+
+    protected function getScopeWithAclList()
+    {
+        $scopeList = [];
+        $scopes = $this->getMetadata()->get('scopes');
+        foreach ($scopes as $scope => $d) {
+            if (empty($d['acl'])) continue;
+            if (empty($d['aclPortal'])) continue;
+            $scopeList[] = $scope;
+        }
+        return $scopeList;
+    }
+
+    protected function applyDefault(&$table, &$fieldTable)
+    {
+        parent::applyDefault($table, $fieldTable);
+
+        foreach ($this->getScopeList() as $scope) {
+            if (!isset($table->$scope)) {
+                $table->$scope = false;
+            }
+        }
+    }
+
+    protected function applyDisabled(&$table, &$fieldTable)
+    {
+        foreach ($this->getScopeList() as $scope) {
+            $d = $this->getMetadata()->get('scopes.' . $scope);
+            if (!empty($d['disabled']) || !empty($d['portalDisabled'])) {
+                $table->$scope = false;
+                unset($fieldTable->$scope);
+            }
+        }
+    }
+
+    protected function applyAdditional(&$table, &$fieldTable, &$valuePermissionLists)
+    {
+    }
+}
+

application/Espo/Core/Application.php

@@ -18,35 +18,43 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;
 
-
 class Application
 {
     private $metadata;
 
-    private $container;
+    protected $container;
 
     private $slim;
 
     private $auth;
 
-    /**
-     * Constructor
-     */
     public function __construct()
     {
-        $this->container = new Container();
-
         date_default_timezone_set('UTC');
 
-        $GLOBALS['log'] = $this->container->get('log');
+        $this->initContainer();
+
+        $GLOBALS['log'] = $this->getContainer()->get('log');
 
         $this->initAutoloads();
     }
 
+    protected function initContainer()
+    {
+        $this->container = new Container();
+    }
+
     public function getSlim()
     {
         if (empty($this->slim)) {
@@ -63,12 +71,9 @@ class Application
         return $this->metadata;
     }
 
-    protected function getAuth()
+    protected function createAuth()
     {
-        if (empty($this->auth)) {
-            $this->auth = new \Espo\Core\Utils\Auth($this->container);
-        }
-        return $this->auth;
+        return new \Espo\Core\Utils\Auth($this->container);
     }
 
     public function getContainer()
@@ -85,17 +90,10 @@ class Application
 
     public function runClient()
     {
-        $config = $this->getContainer()->get('config');
-
-        $html = file_get_contents('main.html');
-        $html = str_replace('{{cacheTimestamp}}', $config->get('cacheTimestamp', 0), $html);
-        $html = str_replace('{{useCache}}', $config->get('useCache') ? 'true' : 'false' , $html);
-        $html = str_replace('{{runScript}}', 'app.start();' , $html);
-        echo $html;
-        exit;
+        $this->getContainer()->get('clientManager')->display();
     }
 
-    public function runEntryPoint($entryPoint)
+    public function runEntryPoint($entryPoint, $data = array(), $final = false)
     {
         if (empty($entryPoint)) {
             throw new \Error();
@@ -104,18 +102,27 @@ class Application
         $slim = $this->getSlim();
         $container = $this->getContainer();
 
-        $slim->get('/', function() {});
-        $slim->post('/', function() {});
+        $slim->any('.*', function() {});
 
         $entryPointManager = new \Espo\Core\EntryPointManager($container);
 
         try {
-            $auth = $this->getAuth();
-            $apiAuth = new \Espo\Core\Utils\Api\Auth($auth, $entryPointManager->checkAuthRequired($entryPoint), true);
+            $authRequired = $entryPointManager->checkAuthRequired($entryPoint);
+            $authNotStrict = $entryPointManager->checkNotStrictAuth($entryPoint);
+            if ($authRequired && !$authNotStrict) {
+                if (!$final && $portalId = $this->detectedPortalId()) {
+                    $app = new \Espo\Core\Portal\Application($portalId);
+                    $app->setBasePath($this->getBasePath());
+                    $app->runEntryPoint($entryPoint, $data, true);
+                    exit;
+                }
+            }
+            $auth = new \Espo\Core\Utils\Auth($this->container, $authNotStrict);
+            $apiAuth = new \Espo\Core\Utils\Api\Auth($auth, $authRequired, true);
             $slim->add($apiAuth);
 
-            $slim->hook('slim.before.dispatch', function () use ($entryPoint, $entryPointManager, $container) {
-                $entryPointManager->run($entryPoint);
+            $slim->hook('slim.before.dispatch', function () use ($entryPoint, $entryPointManager, $container, $data) {
+                $entryPointManager->run($entryPoint, $data);
             });
 
             $slim->run();
@@ -126,7 +133,7 @@ class Application
 
     public function runCron()
     {
-        $auth = $this->getAuth();
+        $auth = $this->createAuth();
         $auth->useNoAuth(true);
 
         $cronManager = new \Espo\Core\CronManager($this->container);
@@ -156,20 +163,25 @@ class Application
         return false;
     }
 
+    protected function createApiAuth($auth)
+    {
+        return new \Espo\Core\Utils\Api\Auth($auth);
+    }
+
     protected function routeHooks()
     {
         $container = $this->getContainer();
         $slim = $this->getSlim();
 
         try {
-            $auth = $this->getAuth();
+            $auth = $this->createAuth();
         } catch (\Exception $e) {
             $container->get('output')->processError($e->getMessage(), $e->getCode());
         }
 
-        $apiAuth = new \Espo\Core\Utils\Api\Auth($auth);
-        $this->getSlim()->add($apiAuth);
+        $apiAuth = $this->createApiAuth($auth);
 
+        $this->getSlim()->add($apiAuth);
         $this->getSlim()->hook('slim.before.dispatch', function () use ($slim, $container) {
 
             $route = $slim->router()->getCurrentRoute();
@@ -229,13 +241,19 @@ class Application
         });
     }
 
-    protected function initRoutes()
+    protected function getRouteList()
     {
         $routes = new \Espo\Core\Utils\Route($this->getContainer()->get('config'), $this->getMetadata(), $this->getContainer()->get('fileManager'));
-        $crudList = array_keys( $this->getContainer()->get('config')->get('crud') );
 
-        foreach ($routes->getAll() as $route) {
 
+        return $routes->getAll();
+    }
+
+    protected function initRoutes()
+    {
+        $crudList = array_keys($this->getContainer()->get('config')->get('crud'));
+
+        foreach ($this->getRouteList() as $route) {
             $method = strtolower($route['method']);
             if (!in_array($method, $crudList)) {
                 $GLOBALS['log']->error('Route: Method ['.$method.'] does not exist. Please check your route ['.$route['route'].']');
@@ -280,5 +298,37 @@ class Application
 
         $classLoader->register(true);
     }
+
+    public function setBasePath($basePath)
+    {
+        $this->getContainer()->get('clientManager')->setBasePath($basePath);
+    }
+
+    public function getBasePath()
+    {
+        return $this->getContainer()->get('clientManager')->getBasePath();
+    }
+
+    public function detectedPortalId()
+    {
+        if (!empty($_GET['portalId'])) {
+            return $_GET['portalId'];
+        }
+        if (!empty($_COOKIE['auth-token'])) {
+            $token = $this->getContainer()->get('entityManager')->getRepository('AuthToken')->where(array('token' => $_COOKIE['auth-token']))->findOne();
+
+            if ($token && $token->get('portalId')) {
+                return $token->get('portalId');
+            }
+        }
+        return null;
+    }
+
+    public function setupSystemUser()
+    {
+        $user = $this->getContainer()->get('entityManager')->getEntity('User', 'system');
+        $this->getContainer()->setUser($user);
+        $this->getContainer()->get('entityManager')->setUser($user);
+    }
 }
 

application/Espo/Core/Container.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;
@@ -33,7 +40,6 @@ class Container
      */
     public function __construct()
     {
-
     }
 
     public function get($name)
@@ -41,7 +47,15 @@ class Container
         if (empty($this->data[$name])) {
             $this->load($name);
         }
-        return $this->data[$name];
+        if (isset($this->data[$name])) {
+            return $this->data[$name];
+        }
+        return null;
+    }
+
+    protected function set($name, $obj)
+    {
+        $this->data[$name] = $obj;
     }
 
     private function load($name)
@@ -81,16 +95,19 @@ class Container
 
     protected function loadLog()
     {
-        $logConfig = $this->get('config')->get('logger');
+        $config = $this->get('config');
+
+        $path = $config->get('logger.path', 'data/logs/espo.log');
+        $rotation = $config->get('logger.rotation', true);
 
         $log = new \Espo\Core\Utils\Log('Espo');
+        $levelCode = $log->getLevelCode($config->get('logger.level', 'WARNING'));
 
-        $levelCode = $log->getLevelCode($logConfig['level']);
-
-        if ($logConfig['isRotate']) {
-            $handler = new \Espo\Core\Utils\Log\Monolog\Handler\RotatingFileHandler($logConfig['path'], $logConfig['maxRotateFiles'], $levelCode);
+        if ($rotation) {
+            $maxFileNumber = $config->get('logger.maxFileNumber', 30);
+            $handler = new \Espo\Core\Utils\Log\Monolog\Handler\RotatingFileHandler($path, $maxFileNumber, $levelCode);
         } else {
-            $handler = new \Espo\Core\Utils\Log\Monolog\Handler\StreamHandler($logConfig['path'], $levelCode);
+            $handler = new \Espo\Core\Utils\Log\Monolog\Handler\StreamHandler($path, $levelCode);
         }
         $log->pushHandler($handler);
 
@@ -106,53 +123,54 @@ class Container
         return $this;
     }
 
-    private function loadSlim()
+    protected function loadSlim()
     {
         return new \Espo\Core\Utils\Api\Slim();
     }
 
-    private function loadFileManager()
+    protected function loadFileManager()
     {
         return new \Espo\Core\Utils\File\Manager(
             $this->get('config')
         );
     }
 
-    private function loadPreferences()
+    protected function loadPreferences()
     {
         return $this->get('entityManager')->getEntity('Preferences', $this->get('user')->id);
     }
 
-    private function loadConfig()
+    protected function loadConfig()
     {
         return new \Espo\Core\Utils\Config(
             new \Espo\Core\Utils\File\Manager()
         );
     }
 
-    private function loadHookManager()
+    protected function loadHookManager()
     {
         return new \Espo\Core\HookManager(
             $this
         );
     }
 
-    private function loadOutput()
+    protected function loadOutput()
     {
         return new \Espo\Core\Utils\Api\Output(
             $this->get('slim')
         );
     }
 
-    private function loadMailSender()
+    protected function loadMailSender()
     {
         $className = $this->getServiceClassName('mailSernder', '\\Espo\\Core\\Mail\\Sender');
         return new $className(
-            $this->get('config')
+            $this->get('config'),
+            $this->get('entityManager')
         );
     }
 
-    private function loadDateTime()
+    protected function loadDateTime()
     {
         return new \Espo\Core\Utils\DateTime(
             $this->get('config')->get('dateFormat'),
@@ -161,7 +179,7 @@ class Container
         );
     }
 
-    private function loadNumber()
+    protected function loadNumber()
     {
         return new \Espo\Core\Utils\Number(
             $this->get('config')->get('decimalMark'),
@@ -169,24 +187,26 @@ class Container
         );
     }
 
-    private function loadServiceFactory()
+    protected function loadServiceFactory()
     {
         return new \Espo\Core\ServiceFactory(
             $this
         );
     }
 
-    private function loadSelectManagerFactory()
+    protected function loadSelectManagerFactory()
     {
         return new \Espo\Core\SelectManagerFactory(
             $this->get('entityManager'),
             $this->get('user'),
             $this->get('acl'),
-            $this->get('metadata')
+            $this->get('aclManager'),
+            $this->get('metadata'),
+            $this->get('config')
         );
     }
 
-    private function loadMetadata()
+    protected function loadMetadata()
     {
         return new \Espo\Core\Utils\Metadata(
             $this->get('config'),
@@ -194,15 +214,16 @@ class Container
         );
     }
 
-    private function loadLayout()
+    protected function loadLayout()
     {
         return new \Espo\Core\Utils\Layout(
             $this->get('fileManager'),
-            $this->get('metadata')
+            $this->get('metadata'),
+            $this->get('user')
         );
     }
 
-    private function loadAclManager()
+    protected function loadAclManager()
     {
         $className = $this->getServiceClassName('acl', '\\Espo\\Core\\AclManager');
         return new $className(
@@ -210,7 +231,7 @@ class Container
         );
     }
 
-    private function loadAcl()
+    protected function loadAcl()
     {
         $className = $this->getServiceClassName('acl', '\\Espo\\Core\\Acl');
         return new $className(
@@ -219,7 +240,7 @@ class Container
         );
     }
 
-    private function loadSchema()
+    protected function loadSchema()
     {
         return new \Espo\Core\Utils\Database\Schema\Schema(
             $this->get('config'),
@@ -230,7 +251,7 @@ class Container
         );
     }
 
-    private function loadClassParser()
+    protected function loadClassParser()
     {
         return new \Espo\Core\Utils\File\ClassParser(
             $this->get('fileManager'),
@@ -239,7 +260,7 @@ class Container
         );
     }
 
-    private function loadLanguage()
+    protected function loadLanguage()
     {
         return new \Espo\Core\Utils\Language(
             $this->get('fileManager'),
@@ -249,38 +270,55 @@ class Container
         );
     }
 
-    private function loadCrypt()
+    protected function loadCrypt()
     {
         return new \Espo\Core\Utils\Crypt(
             $this->get('config')
         );
     }
 
-    private function loadScheduledJob()
+    protected function loadScheduledJob()
     {
         return new \Espo\Core\Utils\ScheduledJob(
             $this
         );
     }
 
-    private function loadDataManager()
+    protected function loadDataManager()
     {
         return new \Espo\Core\DataManager(
             $this
         );
     }
 
-    private function loadFieldManager()
+    protected function loadFieldManager()
     {
         return new \Espo\Core\Utils\FieldManager(
             $this->get('metadata'),
-            $this->get('language')
+            $this->get('language'),
+            $this
         );
     }
 
-    public function setUser($user)
+    protected function loadThemeManager()
     {
-        $this->data['user'] = $user;
+        return new \Espo\Core\Utils\ThemeManager(
+            $this->get('config'),
+            $this->get('metadata')
+        );
+    }
+
+    protected function loadClientManager()
+    {
+        return new \Espo\Core\Utils\ClientManager(
+            $this->get('config'),
+            $this->get('themeManager')
+        );
+    }
+
+    public function setUser(\Espo\Entities\User $user)
+    {
+        $this->set('user', $user);
     }
 }
 

application/Espo/Core/ControllerManager.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;
@@ -87,23 +94,32 @@ class ControllerManager
         $actionNameUcfirst = ucfirst($actionName);
 
         $beforeMethodName = 'before' . $actionNameUcfirst;
+        $actionMethodName = 'action' . $actionNameUcfirst;
+        $afterMethodName = 'after' . $actionNameUcfirst;
+
+        $fullActionMethodName = strtolower($request->getMethod()) . ucfirst($actionMethodName);
+
+        if (method_exists($controller, $fullActionMethodName)) {
+            $primaryActionMethodName = $fullActionMethodName;
+        } else {
+            $primaryActionMethodName = $actionMethodName;
+        }
+
+        if (!method_exists($controller, $primaryActionMethodName)) {
+            throw new NotFound("Action '$actionName' (".$request->getMethod().") does not exist in controller '$controllerName'");
+        }
+
         if (method_exists($controller, $beforeMethodName)) {
             $controller->$beforeMethodName($params, $data, $request);
         }
-        $actionMethodName = 'action' . $actionNameUcfirst;
 
-        if (!method_exists($controller, $actionMethodName)) {
-            throw new NotFound("Action '$actionMethodName' does not exist in controller '$controller'");
-        }
+        $result = $controller->$primaryActionMethodName($params, $data, $request);
 
-        $result = $controller->$actionMethodName($params, $data, $request);
-
-        $afterMethodName = 'after' . $actionNameUcfirst;
         if (method_exists($controller, $afterMethodName)) {
             $controller->$afterMethodName($params, $data, $request);
         }
 
-        if (is_array($result) || is_bool($result)) {
+        if (is_array($result) || is_bool($result) || $result instanceof \StdClass) {
             return \Espo\Core\Utils\Json::encode($result);
         }
 

application/Espo/Core/Controllers/Base.php

@@ -18,10 +18,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Controllers;
-
 use \Espo\Core\Container;
 use \Espo\Core\ServiceFactory;
 use \Espo\Core\Utils\Util;

application/Espo/Core/Controllers/Record.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Controllers;
@@ -57,7 +64,7 @@ class Record extends Base
         return $service;
     }
 
-    public function actionRead($params)
+    public function actionRead($params, $data, $request)
     {
         $id = $params['id'];
         $entity = $this->getRecordService()->getEntity($id);
@@ -80,7 +87,7 @@ class Record extends Base
             throw new BadRequest();
         }
 
-        if (!$this->getAcl()->check($this->name, 'edit')) {
+        if (!$this->getAcl()->check($this->name, 'create')) {
             throw new Forbidden();
         }
 
@@ -121,25 +128,31 @@ class Record extends Base
         $where = $request->get('where');
         $offset = $request->get('offset');
         $maxSize = $request->get('maxSize');
-        $asc = $request->get('asc') === 'true';
+        $asc = $request->get('asc', 'true') === 'true';
         $sortBy = $request->get('sortBy');
         $q = $request->get('q');
+        $textFilter = $request->get('textFilter');
 
         if (empty($maxSize)) {
             $maxSize = self::MAX_SIZE_LIMIT;
         }
         if (!empty($maxSize) && $maxSize > self::MAX_SIZE_LIMIT) {
-            throw new Forbidden();
+            throw new Forbidden("Max should should not exceed " . self::MAX_SIZE_LIMIT . ". Use pagination (offset, limit).");
         }
 
-        $result = $this->getRecordService()->findEntities(array(
+        $params = array(
             'where' => $where,
             'offset' => $offset,
             'maxSize' => $maxSize,
             'asc' => $asc,
             'sortBy' => $sortBy,
             'q' => $q,
-        ));
+            'textFilter' => $textFilter
+        );
+
+        $this->fetchListParamsFromRequest($params, $request, $data);
+
+        $result = $this->getRecordService()->findEntities($params);
 
         return array(
             'total' => $result['total'],
@@ -147,6 +160,16 @@ class Record extends Base
         );
     }
 
+    protected function fetchListParamsFromRequest(&$params, $request, $data)
+    {
+        if ($request->get('primaryFilter')) {
+            $params['primaryFilter'] = $request->get('primaryFilter');
+        }
+        if ($request->get('boolFilterList')) {
+            $params['boolFilterList'] = $request->get('boolFilterList');
+        }
+    }
+
     public function actionListLinked($params, $data, $request)
     {
         $id = $params['id'];
@@ -155,9 +178,10 @@ class Record extends Base
         $where = $request->get('where');
         $offset = $request->get('offset');
         $maxSize = $request->get('maxSize');
-        $asc = $request->get('asc') === 'true';
+        $asc = $request->get('asc', 'true') === 'true';
         $sortBy = $request->get('sortBy');
         $q = $request->get('q');
+        $textFilter = $request->get('textFilter');
 
         if (empty($maxSize)) {
             $maxSize = self::MAX_SIZE_LIMIT;
@@ -166,15 +190,19 @@ class Record extends Base
             throw new Forbidden();
         }
 
-        $result = $this->getRecordService()->findLinkedEntities($id, $link, array(
+        $params = array(
             'where' => $where,
             'offset' => $offset,
             'maxSize' => $maxSize,
             'asc' => $asc,
             'sortBy' => $sortBy,
             'q' => $q,
-        ));
+            'textFilter' => $textFilter
+        );
 
+        $this->fetchListParamsFromRequest($params, $request, $data);
+
+        $result = $this->getRecordService()->findLinkedEntities($id, $link, $params);
 
         return array(
             'total' => $result['total'],
@@ -198,7 +226,7 @@ class Record extends Base
 
     public function actionExport($params, $data, $request)
     {
-        if ($this->getConfig()->get('disableExport') && !$this->getUser()->isAdmin()) {
+        if ($this->getConfig()->get('exportDisabled') && !$this->getUser()->isAdmin()) {
             throw new Forbidden();
         }
 
@@ -264,7 +292,6 @@ class Record extends Base
             $params['where'] = $where;
         }
         if (array_key_exists('ids', $data)) {
-            $where = json_decode(json_encode($data['where']), true);
             $params['ids'] = $data['ids'];
         }
 
@@ -293,18 +320,18 @@ class Record extends Base
             $where = json_decode(json_encode($data['where']), true);
             return $this->getRecordService()->linkEntityMass($id, $link, $where);
         } else {
-            $foreignIds = array();
+            $foreignIdList = array();
             if (isset($data['id'])) {
-                $foreignIds[] = $data['id'];
+                $foreignIdList[] = $data['id'];
             }
             if (isset($data['ids']) && is_array($data['ids'])) {
                 foreach ($data['ids'] as $foreignId) {
-                    $foreignIds[] = $foreignId;
+                    $foreignIdList[] = $foreignId;
                 }
             }
 
             $result = false;
-            foreach ($foreignIds as $foreignId) {
+            foreach ($foreignIdList as $foreignId) {
                 if ($this->getRecordService()->linkEntity($id, $link, $foreignId)) {
                     $result = true;
                 }
@@ -358,7 +385,7 @@ class Record extends Base
         if (!$request->isPut()) {
             throw new BadRequest();
         }
-        if (!$this->getAcl()->check($this->name, 'read')) {
+        if (!$this->getAcl()->check($this->name, 'stream')) {
             throw new Forbidden();
         }
         $id = $params['id'];
@@ -383,17 +410,34 @@ class Record extends Base
             throw new BadRequest();
         }
 
-        if (empty($data['targetId']) || empty($data['sourceIds']) || !is_array($data['sourceIds'])) {
+        if (empty($data['targetId']) || empty($data['sourceIds']) || !is_array($data['sourceIds']) || !($data['attributes'] instanceof \StdClass)) {
             throw new BadRequest();
         }
         $targetId = $data['targetId'];
         $sourceIds = $data['sourceIds'];
+        $attributes = get_object_vars($data['attributes']);
 
         if (!$this->getAcl()->check($this->name, 'edit')) {
             throw new Forbidden();
         }
 
-        return $this->getRecordService()->merge($targetId, $sourceIds);
+        return $this->getRecordService()->merge($targetId, $sourceIds, $attributes);
+    }
+
+    public function postActionGetDuplicateAttributes($params, $data, $request)
+    {
+        if (empty($data['id'])) {
+            throw new BadRequest();
+        }
+
+        if (!$this->getAcl()->check($this->name, 'create')) {
+            throw new Forbidden();
+        }
+        if (!$this->getAcl()->check($this->name, 'read')) {
+            throw new Forbidden();
+        }
+
+        return $this->getRecordService()->getDuplicateAttributes($data['id']);
     }
 }
 

application/Espo/Core/Controllers/RecordTree.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Controllers;
@@ -30,7 +37,6 @@ use \Espo\Core\Utils\Util;
 
 class RecordTree extends Record
 {
-
     public static $defaultAction = 'list';
 
     protected $defaultRecordServiceName = 'RecordTree';
@@ -44,9 +50,11 @@ class RecordTree extends Record
         $where = $request->get('where');
         $parentId = $request->get('parentId');
         $maxDepth = $request->get('maxDepth');
+        $onlyNotEmpty = $request->get('onlyNotEmpty');
 
         $collection = $this->getRecordService()->getTree($parentId, array(
-            'where' => $where
+            'where' => $where,
+            'onlyNotEmpty' => $onlyNotEmpty
         ), 0, $maxDepth);
         return array(
             'list' => $collection->toArray(),

application/Espo/Core/CronManager.php

@@ -18,10 +18,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;
-
 use \PDO;
 use Espo\Core\Utils\Json;
 use Espo\Core\Exceptions\NotFound;
@@ -29,15 +35,21 @@ use Espo\Core\Exceptions\NotFound;
 class CronManager
 {
     private $container;
+
     private $config;
+
     private $fileManager;
+
     private $entityManager;
 
     private $scheduledJobUtil;
 
     const PENDING = 'Pending';
+
     const RUNNING = 'Running';
+
     const SUCCESS = 'Success';
+
     const FAILED = 'Failed';
 
     protected $lastRunTime = 'data/cache/application/cronLastRunTime.php';
@@ -143,19 +155,15 @@ class CronManager
 
         $this->setLastRunTime(time());
 
-        $entityManager = $this->getEntityManager();
-
-        $cronJob = $this->getCronJob();
-        $cronScheduledJob = $this->getCronScheduledJob();
-
-        //Check scheduled jobs and create related jobs
+        $this->getCronJob()->markFailedJobs();
+        $this->getCronJob()->updateFailedJobAttempts();
         $this->createJobsFromScheduledJobs();
+        $this->getCronJob()->removePendingJobDuplicates();
 
-        $pendingJobs = $cronJob->getPendingJobs();
+        $pendingJobList = $this->getCronJob()->getPendingJobList();
 
-        foreach ($pendingJobs as $job) {
-
-            $jobEntity = $entityManager->getEntity('Job', $job['id']);
+        foreach ($pendingJobList as $job) {
+            $jobEntity = $this->getEntityManager()->getEntity('Job', $job['id']);
 
             if (!isset($jobEntity)) {
                 $GLOBALS['log']->error('CronManager: empty Job entity ['.$job['id'].'].');
@@ -163,7 +171,7 @@ class CronManager
             }
 
             $jobEntity->set('status', self::RUNNING);
-            $entityManager->saveEntity($jobEntity);
+            $this->getEntityManager()->saveEntity($jobEntity);
 
             $isSuccess = true;
 
@@ -181,11 +189,10 @@ class CronManager
             $status = $isSuccess ? self::SUCCESS : self::FAILED;
 
             $jobEntity->set('status', $status);
-            $entityManager->saveEntity($jobEntity);
+            $this->getEntityManager()->saveEntity($jobEntity);
 
-            //set status in the schedulerJobLog
             if (!empty($job['scheduled_job_id'])) {
-                $cronScheduledJob->addLogRecord($job['scheduled_job_id'], $status);
+                $this->getCronScheduledJob()->addLogRecord($job['scheduled_job_id'], $status, null, $job['target_id'], $job['target_type']);
             }
         }
     }
@@ -207,12 +214,20 @@ class CronManager
         }
 
         $jobClass = new $className($this->container);
-        $method = $this->getScheduledJobUtil()->getMethodName();
+        $method = 'run';
         if (!method_exists($jobClass, $method)) {
             throw new NotFound();
         }
 
-        $jobClass->$method();
+        $data = null;
+        if (!empty($job['data'])) {
+            $data = $job['data'];
+            if (Json::isJSON($data)) {
+                $data = Json::decode($data, true);
+            }
+        }
+
+        $jobClass->$method($data, $job['target_id'], $job['target_type']);
     }
 
     /**
@@ -242,7 +257,7 @@ class CronManager
             $data = Json::decode($data, true);
         }
 
-        $service->$serviceMethod($data);
+        $service->$serviceMethod($data, $job['target_id'], $job['target_type']);
     }
 
     /**
@@ -252,55 +267,62 @@ class CronManager
      */
     protected function createJobsFromScheduledJobs()
     {
-        $entityManager = $this->getEntityManager();
+        $activeScheduledJobList = $this->getCronScheduledJob()->getActiveScheduledJobList();
 
-        $activeScheduledJobs = $this->getCronScheduledJob()->getActiveJobs();
+        $runningScheduledJobIdList = $this->getCronJob()->getRunningScheduledJobIdList();
 
-        $cronJob = $this->getCronJob();
-        $runningScheduledJobs = $cronJob->getActiveJobs('scheduled_job_id', self::RUNNING, PDO::FETCH_COLUMN);
+        $createdJobIdList = array();
+        foreach ($activeScheduledJobList as $scheduledJob) {
+            $scheduling = $scheduledJob['scheduling'];
 
-        $createdJobs = array();
-        foreach ($activeScheduledJobs as $scheduledJob) {
-
-            if (in_array($scheduledJob['id'], $runningScheduledJobs)) {
+            try {
+                $cronExpression = \Cron\CronExpression::factory($scheduling);
+            } catch (\Exception $e) {
+                $GLOBALS['log']->error('CronManager (ScheduledJob ['.$scheduledJob['id'].']): Scheduling string error - '. $e->getMessage() . '.');
                 continue;
             }
 
-            $scheduling = $scheduledJob['scheduling'];
-
-            $cronExpression = \Cron\CronExpression::factory($scheduling);
-
             try {
-                $prevDate = $cronExpression->getPreviousRunDate()->format('Y-m-d H:i:s');
+                $previousDate = $cronExpression->getPreviousRunDate()->format('Y-m-d H:i:s');
             } catch (\Exception $e) {
-                $GLOBALS['log']->error('CronManager: ScheduledJob ['.$scheduledJob['id'].']: CronExpression - Impossible CRON expression ['.$scheduling.']');
+                $GLOBALS['log']->error('CronManager (ScheduledJob ['.$scheduledJob['id'].']): Unsupported CRON expression ['.$scheduling.']');
                 continue;
             }
 
             if ($cronExpression->isDue()) {
-                $prevDate = date('Y-m-d H:i:s');
+                $previousDate = date('Y-m-d H:i:s');
             }
 
-            $existsJob = $cronJob->getJobByScheduledJob($scheduledJob['id'], $prevDate);
+            $existingJob = $this->getCronJob()->getJobByScheduledJob($scheduledJob['id'], $previousDate);
+            if ($existingJob) continue;
 
-            if (!isset($existsJob) || empty($existsJob)) {
-                //create a new job
-                $jobEntity = $entityManager->getEntity('Job');
-                $jobEntity->set(array(
-                    'name' => $scheduledJob['name'],
-                    'status' => self::PENDING,
-                    'scheduledJobId' => $scheduledJob['id'],
-                    'executeTime' => $prevDate,
-                    'method' => $scheduledJob['job'],
-                ));
-                $jobEntityId = $entityManager->saveEntity($jobEntity);
-                if (!empty($jobEntityId)) {
-                    $createdJobs[] = $jobEntityId;
+            $className = $this->getScheduledJobUtil()->get($scheduledJob['job']);
+            if ($className) {
+                if (method_exists($className, 'prepare')) {
+                    $implementation = new $className($this->container);
+                    $implementation->prepare($scheduledJob, $previousDate);
+                    continue;
                 }
             }
+
+            if (in_array($scheduledJob['id'], $runningScheduledJobIdList)) {
+                continue;
+            }
+
+            $jobEntity = $this->getEntityManager()->getEntity('Job');
+            $jobEntity->set(array(
+                'name' => $scheduledJob['name'],
+                'status' => self::PENDING,
+                'scheduledJobId' => $scheduledJob['id'],
+                'executeTime' => $previousDate,
+                'method' => $scheduledJob['job']
+            ));
+            $this->getEntityManager()->saveEntity($jobEntity);
+
+            $createdJobIdList[] = $jobEntity->id;
         }
 
-        return $createdJobs;
+        return $createdJobIdList;
     }
 }
 

application/Espo/Core/DataManager.php

@@ -18,10 +18,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;
-
 class DataManager
 {
     private $container;

application/Espo/Core/Entities/CategoryTreeItem.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Entities;

application/Espo/Core/Entities/Person.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Entities;

application/Espo/Core/EntryPointManager.php

@@ -18,10 +18,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Core;
-
 use \Espo\Core\Exceptions\NotFound,
     \Espo\Core\Utils\Util;
 
@@ -75,7 +81,16 @@ class EntryPointManager
         return $className::$authRequired;
     }
 
-    public function run($name)
+    public function checkNotStrictAuth($name)
+    {
+        $className = $this->getClassName($name);
+        if (!$className) {
+            throw new NotFound();
+        }
+        return $className::$notStrictAuth;
+    }
+
+    public function run($name, $data = array())
     {
         $className = $this->getClassName($name);
         if (!$className) {
@@ -83,7 +98,7 @@ class EntryPointManager
         }
         $entryPoint = new $className($this->container);
 
-        $entryPoint->run();
+        $entryPoint->run($data);
     }
 
     protected function getClassName($name)

application/Espo/Core/EntryPoints/Base.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\EntryPoints;
@@ -32,6 +39,8 @@ abstract class Base
 
     public static $authRequired = true;
 
+    public static $notStrictAuth = false;
+
     protected function getContainer()
     {
         return $this->container;
@@ -82,12 +91,20 @@ abstract class Base
         return $this->getContainer()->get('fileManager');
     }
 
+    protected function getLanguage()
+    {
+        return $this->getContainer()->get('language');
+    }
+
+    protected function getClientManager()
+    {
+        return $this->getContainer()->get('clientManager');
+    }
+
     public function __construct(Container $container)
     {
         $this->container = $container;
     }
 
-    abstract public function run();
-
 }
 

application/Espo/Core/Exceptions/BadRequest.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Core\Exceptions;

application/Espo/Core/Exceptions/Conflict.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Core\Exceptions;

application/Espo/Core/Exceptions/Error.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Core\Exceptions;

application/Espo/Core/Exceptions/Forbidden.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Core\Exceptions;

application/Espo/Core/Exceptions/InternalServerError.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Core\Exceptions;

application/Espo/Core/Exceptions/NotFound.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Core\Exceptions;

application/Espo/Core/Exceptions/Unauthorized.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/ 
 
 namespace Espo\Core\Exceptions;

application/Espo/Core/ExtensionManager.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;

application/Espo/Core/ExternalAccount/ClientManager.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\ExternalAccount;

application/Espo/Core/ExternalAccount/Clients/Google.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\ExternalAccount\Clients;

application/Espo/Core/ExternalAccount/Clients/IClient.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\ExternalAccount\Clients;

application/Espo/Core/ExternalAccount/Clients/OAuth2Abstract.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\ExternalAccount\Clients;

application/Espo/Core/ExternalAccount/OAuth2/Client.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\ExternalAccount\OAuth2;

application/Espo/Core/HookManager.php

@@ -18,10 +18,16 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core;
-
 use \Espo\Core\Exceptions\Error,
     \Espo\Core\Utils\Util;
 
@@ -104,6 +110,9 @@ class HookManager
                 foreach ($this->data[$scope][$hookName] as $className) {
                     if (empty($this->hooks[$className])) {
                         $this->hooks[$className] = $this->createHookByClassName($className);
+                        if (empty($this->hooks[$className])) {
+                            continue;
+                        }
                     }
                     $hook = $this->hooks[$className];
                     $hook->$hookName($injection, $options);
@@ -122,7 +131,7 @@ class HookManager
             }
             return $hook;
         }
-        throw new Error("Class '$className' does not exist");
+        $GLOBALS['log']->error("Hook class '{$className}' does not exist.");
     }
 
     /**

application/Espo/Core/Hooks/Base.php

@@ -18,19 +18,27 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Hooks;
 
-use \Espo\Core\Interfaces\Injectable;
+use Espo\Core\Interfaces\Injectable;
 
 abstract class Base implements Injectable
 {
     protected $dependencies = array(
+        'container',
         'entityManager',
         'config',
         'metadata',
-        'acl',
+        'aclManager',
         'user',
     );
 
@@ -52,6 +60,13 @@ abstract class Base implements Injectable
         return $this->dependencies;
     }
 
+    protected function addDependencyList(array $list)
+    {
+        foreach ($list as $item) {
+            $this->addDependency($item);
+        }
+    }
+
     protected function addDependency($name)
     {
         $this->dependencies[] = $name;
@@ -67,29 +82,39 @@ abstract class Base implements Injectable
         $this->injections[$name] = $object;
     }
 
+    protected function getContainer()
+    {
+        return $this->getInjection('container');
+    }
+
     protected function getEntityManager()
     {
-        return $this->injections['entityManager'];
+        return $this->getInjection('entityManager');
     }
 
     protected function getUser()
     {
-        return $this->injections['user'];
+        return $this->getInjection('user');
     }
 
     protected function getAcl()
     {
-        return $this->injections['acl'];
+        return $this->getContainer()->get('acl');
+    }
+
+    protected function getAclManager()
+    {
+        return $this->getInjection('aclManager');
     }
 
     protected function getConfig()
     {
-        return $this->injections['config'];
+        return $this->getInjection('config');
     }
 
     protected function getMetadata()
     {
-        return $this->injections['metadata'];
+        return $this->getInjection('metadata');
     }
 
     protected function getRepository()

application/Espo/Core/Htmlizer/Htmlizer.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Htmlizer;
@@ -39,11 +46,19 @@ class Htmlizer
 
     protected $config;
 
-    public function __construct(FileManager $fileManager, DateTime $dateTime, Number $number)
+    protected $acl;
+
+    public function __construct(FileManager $fileManager, DateTime $dateTime, Number $number, $acl = null)
     {
         $this->fileManager = $fileManager;
         $this->dateTime = $dateTime;
         $this->number = $number;
+        $this->acl = $acl;
+    }
+
+    protected function getAcl()
+    {
+        return $this->acl;
     }
 
     protected function formatNumber($value)
@@ -61,20 +76,25 @@ class Htmlizer
         return $value;
     }
 
-    protected function getDataFromEntity(Entity $entity)
+    protected function getDataFromEntity(Entity $entity, $skipLinks = false)
     {
         $data = $entity->toArray();
 
-
-
         $fieldDefs = $entity->getFields();
         $fieldList = array_keys($fieldDefs);
 
+        $forbidenAttributeList = [];
+
+        if ($this->getAcl()) {
+            $forbidenAttributeList = $this->getAcl()->getScopeForbiddenAttributeList($entity->getEntityType(), 'read');
+        }
+
         foreach ($fieldList as $field) {
-            $type = null;
-            if (!empty($fieldDefs[$field]['type'])) {
-                $type = $fieldDefs[$field]['type'];
-            }
+            if (in_array($field, $forbidenAttributeList)) continue;
+
+
+            $type = $entity->getAttributeType($field);
+
             if ($type == Entity::DATETIME) {
                 if (!empty($data[$field])) {
                     $data[$field] = $this->dateTime->convertSystemDateTime($data[$field]);
@@ -109,6 +129,8 @@ class Htmlizer
                         $data[$field][$k] = $this->format($data[$field][$k]);
                     }
                 }
+            } else if ($type === Entity::PASSWORD) {
+                unset($data[$field]);
             }
 
             if (array_key_exists($field, $data)) {
@@ -116,19 +138,52 @@ class Htmlizer
             }
         }
 
+        if (!$skipLinks) {
+            $relationDefs = $entity->getRelations();
+            foreach ($entity->getRelationList() as $relation) {
+                if (
+                    !empty($relationDefs[$relation]['type'])
+                    &&
+                    ($entity->getRelationType($relation) === 'belongsTo' || $entity->getRelationType($relation) === 'belongsToParent')
+                ) {
+                    $relatedEntity = $entity->get($relation);
+                    if (!$relatedEntity) continue;
+                    if ($this->getAcl()) {
+                        if (!$this->getAcl()->check($relatedEntity, 'read')) continue;
+                    }
+
+                    $data[$relation] = $this->getDataFromEntity($relatedEntity, true);
+                }
+            }
+        }
+
         return $data;
     }
 
-    public function render(Entity $entity, $template)
+    public function render(Entity $entity, $template, $id = null, $additionalData = array(), $skipLinks = false)
     {
         $code = \LightnCandy::compile($template);
-        $id = uniqid('', true);
-        $fileName = 'data/cache/template-' . $id;
-        $this->fileManager->putContents($fileName, $code);
-        $renderer = include($fileName);
-        $this->fileManager->removeFile($fileName);
 
-        $data = $this->getDataFromEntity($entity);
+        $toRemove = false;
+        if ($id === null) {
+            $id = uniqid('', true);
+            $toRemove = true;
+        }
+
+        $fileName = 'data/cache/templates/' . $id . '.php';
+
+        $this->fileManager->putContents($fileName, $code);
+        $renderer = $this->fileManager->getPhpContents($fileName);
+
+        if ($toRemove) {
+            $this->fileManager->removeFile($fileName);
+        }
+
+        $data = $this->getDataFromEntity($entity, $skipLinks);
+
+        foreach ($additionalData as $k => $value) {
+            $data[$k] = $value;
+        }
 
         $html = $renderer($data);
 

application/Espo/Core/Interfaces/Injectable.php

@@ -18,14 +18,21 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
- ************************************************************************/ 
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Core\Interfaces;
 
 interface Injectable
 {
     public function getDependencyList();
-    
+
     public function inject($name, $object);
 }
 

application/Espo/Core/Interfaces/Loader.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Interfaces;

application/Espo/Core/Jobs/Base.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Jobs;
@@ -63,7 +70,5 @@ abstract class Base
         $this->container = $container;
     }
 
-    abstract public function run();
-
 }
 

application/Espo/Core/Loaders/Base.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Loaders;

application/Espo/Core/Loaders/EmailFilterManager.php

@@ -0,0 +1,43 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Loaders;
+
+class EmailFilterManager extends Base
+{
+    public function load()
+    {
+        $emailFilterManager = new \Espo\Core\Utils\EmailFilterManager(
+            $this->getContainer()->get('entityManager')
+        );
+
+        return $emailFilterManager;
+    }
+}
+

application/Espo/Core/Loaders/EntityManager.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Loaders;
@@ -33,6 +40,7 @@ class EntityManager extends Base
             'port' => $config->get('database.port'),
             'dbname' => $config->get('database.dbname'),
             'user' => $config->get('database.user'),
+            'charset' => $config->get('database.charset', 'utf8'),
             'password' => $config->get('database.password'),
             'metadata' => $this->getContainer()->get('metadata')->getOrmMetadata(),
             'repositoryFactoryClassName' => '\\Espo\\Core\\ORM\\RepositoryFactory',

application/Espo/Core/Loaders/EntityManagerUtil.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Loaders;

application/Espo/Core/Mail/FiltersMatcher.php

@@ -0,0 +1,120 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Mail;
+
+
+use \Espo\Entities\Email;
+
+class FiltersMatcher
+{
+    public function __construct()
+    {
+
+    }
+
+    public function match(Email $email, $subject, $skipBody = false)
+    {
+        if (is_array($subject) || $subject instanceof \Traversable) {
+            $filterList = $subject;
+        } else {
+            $filterList = [$subject];
+        }
+
+        foreach ($filterList as $filter) {
+            if ($filter->get('from')) {
+                if ($this->matchString(strtolower($filter->get('from')), strtolower($email->get('from')))) {
+                    return true;
+                }
+            }
+            if ($filter->get('to')) {
+                if ($email->get('to')) {
+                    $toArr = explode(';', $email->get('to'));
+                    foreach ($toArr as $to) {
+                        if ($this->matchString(strtolower($filter->get('to')), strtolower($to))) {
+                            return true;
+                        }
+                    }
+                }
+            }
+            if ($filter->get('subject')) {
+                if ($this->matchString($filter->get('subject'), $email->get('name'))) {
+                    return true;
+                }
+            }
+        }
+
+        if (!$skipBody) {
+            if ($this->matchBody($email, $filterList)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public function matchBody(Email $email, $subject)
+    {
+        if (is_array($subject) || $subject instanceof \Traversable) {
+            $filterList = $subject;
+        } else {
+            $filterList = [$subject];
+        }
+
+        foreach ($filterList as $filter) {
+            if ($filter->get('bodyContains')) {
+                $phraseList = $filter->get('bodyContains');
+                $body = $email->get('body');
+                $bodyPlain = $email->get('bodyPlain');
+                foreach ($phraseList as $phrase) {
+                    if (stripos($bodyPlain, $phrase) !== false) {
+                        return true;
+                    }
+                    if (stripos($body, $phrase) !== false) {
+                        return true;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
+    protected function matchString($pattern, $value)
+    {
+        if ($pattern == $value) {
+            return true;
+        }
+        $pattern = preg_quote($pattern, '#');
+        $pattern = str_replace('\*', '.*', $pattern).'\z';
+        if (preg_match('#^'.$pattern.'#', $value)) {
+            return true;
+        }
+        return false;
+    }
+}

application/Espo/Core/Mail/Importer.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Mail;
@@ -25,52 +32,65 @@ namespace Espo\Core\Mail;
 use \Zend\Mime\Mime as Mime;
 
 use \Espo\ORM\Entity;
+use \Espo\ORM\Email;
 
 class Importer
 {
     private $entityManager;
 
-    private $fileManager;
-
     private $config;
 
-    public function __construct($entityManager, $fileManager, $config)
+    private $filtersMatcher;
+
+    public function __construct($entityManager, $config)
     {
         $this->entityManager = $entityManager;
-        $this->fileManager = $fileManager;
         $this->config = $config;
+        $this->filtersMatcher = new FiltersMatcher();
     }
 
     protected function getEntityManager()
     {
         return $this->entityManager;
     }
+
     protected function getConfig()
     {
         return $this->config;
     }
 
-    protected function getFileManager()
+    protected function getFiltersMatcher()
     {
-        return $this->fileManager;
+        return $this->filtersMatcher;
     }
 
-    public function importMessage($message, $userId, $teamsIds = array())
+    public function importMessage($message, $assignedUserId = null, $teamsIdList = [], $userIdList = [], $filterList = [], $fetchOnlyHeader = false, $folderData = null)
     {
         try {
             $email = $this->getEntityManager()->getEntity('Email');
 
+            $email->set('isBeingImported', true);
+
             $subject = $message->subject;
-            if ($subject !== '0' && empty($subject)) {
+            if ($subject !== '0' && empty(trim($subject))) {
                 $subject = '(No Subject)';
             }
 
             $email->set('isHtml', false);
             $email->set('name', $subject);
             $email->set('status', 'Archived');
-            $email->set('attachmentsIds', array());
-            $email->set('assignedUserId', $userId);
-            $email->set('teamsIds', $teamsIds);
+            $email->set('attachmentsIds', []);
+            if ($assignedUserId) {
+                $email->set('assignedUserId', $assignedUserId);
+                $email->addLinkMultipleId('assignedUsers', $assignedUserId);
+            }
+            $email->set('teamsIds', $teamsIdList);
+
+            if (!empty($userIdList)) {
+                foreach ($userIdList as $uId) {
+                    $email->addLinkMultipleId('users', $uId);
+                }
+            }
 
             $fromArr = $this->getAddressListFromMessage($message, 'from');
             if (isset($message->from)) {
@@ -82,31 +102,60 @@ class Importer
 
             $toArr = $this->getAddressListFromMessage($message, 'to');
             $ccArr = $this->getAddressListFromMessage($message, 'cc');
+            $replyToArr = $this->getAddressListFromMessage($message, 'replyTo');
 
             $email->set('from', $fromArr[0]);
             $email->set('to', implode(';', $toArr));
             $email->set('cc', implode(';', $ccArr));
+            $email->set('replyTo', implode(';', $replyToArr));
+
+            if ($folderData) {
+                foreach ($folderData as $uId => $folderId) {
+                    $email->setLinkMultipleColumn('users', 'folderId', $uId, $folderId);
+                }
+            }
+
+            if ($this->getFiltersMatcher()->match($email, $filterList, true)) {
+                return false;
+            }
 
             if (isset($message->messageId) && !empty($message->messageId)) {
                 $email->set('messageId', $message->messageId);
                 if (isset($message->deliveredTo)) {
                     $email->set('messageIdInternal', $message->messageId . '-' . $message->deliveredTo);
                 }
+                if (stripos($message->messageId, '@espo-system') !== false) {
+                    return;
+                }
             }
 
             if ($duplicate = $this->findDuplicate($email)) {
-            	$duplicate->loadLinkMultipleField('users');
-            	$usersIds = $duplicate->get('usersIds');
-            	$usersIds[] = $userId;
-            	$duplicate->set('usersIds', $usersIds);
+                if ($assignedUserId) {
+                    $duplicate->addLinkMultipleId('users', $assignedUserId);
+                    $duplicate->addLinkMultipleId('assignedUsers', $assignedUserId);
+                }
+                if (!empty($userIdList)) {
+                    foreach ($userIdList as $uId) {
+                        $duplicate->addLinkMultipleId('users', $uId);
+                    }
+                }
+
+                if ($folderData) {
+                    foreach ($folderData as $uId => $folderId) {
+                        $email->setLinkMultipleColumn('users', 'folderId', $uId, $folderId);
+                    }
+                }
+
+                $duplicate->set('isBeingImported', true);
+
             	$this->getEntityManager()->saveEntity($duplicate);
 
-                if (!empty($teamsIds)) {
-                    foreach ($teamsIds as $teamId) {
+                if (!empty($teamsIdList)) {
+                    foreach ($teamsIdList as $teamId) {
                         $this->getEntityManager()->getRepository('Email')->relate($duplicate, 'teams', $teamId);
                     }
                 }
-                return false;
+                return $duplicate;
             }
 
             if (isset($message->date)) {
@@ -128,31 +177,84 @@ class Importer
 
             $inlineIds = array();
 
-            if ($message->isMultipart()) {
-                foreach (new \RecursiveIteratorIterator($message) as $part) {
-                    $this->importPartDataToEmail($email, $part, $inlineIds);
+            if (!$fetchOnlyHeader) {
+                if ($message->isMultipart()) {
+                    foreach (new \RecursiveIteratorIterator($message) as $part) {
+                        $this->importPartDataToEmail($email, $part, $inlineIds);
+                    }
+                } else {
+                    $this->importPartDataToEmail($email, $message, $inlineIds, 'text/plain');
+                }
+
+                if (!$email->get('body') && $email->get('bodyPlain')) {
+                    $email->set('body', $email->get('bodyPlain'));
+                }
+
+                $body = $email->get('body');
+                if (!empty($body)) {
+                    foreach ($inlineIds as $cid => $attachmentId) {
+                        if (strpos($body, 'cid:' . $cid) !== false) {
+                            $body = str_replace('cid:' . $cid, '?entryPoint=attachment&id=' . $attachmentId, $body);
+                        } else {
+                            $email->addLinkMultipleId('attachments', $attachmentId);
+                        }
+                    }
+                    $email->set('body', $body);
+                }
+
+                if ($this->getFiltersMatcher()->matchBody($email, $filterList)) {
+                    return false;
                 }
             } else {
-                $this->importPartDataToEmail($email, $message, $inlineIds, 'text/plain');
-            }
-
-            $body = $email->get('body');
-            if (!empty($body)) {
-                foreach ($inlineIds as $cid => $attachmentId) {
-                    $body = str_replace('cid:' . $cid, '?entryPoint=attachment&id=' . $attachmentId, $body);
-                }
-                $email->set('body', $body);
+                $email->set('body', '(Not fetched)');
+                $email->set('isHtml', false);
             }
 
             $parentFound = false;
 
+            $replied = null;
+            if (isset($message->inReplyTo) && !empty($message->inReplyTo)) {
+                $arr = explode(' ', $message->inReplyTo);
+                $inReplyTo = $arr[0];
+                $replied = $this->getEntityManager()->getRepository('Email')->where(array(
+                    'messageId' => $inReplyTo
+                ))->findOne();
+                if ($replied) {
+                    $email->set('repliedId', $replied->id);
+                }
+            }
+
             if (isset($message->references) && !empty($message->references)) {
-                $reference = str_replace(array('/', '@'), " ", trim($message->references, '<>'));
+                $arr = explode(' ', $message->references);
+                $reference = $arr[0];
+                $reference = str_replace(array('/', '@'), " ", trim($reference, '<>'));
                 $parentType = $parentId = null;
                 $emailSent = PHP_INT_MAX;
                 $n = sscanf($reference, '%s %s %d %d espo', $parentType, $parentId, $emailSent, $number);
                 if ($n == 4 && $emailSent < time()) {
                     if (!empty($parentType) && !empty($parentId)) {
+                        if ($parentType == 'Lead') {
+                            $parent = $this->getEntityManager()->getEntity('Lead', $parentId);
+                            if ($parent && $parent->get('status') == 'Converted') {
+                                if ($parent->get('createdAccountId')) {
+                                    $account = $this->getEntityManager()->getEntity('Account', $parent->get('createdAccountId'));
+                                    if ($account) {
+                                        $parentType = 'Account';
+                                        $parentId = $account->id;
+                                    }
+                                } else {
+                                    if ($this->getConfig()->get('b2cMode')) {
+                                        if ($parent->get('createdContactId')) {
+                                            $contact = $this->getEntityManager()->getEntity('Contact', $parent->get('createdContactId'));
+                                            if ($contact) {
+                                                $parentType = 'Contact';
+                                                $parentId = $contact->id;
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                        }
                         $email->set('parentType', $parentType);
                         $email->set('parentId', $parentId);
                         $parentFound = true;
@@ -160,15 +262,29 @@ class Importer
                 }
             }
 
+            if (!$parentFound) {
+                if ($replied && $replied->get('parentId') && $replied->get('parentType')) {
+                    $parentFound = $this->getEntityManager()->getEntity($replied->get('parentType'), $replied->get('parentId'));
+                    if ($parentFound) {
+                        $email->set('parentType', $replied->get('parentType'));
+                        $email->set('parentId', $replied->get('parentId'));
+                    }
+                }
+            }
             if (!$parentFound) {
                 $from = $email->get('from');
                 if ($from) {
                     $parentFound = $this->findParent($email, $from);
                 }
-                if (!$parentFound) {
-                    if (!empty($toArr)) {
-                        $parentFound = $this->findParent($email, $toArr[0]);
-                    }
+            }
+            if (!$parentFound) {
+                if (!empty($replyToArr)) {
+                    $parentFound = $this->findParent($email, $replyToArr[0]);
+                }
+            }
+            if (!$parentFound) {
+                if (!empty($toArr)) {
+                    $parentFound = $this->findParent($email, $toArr[0]);
                 }
             }
 
@@ -229,12 +345,20 @@ class Importer
         }
     }
 
+    protected function normilizeHeader($header)
+    {
+        if (is_a($header, 'ArrayIterator')) {
+            return $header->current();
+        } else {
+            return $header;
+        }
+    }
+
     protected function getAddressListFromMessage($message, $type)
     {
         $addressList = array();
         if (isset($message->$type)) {
-
-            $list = $message->getHeader($type)->getAddressList();
+            $list = $this->normilizeHeader($message->getHeader($type))->getAddressList();
             foreach ($list as $address) {
                 $addressList[] = $address->getEmail();
             }
@@ -251,6 +375,17 @@ class Importer
                 $type = strtok($part->contentType, ';');
             }
 
+            $contentDisposition = false;
+            if (isset($part->ContentDisposition)) {
+                if (strpos(strtolower($part->ContentDisposition), 'attachment') === 0) {
+                    $contentDisposition = 'attachment';
+                } else if (strpos(strtolower($part->ContentDisposition), 'inline') === 0) {
+                    $contentDisposition = 'inline';
+                }
+            } else if (isset($part->contentID)) {
+                $contentDisposition = 'inline';
+            }
+
             if (empty($type)) {
                 if (!empty($defaultContentType)) {
                     $type = $defaultContentType;
@@ -260,28 +395,26 @@ class Importer
             }
 
             $encoding = null;
-
             $isAttachment = true;
-
             if ($type == 'text/plain' || $type == 'text/html') {
-
-                $isAttachment = false;
-                $content = $this->getContentFromPart($part);
-                if ($type == 'text/plain') {
-                    if ($email->get('bodyPlain')) {
-                        $isAttachment = true;
-                    } else {
-                        $email->set('bodyPlain', $content);
-                        if (!$email->get('body')) {
-                            $email->set('body', $content);
+                if ($contentDisposition !== 'attachment') {
+                    $isAttachment = false;
+                    $content = $this->getContentFromPart($part);
+                    if ($type == 'text/plain') {
+                        $bodyPlain = '';
+                        if ($email->get('bodyPlain')) {
+                            $bodyPlain .= $email->get('bodyPlain') . "\n";
                         }
-                    }
-                } else if ($type == 'text/html') {
-                    if ($email->get('isHtml')) {
-                        $isAttachment = true;
-                    } else {
-                        $email->set('body', $content);
+                        $bodyPlain .= $content;
+                        $email->set('bodyPlain', $bodyPlain);
+                    } else if ($type == 'text/html') {
+                        $body = '';
+                        if ($email->get('body')) {
+                            $body .= $email->get('body') . "<br>";
+                        }
+                        $body .= $content;
                         $email->set('isHtml', true);
+                        $email->set('body', $body);
                     }
                 }
             }
@@ -293,22 +426,22 @@ class Importer
                 $fileName = null;
                 $contentId = null;
 
-                if (isset($part->ContentDisposition)) {
-                    if (strpos($part->ContentDisposition, 'attachment') === 0) {
-                        if (preg_match('/filename="?([^"]+)"?/i', $part->ContentDisposition, $m)) {
-                            $fileName = $m[1];
+                if ($contentDisposition) {
+                    if ($contentDisposition === 'attachment') {
+                        $fileName = $this->fetchFileNameFromContentDisposition($part->ContentDisposition);
+                        if ($fileName) {
                             $disposition = 'attachment';
                         }
-                    } else if (strpos($part->ContentDisposition, 'inline') === 0) {
+                    } else if ($contentDisposition ===  'inline') {
                         if (isset($part->contentID)) {
                             $contentId = trim($part->contentID, '<>');
                             $fileName = $contentId;
                             $disposition = 'inline';
                         } else {
-                            // hack for iOS not proper attachments
+                            // for iOS attachments
                             if (empty($fileName)) {
-                                if (preg_match('/filename="?([^"]+)"?/i', $part->ContentDisposition, $m)) {
-                                    $fileName = $m[1];
+                                $fileName = $this->fetchFileNameFromContentDisposition($part->ContentDisposition);
+                                if ($fileName) {
                                     $disposition = 'attachment';
                                 }
                             }
@@ -317,7 +450,7 @@ class Importer
                 }
 
                 if (isset($part->contentTransferEncoding)) {
-                    $encoding = strtolower($part->getHeader('Content-Transfer-Encoding')->getTransferEncoding());
+                    $encoding = strtolower($this->normilizeHeader($part->getHeader('Content-Transfer-Encoding'))->getTransferEncoding());
                 }
 
                 $attachment = $this->getEntityManager()->getEntity('Attachment');
@@ -334,13 +467,10 @@ class Importer
                     $content = base64_decode($content);
                 }
 
-                $attachment->set('size', strlen($content));
+                $attachment->set('contents', $content);
 
                 $this->getEntityManager()->saveEntity($attachment);
 
-                $path = 'data/upload/' . $attachment->id;
-                $this->getFileManager()->putContents($path, $content);
-
                 if ($disposition == 'attachment') {
                     $attachmentsIds = $email->get('attachmentsIds');
                     $attachmentsIds[] = $attachment->id;
@@ -352,6 +482,63 @@ class Importer
         } catch (\Exception $e) {}
     }
 
+    protected function decodeAttachmentFileName($fileName)
+    {
+        if ($fileName && stripos($fileName, "''") !== false) {
+            list($encoding, $fileName) = explode("''", $fileName);
+            $fileName = rawurldecode($fileName);
+            if (strtoupper($encoding) !== 'UTF-8') {
+                if ($encoding) {
+                    $fileName = mb_convert_encoding($fileName, 'UTF-8', $encoding);
+                }
+            }
+        }
+        return $fileName;
+    }
+
+    protected function fetchFileNameFromContentDisposition($contentDisposition)
+    {
+        $contentDisposition = preg_replace('/\\\\"/', "{{_!Q!U!O!T!E!_}}", $contentDisposition);
+
+        $fileName = false;
+        $m = array();
+
+        if (preg_match('/filename="([^"]+)";?/i', $contentDisposition, $m)) {
+            $fileName = $m[1];
+        } else if (preg_match('/filename=([^";]+);?/i', $contentDisposition, $m)) {
+            $fileName = $m[1];
+        } else if (preg_match('/filename\*="([^"]+)";?/i', $contentDisposition, $m)) {
+            $fileName = $m[1];
+            $fileName = $this->decodeAttachmentFileName($fileName);
+        } else if (preg_match('/filename\*=([^";]+);?/i', $contentDisposition, $m)) {
+            $fileName = $m[1];
+            $fileName = $this->decodeAttachmentFileName($fileName);
+        } else {
+            $fileName = '';
+            foreach (['0', '1'] as $i) {
+                if (preg_match('/filename\*'.$i.'[\*]?="([^"]+)";?/i', $contentDisposition, $m)) {
+                    $part = $m[1];
+                    $fileName .= $part;
+                } else if (preg_match('/filename\*'.$i.'[\*]?=([^";]+);?/i', $contentDisposition, $m)) {
+                    $part = $m[1];
+                    $fileName .= $part;
+                }
+            }
+
+            if ($fileName === '') {
+                $fileName = null;
+            } else {
+                $fileName = $this->decodeAttachmentFileName($fileName);
+            }
+        }
+
+        if ($fileName) {
+            $fileName = str_replace('{{_!Q!U!O!T!E!_}}', '"', $fileName);
+        }
+
+        return $fileName;
+    }
+
     protected function getContentFromPart($part)
     {
         if ($part instanceof \Zend\Mime\Part) {
@@ -365,7 +552,7 @@ class Importer
             $encoding = null;
 
             if (isset($part->contentTransferEncoding)) {
-                $cteHeader = $part->getHeader('Content-Transfer-Encoding');
+                $cteHeader = $this->normilizeHeader($part->getHeader('Content-Transfer-Encoding'));
                 $encoding = strtolower($cteHeader->getTransferEncoding());
             }
 
@@ -376,7 +563,7 @@ class Importer
             $charset = 'UTF-8';
 
             if (isset($part->contentType)) {
-                $ctHeader = $part->getHeader('Content-Type');
+                $ctHeader = $this->normilizeHeader($part->getHeader('Content-Type'));
                 $charsetParamValue = $ctHeader->getParameter('charset');
                 if (!empty($charsetParamValue)) {
                     $charset = strtoupper($charsetParamValue);
@@ -384,7 +571,7 @@ class Importer
             }
 
             if (isset($part->contentTransferEncoding)) {
-                $cteHeader = $part->getHeader('Content-Transfer-Encoding');
+                $cteHeader = $this->normilizeHeader($part->getHeader('Content-Transfer-Encoding'));
                 if ($cteHeader->getTransferEncoding() == 'quoted-printable') {
                     $content = quoted_printable_decode($content);
                 }

application/Espo/Core/Mail/Mail/Header/XQueueItemId.php

@@ -0,0 +1,102 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace Espo\Core\Mail\Mail\Header;
+
+use \Zend\Mail\Header;
+use Zend\Mime\Mime;
+
+class XQueueItemId implements Header\HeaderInterface
+{
+    protected $fieldName = 'X-QueueItemId';
+
+    protected $id = null;
+
+    public static function fromString($headerLine)
+    {
+        list($name, $value) = Header\GenericHeader::splitHeaderLine($headerLine);
+        $value = Header\HeaderWrap::mimeDecodeValue($value);
+
+        if (strtolower($name) !== 'x-queue-item-id') {
+            throw new Header\Exception\InvalidArgumentException('Invalid header line for Message-ID string');
+        }
+
+        $header = new static();
+        $header->setId($value);
+
+        return $header;
+    }
+
+    public function getFieldName()
+    {
+        return $this->fieldName;
+    }
+
+    public function setFieldName($value)
+    {
+    }
+
+    public function setEncoding($encoding)
+    {
+        return $this;
+    }
+
+    public function setId($id)
+    {
+        $this->id = $id;
+    }
+
+    public function getEncoding()
+    {
+        return 'ASCII';
+    }
+
+    public function toString()
+    {
+        return $this->fieldName . ': ' . $this->getFieldValue();
+    }
+
+    public function getFieldValue($format = Header\HeaderInterface::FORMAT_RAW)
+    {
+        return $this->id;
+    }
+}

application/Espo/Core/Mail/Mail/Headers.php

@@ -1,4 +1,38 @@
-<?php
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2015 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
 
 namespace Espo\Core\Mail\Mail;
 

application/Espo/Core/Mail/Mail/Storage/Imap.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Mail\Mail\Storage;

application/Espo/Core/Mail/Mail/Storage/Message.php

@@ -18,6 +18,13 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
 namespace Espo\Core\Mail\Mail\Storage;
@@ -27,6 +34,7 @@ use Zend\Mail\Header\HeaderInterface;
 use Zend\Mime;
 use Zend\Mail\Storage\Exception;
 use Zend\Mail\Storage\AbstractStorage;
+use Zend\Stdlib\ErrorHandler;
 
 class Message extends \Zend\Mail\Storage\Message
 {