fix label manager

See https://social.technet.microsoft.com/Forums/lync/en-US/c16cc4aa-0a07-4742-929d-1b01d698066e/ics-file-description-with-colon-and-newline-is-displayed-without-newlines?forum=outlook

CONTRIBUTING.md

@@ -6,4 +6,4 @@ Before we can merge your pull request you need to accept our CLA [here](https://
 
 ## Issues
 
-We don't provide developer help or any kind of support on github. Please use our [forum](http://forum.espocrm.com/) for this.
+We don't provide developer help or any kind of support on github. Please use our [forum](https://forum.espocrm.com) for this.

README.md

@@ -9,7 +9,7 @@ Download the latest release from our [website](http://www.espocrm.com).
 ### Requirements
 
 * PHP 5.6 or above (with pdo, json, gd, openssl, zip, imap, mbstring, curl extensions);
-* MySQL 5.1 or above.
+* MySQL 5.5.3 or above.
 
 For more information about server configuration see [this article](https://www.espocrm.com/documentation/administration/server-configuration/).
 

application/Espo/Acl/EmailAddress.php

@@ -0,0 +1,63 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class EmailAddress extends \Espo\Core\Acl\Base
+{
+    public function checkEditInEntity(EntityUser $user, Entity $entity, Entity $excludeEntity)
+    {
+        $id = $entity->id;
+
+        $isFobidden = false;
+
+        $repository = $this->getEntityManager()->getRepository('EmailAddress');
+
+        if (!$user->isAdmin()) {
+            $entityWithSameAddressList = $repository->getEntityListByAddressId($id, $excludeEntity);
+            foreach ($entityWithSameAddressList as $e) {
+                if (!$this->getAclManager()->check($user, $e, 'edit')) {
+                    $isFobidden = true;
+                    if (
+                        $e->get('isPortalUser') && $excludeEntity->getEntityType() === 'Contact' &&
+                        $e->get('contactId') === $excludeEntity->id
+                    ) {
+                        $isFobidden = false;
+                    }
+                    if ($isFobidden) break;
+                }
+            }
+        }
+        return !$isFobidden;
+    }
+}
+

application/Espo/Acl/Note.php

@@ -0,0 +1,45 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Note extends \Espo\Core\Acl\Base
+{
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        if ($entity->get('type') === 'Post' && $user->id === $entity->get('createdById')) {
+            return true;
+        }
+        return false;
+    }
+}
+

application/Espo/Acl/PhoneNumber.php

@@ -0,0 +1,63 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class PhoneNumber extends \Espo\Core\Acl\Base
+{
+    public function checkEditInEntity(EntityUser $user, Entity $entity, Entity $excludeEntity)
+    {
+        $id = $entity->id;
+
+        $isFobidden = false;
+
+        $repository = $this->getEntityManager()->getRepository('PhoneNumber');
+
+        if (!$user->isAdmin()) {
+            $entityWithSameNumberList = $repository->getEntityListByPhoneNumberId($id, $excludeEntity);
+            foreach ($entityWithSameNumberList as $e) {
+                if (!$this->getAclManager()->check($user, $e, 'edit')) {
+                    $isFobidden = true;
+                    if (
+                        $e->get('isPortalUser') && $excludeEntity->getEntityType() === 'Contact' &&
+                        $e->get('contactId') === $excludeEntity->id
+                    ) {
+                        $isFobidden = false;
+                    }
+                    if ($isFobidden) break;
+                }
+            }
+        }
+
+        return !$isFobidden;
+    }
+}

application/Espo/Acl/User.php

@@ -39,11 +39,22 @@ class User extends \Espo\Core\Acl\Base
         return $user->id === $entity->id;
     }
 
+    public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
+    {
+        if (!$user->isAdmin()) {
+            return false;
+        }
+        return $this->checkEntity($user, $entity, $data, 'create');
+    }
+
     public function checkEntityDelete(EntityUser $user, Entity $entity, $data)
     {
         if ($entity->id === 'system') {
             return false;
         }
+        if (!$user->isAdmin()) {
+            return false;
+        }
         return parent::checkEntityDelete($user, $entity, $data);
     }
 
@@ -52,6 +63,11 @@ class User extends \Espo\Core\Acl\Base
         if ($entity->id === 'system') {
             return false;
         }
+        if (!$user->isAdmin()) {
+            if ($user->id !== $entity->id) {
+                return false;
+            }
+        }
         return $this->checkEntity($user, $entity, $data, 'edit');
     }
 }

application/Espo/AclPortal/EmailAddress.php

@@ -0,0 +1,56 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class EmailAddress extends \Espo\Core\AclPortal\Base
+{
+    public function checkEditInEntity(EntityUser $user, Entity $entity, Entity $excludeEntity)
+    {
+        $id = $entity->id;
+
+        $isFobidden = false;
+
+        $repository = $this->getEntityManager()->getRepository('EmailAddress');
+
+        if (!$user->isAdmin()) {
+            $entityWithSameAddressList = $repository->getEntityListByAddressId($id, $excludeEntity);
+            foreach ($entityWithSameAddressList as $e) {
+                if (!$this->getAclManager()->check($user, $e, 'edit')) {
+                    $isFobidden = true;
+                    break;
+                }
+            }
+        }
+        return !$isFobidden;
+    }
+}

application/Espo/AclPortal/Note.php

@@ -0,0 +1,45 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Note extends \Espo\Core\AclPortal\Base
+{
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        if ($entity->get('type') === 'Post' && $user->id === $entity->get('createdById')) {
+            return true;
+        }
+        return false;
+    }
+}
+

application/Espo/AclPortal/PhoneNumber.php

@@ -0,0 +1,57 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class PhoneNumber extends \Espo\Core\AclPortal\Base
+{
+    public function checkEditInEntity(EntityUser $user, Entity $entity, Entity $excludeEntity)
+    {
+        $id = $entity->id;
+
+        $isFobidden = false;
+
+        $repository = $this->getEntityManager()->getRepository('PhoneNumber');
+
+        if (!$user->isAdmin()) {
+            $entityWithSameNumberList = $repository->getEntityListByPhoneNumberId($id, $excludeEntity);
+            foreach ($entityWithSameNumberList as $e) {
+                if (!$this->getAclManager()->check($user, $e, 'edit')) {
+                    $isFobidden = true;
+                    break;
+                }
+            }
+        }
+
+        return !$isFobidden;
+    }
+}

application/Espo/Controllers/AuthLogRecord.php

@@ -0,0 +1,67 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Forbidden;
+
+class AuthLogRecord extends \Espo\Core\Controllers\Record
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function actionUpdate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionMassUpdate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionCreate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionCreateLink($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionRemoveLink($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+}

application/Espo/Controllers/DataPrivacy.php

@@ -0,0 +1,55 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use Espo\Core\Exceptions\Error;
+use Espo\Core\Exceptions\Forbidden;
+use Espo\Core\Exceptions\NotFound;
+use Espo\Core\Exceptions\BadRequest;
+
+class DataPrivacy extends \Espo\Core\Controllers\Base
+{
+    protected function checkControllerAccess()
+    {
+        if ($this->getAcl()->get('dataPrivacyPermission') === 'no') {
+            throw new Forbidden();
+        }
+    }
+
+    public function postActionErase($params, $data)
+    {
+        if (empty($data->entityType) || empty($data->id) || empty($data->fieldList) || !is_array($data->fieldList)) {
+            throw new BadRequest();
+        }
+
+        return $this->getServiceFactory()->create('DataPrivacy')->erase($data->entityType, $data->id, $data->fieldList);
+    }
+
+}

application/Espo/Controllers/EntityManager.php

@@ -83,6 +83,17 @@ class EntityManager extends \Espo\Core\Controllers\Base
         if (isset($data['textFilterFields']) && is_array($data['textFilterFields'])) {
             $params['textFilterFields'] = $data['textFilterFields'];
         }
+        if (!empty($data['color'])) {
+            $params['color'] = $data['color'];
+        }
+        if (!empty($data['iconClass'])) {
+            $params['iconClass'] = $data['iconClass'];
+        }
+
+        $params['kanbanViewMode'] = !empty($data['kanbanViewMode']);
+        if (!empty($data['kanbanStatusIgnoreList'])) {
+            $params['kanbanStatusIgnoreList'] = $data['kanbanStatusIgnoreList'];
+        }
 
         $result = $this->getContainer()->get('entityManagerUtil')->create($name, $type, $params);
 
@@ -245,7 +256,9 @@ class EntityManager extends \Espo\Core\Controllers\Base
 
         $params = array();
         foreach ($paramList as $item) {
-        	$params[$item] = filter_var($data[$item], \FILTER_SANITIZE_STRING);
+            if (array_key_exists($item, $data)) {
+                $params[$item] = filter_var($data[$item], \FILTER_SANITIZE_STRING);
+            }
         }
 
         foreach ($additionalParamList as $item) {
@@ -322,4 +335,16 @@ class EntityManager extends \Espo\Core\Controllers\Base
 
         return true;
     }
+
+    public function postActionResetToDefault($params, $data, $request)
+    {
+        if (empty($data->scope)) {
+            throw new BadRequest();
+        }
+
+        $this->getContainer()->get('entityManagerUtil')->resetToDefaults($data->scope);
+        $this->getContainer()->get('dataManager')->clearCache();
+
+        return true;
+    }
 }

application/Espo/Controllers/FieldManager.php

@@ -77,6 +77,11 @@ class FieldManager extends \Espo\Core\Controllers\Base
         return $fieldManager->read($params['scope'], $data->name);
     }
 
+    public function patchActionUpdate($params, $data)
+    {
+        return $this->putActionUpdate($params, $data);
+    }
+
     public function putActionUpdate($params, $data)
     {
         if (empty($params['scope']) || empty($params['name'])) {

application/Espo/Controllers/Settings.php

@@ -90,11 +90,9 @@ class Settings extends \Espo\Core\Controllers\Base
             throw new Error('Cannot save settings');
         }
 
-        /** Rebuild for Currency Settings */
-        if (isset($data->baseCurrency) || isset($data->currencyRates)) {
+        if (isset($data->defaultCurrency) || isset($data->baseCurrency) || isset($data->currencyRates)) {
             $this->getContainer()->get('dataManager')->rebuildDatabase([]);
         }
-        /** END Rebuild for Currency Settings */
 
         return $this->getConfigData();
     }

application/Espo/Core/Acl/Base.php

@@ -217,7 +217,7 @@ class Base implements Injectable
             }
         }
 
-        if ($entity->hasAttribute('assignedUsersIds') && $entity->hasRelation('assignedUsers')) {
+        if ($entity->hasLinkMultipleField('assignedUsers')) {
             if ($entity->hasLinkMultipleId('assignedUsers', $user->id)) {
                 return true;
             }

application/Espo/Core/Acl/Table.php

@@ -169,7 +169,7 @@ class Table
         if (isset($this->data->$permission)) {
             return $this->data->$permission;
         }
-        return null;
+        return 'no';
     }
 
     public function getLevel($scope, $action)
@@ -210,6 +210,7 @@ class Table
             $this->applyDisabled($aclTable, $fieldTable);
             $this->applyMandatory($aclTable, $fieldTable);
             $this->applyAdditional($aclTable, $fieldTable, $valuePermissionLists);
+            $this->applyReadOnlyFields($fieldTable);
         } else {
             $aclTable = (object) [];
             foreach ($this->getScopeList() as $scope) {
@@ -713,25 +714,29 @@ class Table
     private function buildCache()
     {
         $this->fileManager->putPhpContents($this->cacheFilePath, $this->data, true);
-        /*$contents = '<' . '?'. 'php return ' .  $this->varExport($this->data)  . ';';
-        $this->fileManager->putContents($this->cacheFilePath, $contents);*/
     }
 
-    /*private function varExport($variable)
+    protected function applyReadOnlyFields(&$fieldTable)
     {
-        if ($variable instanceof \StdClass) {
-            $result = '(object) ' . $this->varExport(get_object_vars($variable), true);
-        } else if (is_array($variable)) {
-            $array = array();
-            foreach ($variable as $key => $value) {
-                $array[] = var_export($key, true).' => ' . $this->varExport($value, true);
+        // TODO Enable in 5.4.0
+        return;
+        $scopeList = $this->getScopeWithAclList();
+        foreach ($scopeList as $scope) {
+            if (!property_exists($fieldTable, $scope)) continue;
+            $fieldList = array_keys($this->getMetadata()->get(['entityDefs', $scope, 'fields'], []));
+            foreach ($fieldList as $field) {
+                if ($this->getMetadata()->get(['entityDefs', $scope, 'fields', $field, 'readOnly'])) {
+                    if (property_exists($fieldTable->$scope, $field)) {
+                        $fieldTable->$scope->$field->edit = 'no';
+                    } else {
+                        $fieldTable->$scope->$field = (object) [];
+                        foreach ($this->fieldActionList as $action) {
+                            $fieldTable->$scope->$field->$action = 'yes';
+                        }
+                        $fieldTable->$scope->$field->edit = 'no';
+                    }
+                }
             }
-            $result = '['.implode(', ', $array).']';
-        } else {
-            $result = var_export($variable, true);
         }
-
-        return $result;
-    }*/
+    }
 }
-

application/Espo/Core/AclManager.php

@@ -47,6 +47,8 @@ class AclManager
 
     protected $tableClassName = '\\Espo\\Core\\Acl\\Table';
 
+    protected $userAclClassName = '\\Espo\\Core\\Acl';
+
     public function __construct(Container $container)
     {
         $this->container = $container;
@@ -279,5 +281,11 @@ class AclManager
     {
         return $this->checkUserPermission($user, $target, 'assignmentPermission');
     }
-}
 
+    public function createUserAcl(User $user)
+    {
+        $className = $this->userAclClassName;
+        $acl = new $className($this, $user);
+        return $acl;
+    }
+}

application/Espo/Core/Application.php

@@ -91,6 +91,7 @@ class Application
     public function runClient()
     {
         $this->getContainer()->get('clientManager')->display();
+        exit;
     }
 
     public function runEntryPoint($entryPoint, $data = array(), $final = false)

application/Espo/Core/Container.php

@@ -217,7 +217,8 @@ class Container
             $this->get('acl'),
             $this->get('aclManager'),
             $this->get('metadata'),
-            $this->get('config')
+            $this->get('config'),
+            $this->get('injectableFactory')
         );
     }
 
@@ -295,6 +296,16 @@ class Container
         );
     }
 
+    protected function loadBaseLanguage()
+    {
+        return new \Espo\Core\Utils\Language(
+            'en_US',
+            $this->get('fileManager'),
+            $this->get('metadata'),
+            $this->get('useCache')
+        );
+    }
+
     protected function loadDefaultLanguage()
     {
         return new \Espo\Core\Utils\Language(
@@ -329,8 +340,6 @@ class Container
     protected function loadFieldManager()
     {
         return new \Espo\Core\Utils\FieldManager(
-            $this->get('metadata'),
-            $this->get('language'),
             $this
         );
     }

application/Espo/Core/Controllers/Record.php

@@ -160,6 +160,48 @@ class Record extends Base
         );
     }
 
+    public function getActionListKanban($params, $data, $request)
+    {
+        if (!$this->getAcl()->check($this->name, 'read')) {
+            throw new Forbidden();
+        }
+
+        $where = $request->get('where');
+        $offset = $request->get('offset');
+        $maxSize = $request->get('maxSize');
+        $asc = $request->get('asc', 'true') === 'true';
+        $sortBy = $request->get('sortBy');
+        $q = $request->get('q');
+        $textFilter = $request->get('textFilter');
+
+        if (empty($maxSize)) {
+            $maxSize = self::MAX_SIZE_LIMIT;
+        }
+        if (!empty($maxSize) && $maxSize > self::MAX_SIZE_LIMIT) {
+            throw new Forbidden("Max should should not exceed " . self::MAX_SIZE_LIMIT . ". Use pagination (offset, limit).");
+        }
+
+        $params = array(
+            'where' => $where,
+            'offset' => $offset,
+            'maxSize' => $maxSize,
+            'asc' => $asc,
+            'sortBy' => $sortBy,
+            'q' => $q,
+            'textFilter' => $textFilter
+        );
+
+        $this->fetchListParamsFromRequest($params, $request, $data);
+
+        $result = $this->getRecordService()->getListKanban($params);
+
+        return (object) [
+            'total' => $result->total,
+            'list' => $result->collection->getValueMapList(),
+            'additionalData' => $result->additionalData
+        ];
+    }
+
     protected function fetchListParamsFromRequest(&$params, $request, $data)
     {
         if ($request->get('primaryFilter')) {

application/Espo/Core/Export/Xlsx.php

@@ -87,6 +87,20 @@ class Xlsx extends \Espo\Core\Injectable
         }
     }
 
+    public function filterFieldList($entityType, $fieldList, $exportAllFields)
+    {
+        if ($exportAllFields) {
+            foreach ($fieldList as $i => $field) {
+                $type = $this->getMetadata()->get(['entityDefs', $entityType, 'fields', $field, 'type']);
+                if (in_array($type, ['linkMultiple', 'attachmentMultiple'])) {
+                    unset($fieldList[$i]);
+                }
+            }
+        }
+
+        return array_values($fieldList);
+    }
+
     public function addAdditionalAttributes($entityType, &$attributeList, $fieldList)
     {
         $linkList = [];
@@ -130,7 +144,7 @@ class Xlsx extends \Espo\Core\Injectable
             throw new Error();
         }
 
-        $phpExcel = new \PHPExcel();
+        $phpExcel = new \PhpOffice\PhpSpreadsheet\Spreadsheet();
         $sheet = $phpExcel->setActiveSheetIndex(0);
 
         if (isset($params['exportName'])) {
@@ -162,10 +176,11 @@ class Xlsx extends \Espo\Core\Injectable
             )
         );
 
+        $now = new \DateTime();
+        $now->setTimezone(new \DateTimeZone($this->getInjection('config')->get('timeZone', 'UTC')));
+
         $sheet->setCellValue('A1', $exportName);
-
-        $sheet->setCellValue('B1', \PHPExcel_Shared_Date::PHPToExcel(strtotime(date('Y-m-d H:i:s'))));
-
+        $sheet->setCellValue('B1', \PhpOffice\PhpSpreadsheet\Shared\Date::PHPToExcel(strtotime($now->format('Y-m-d H:i:s'))));
 
         $sheet->getStyle('A1')->applyFromArray($titleStyle);
         $sheet->getStyle('B1')->applyFromArray($dateStyle);
@@ -277,6 +292,8 @@ class Xlsx extends \Espo\Core\Injectable
                     }
                 } else if ($type == 'int') {
                     $sheet->setCellValue("$col$rowNumber", $row[$name] ?: 0);
+                } else if ($type == 'float') {
+                    $sheet->setCellValue("$col$rowNumber", $row[$name] ?: 0);
                 } else if ($type == 'currency') {
                     if (array_key_exists($name.'Currency', $row) && array_key_exists($name, $row)) {
                         $sheet->setCellValue("$col$rowNumber", $row[$name] ? $row[$name] : '');
@@ -289,7 +306,7 @@ class Xlsx extends \Espo\Core\Injectable
                     }
                 } else if ($type == 'currencyConverted') {
                     if (array_key_exists($name, $row)) {
-                        $currency = $this->getConfig()->get('baseCurrency');
+                        $currency = $this->getConfig()->get('defaultCurrency');
                         $currencySymbol = $this->getMetadata()->get(['app', 'currency', 'symbolMap', $currency], '');
 
                         $sheet->getStyle("$col$rowNumber")
@@ -316,7 +333,7 @@ class Xlsx extends \Espo\Core\Injectable
                     }
                 } else if ($type == 'date') {
                     if (isset($row[$name])) {
-                        $sheet->setCellValue("$col$rowNumber", \PHPExcel_Shared_Date::PHPToExcel(strtotime($row[$name])));
+                        $sheet->setCellValue("$col$rowNumber", \PhpOffice\PhpSpreadsheet\Shared\Date::PHPToExcel(strtotime($row[$name])));
                     }
                 } else if ($type == 'datetime' || $type == 'datetimeOptional') {
                     $value = null;
@@ -341,14 +358,14 @@ class Xlsx extends \Espo\Core\Injectable
                         }
                     }
                     if ($value) {
-                        $sheet->setCellValue("$col$rowNumber", \PHPExcel_Shared_Date::PHPToExcel(strtotime($value)));
+                        $sheet->setCellValue("$col$rowNumber", \PhpOffice\PhpSpreadsheet\Shared\Date::PHPToExcel(strtotime($value)));
                     }
                 } else if ($type == 'image') {
                     if (isset($row[$name . 'Id']) && $row[$name . 'Id']) {
                         $attachment = $this->getEntityManager()->getEntity('Attachment', $row[$name . 'Id']);
 
                         if ($attachment) {
-                            $objDrawing = new \PHPExcel_Worksheet_Drawing();
+                            $objDrawing = new \PhpOffice\PhpSpreadsheet\Worksheet\Drawing();
                             $filePath = $this->getInjection('fileStorageManager')->getLocalFilePath($attachment);
 
                             if ($filePath && file_exists($filePath)) {
@@ -420,6 +437,36 @@ class Xlsx extends \Espo\Core\Injectable
                         $value .= $row[$name.'Country'];
                     }
                     $sheet->setCellValue("$col$rowNumber", $value);
+                } else if ($type == 'duration') {
+                    if (!empty($row[$name])) {
+                        $seconds = intval($row[$name]);
+
+                        $days = intval(floor($seconds / 86400));
+                        $seconds = $seconds - $days * 86400;
+                        $hours = intval(floor($seconds / 3600));
+                        $seconds = $seconds - $hours * 3600;
+                        $minutes = intval(floor($seconds / 60));
+
+                        $value = '';
+                        if ($days) {
+                            $value .= (string) $days . $this->getInjection('language')->translate('d', 'durationUnits');
+                            if ($minutes || $hours) {
+                                $value .= ' ';
+                            }
+                        }
+                        if ($hours) {
+                            $value .= (string) $hours . $this->getInjection('language')->translate('h', 'durationUnits');
+                            if ($minutes) {
+                                $value .= ' ';
+                            }
+                        }
+                        if ($minutes) {
+                            $value .= (string) $minutes . $this->getInjection('language')->translate('m', 'durationUnits');
+                        }
+
+                        $sheet->setCellValue("$col$rowNumber", $value);
+                    }
+
                 } else {
                     if (array_key_exists($name, $row)) {
                         $sheet->setCellValue("$col$rowNumber", $row[$name]);
@@ -428,6 +475,13 @@ class Xlsx extends \Espo\Core\Injectable
 
                 $link = false;
 
+                $foreignLink = null;
+                $isForeign = false;
+                if (strpos($name, '_')) {
+                    $isForeign = true;
+                    list($foreignLink, $foreignField) = explode('_', $name);
+                }
+
                 if ($name == 'name') {
                     if (array_key_exists('id', $row)) {
                         $link = $this->getConfig()->getSiteUrl() . "/#".$entityType . "/view/" . $row['id'];
@@ -438,7 +492,13 @@ class Xlsx extends \Espo\Core\Injectable
                     }
                 } else if ($type == 'link') {
                     if (array_key_exists($name.'Id', $row)) {
-                        $foreignEntity = $this->getMetadata()->get(['entityDefs', $entityType, 'links', $name, 'entity']);
+                        $foreignEntity = null;
+                        if (!$isForeign) {
+                            $foreignEntity = $this->getMetadata()->get(['entityDefs', $entityType, 'links', $name, 'entity']);
+                        } else {
+                            $foreignEntity1 = $this->getMetadata()->get(['entityDefs', $entityType, 'links', $foreignLink, 'entity']);
+                            $foreignEntity = $this->getMetadata()->get(['entityDefs', $foreignEntity1, 'links', $foreignField, 'entity']);
+                        }
                         if ($foreignEntity) {
                             $link = $this->getConfig()->getSiteUrl() . "/#" . $foreignEntity. "/view/". $row[$name.'Id'];
                         }
@@ -470,12 +530,15 @@ class Xlsx extends \Espo\Core\Injectable
 
         $sheet->getStyle("A2:A$rowNumber")
             ->getNumberFormat()
-            ->setFormatCode(\PHPExcel_Style_NumberFormat::FORMAT_TEXT);
+            ->setFormatCode(\PhpOffice\PhpSpreadsheet\Style\NumberFormat::FORMAT_TEXT);
 
         $startingRowNumber = 4;
 
         foreach ($fieldList as $i => $name) {
             $col = $azRange[$i];
+            if (!array_key_exists($name, $typesCache)) {
+                break;
+            }
             $type = $typesCache[$name];
 
             switch ($type) {
@@ -488,6 +551,11 @@ class Xlsx extends \Espo\Core\Injectable
                         ->getNumberFormat()
                         ->setFormatCode('0');
                 } break;
+                case 'float': {
+                    $sheet->getStyle($col.$startingRowNumber.':'.$col.$rowNumber)
+                        ->getNumberFormat()
+                        ->setFormatCode(\PhpOffice\PhpSpreadsheet\Style\NumberFormat::FORMAT_NUMBER_COMMA_SEPARATED1);
+                } break;
                 case 'date': {
                     $sheet->getStyle($col.$startingRowNumber.':'.$col.$rowNumber)
                         ->getNumberFormat()
@@ -521,7 +589,7 @@ class Xlsx extends \Espo\Core\Injectable
             $sheet->getStyle($linkColumn.$startingRowNumber.':'.$linkColumn.$rowNumber)->applyFromArray($linkStyle);
         }
 
-        $objWriter = \PHPExcel_IOFactory::createWriter($phpExcel, 'Excel2007');
+        $objWriter = \PhpOffice\PhpSpreadsheet\IOFactory::createWriter($phpExcel, 'Xlsx');
 
         if (!$this->getInjection('fileManager')->isDir('data/cache/')) {
             $this->getInjection('fileManager')->mkdir('data/cache/');

application/Espo/Core/Formula/Functions/ArrayGroup/IncludesType.php

@@ -36,10 +36,10 @@ class IncludesType extends \Espo\Core\Formula\Functions\Base
     public function process(\StdClass $item)
     {
         if (!property_exists($item, 'value') || !is_array($item->value)) {
-            throw new Error('Value for \'Array\\Includses\' item is not array.');
+            throw new Error('Value for \'Array\\Includes\' item is not array.');
         }
         if (count($item->value) < 2) {
-            throw new Error('Bad arguments passed to \'Array\\Includses\'.');
+            throw new Error('Bad arguments passed to \'Array\\Includes\'.');
         }
         $list = $this->evaluate($item->value[0]);
         $needle = $this->evaluate($item->value[1]);

application/Espo/Core/Formula/Functions/StringGroup/ContainsType.php

@@ -0,0 +1,53 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\StringGroup;
+
+use \Espo\Core\Exceptions\Error;
+
+class ContainsType extends \Espo\Core\Formula\Functions\Base
+{
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value') || !is_array($item->value)) {
+            throw new Error('Value for \'String\\Contains\' item is not an array.');
+        }
+        if (count($item->value) < 2) {
+            throw new Error('Bad arguments passed to \'String\\Contains\'.');
+        }
+        $string = $this->evaluate($item->value[0]);
+        $needle = $this->evaluate($item->value[1]);
+
+        if (!is_string($string)) {
+            return false;
+        }
+
+        return strpos($string, $needle) !== false;
+    }
+}

application/Espo/Core/Formula/Functions/StringGroup/LengthType.php

@@ -1,3 +1,4 @@
+<?php
 /************************************************************************
  * This file is part of EspoCRM.
  *
@@ -25,44 +26,33 @@
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
-(function ($) {
 
-	var root = this;
+namespace Espo\Core\Formula\Functions\StringGroup;
 
-	root.Espo = {};
+use \Espo\Core\Exceptions\Error;
 
-	this.EspoTest = {
+class LengthType extends \Espo\Core\Formula\Functions\Base
+{
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            return '';
+        }
 
-		include: function (path, options) {
-			var thisObject = root;
-			if (options != undefined && 'self' in options) {
-				thisObject = options.self;
-			}
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
 
-			var self = this;
+        if (count($item->value) < 1) {
+            throw new Error();
+        }
 
-			var ajaxOptions = {
-				url: path,
-				async: false,
-				cache: false,
-				type: 'GET',
-				dataType: 'text',
-				success: function (script) {
-					eval.call(thisObject, script);
-				},
-				error: function () {
-					console.error("Error occured while loading " + path);
-				}
-			};
+        $value = $this->evaluate($item->value[0]);
 
-			if (typeof options != 'undefined') {
-				_.each(options, function (value, key) {
-					ajaxOptions[key] = options[key];
-				});
-			}
+        if (!is_string($value)) {
+            $value = strval($value);
+        }
 
-			$.ajax(ajaxOptions);
-		},
-
-	};
-}).call(this, $);
+        return mb_strlen($value);
+    }
+}

application/Espo/Core/Htmlizer/Htmlizer.php

@@ -50,13 +50,19 @@ class Htmlizer
 
     protected $entityManager;
 
-    public function __construct(FileManager $fileManager, DateTime $dateTime, NumberUtil $number, $acl = null, $entityManager = null)
+    protected $metadata;
+
+    protected $language;
+
+    public function __construct(FileManager $fileManager, DateTime $dateTime, NumberUtil $number, $acl = null, $entityManager = null, $metadata = null, $language = null)
     {
         $this->fileManager = $fileManager;
         $this->dateTime = $dateTime;
         $this->number = $number;
         $this->acl = $acl;
         $this->entityManager = $entityManager;
+        $this->metadata = $metadata;
+        $this->language = $language;
     }
 
     protected function getAcl()
@@ -115,16 +121,16 @@ class Htmlizer
                     foreach ($list as $item) {
                         $v = $item;
                         if ($item instanceof \StdClass) {
-                            $v = json_decode(json_encode($v), true);
+                            $v = json_decode(json_encode($v, \JSON_PRESERVE_ZERO_FRACTION), true);
                         }
-                        if (!is_array($v)) {
-                            $v = [];
-                        }
-                        foreach ($v as $k => $w) {
-                            $keyRaw = $k . '_RAW';
-                            $v[$keyRaw] = $v[$k];
-                            $v[$k] = $this->format($v[$k]);
+                        if (is_array($v)) {
+                            foreach ($v as $k => $w) {
+                                $keyRaw = $k . '_RAW';
+                                $v[$keyRaw] = $v[$k];
+                                $v[$k] = $this->format($v[$k]);
+                            }
                         }
+
                         $newList[] = $v;
                     }
                     $data[$field] = $newList;
@@ -133,7 +139,7 @@ class Htmlizer
                 if (!empty($data[$field])) {
                     $value = $data[$field];
                     if ($value instanceof \StdClass) {
-                        $data[$field] = json_decode(json_encode($value), true);
+                        $data[$field] = json_decode(json_encode($value, \JSON_PRESERVE_ZERO_FRACTION), true);
                     }
                     foreach ($data[$field] as $k => $w) {
                         $keyRaw = $k . '_RAW';
@@ -148,6 +154,14 @@ class Htmlizer
             if (array_key_exists($field, $data)) {
                 $keyRaw = $field . '_RAW';
                 $data[$keyRaw] = $data[$field];
+
+                $fieldType = $this->getFieldType($entity->getEntityType(), $field);
+                if ($fieldType === 'enum') {
+                    if ($this->language) {
+                        $data[$field] = $this->language->translateOption($data[$field], $field, $entity->getEntityType());
+                    }
+                }
+
                 $data[$field] = $this->format($data[$field]);
             }
         }
@@ -246,13 +260,20 @@ class Htmlizer
 
         $data = $this->getDataFromEntity($entity, $skipLinks);
 
+        if (!array_key_exists('today', $data)) {
+            $data['today'] = $this->dateTime->getTodayString();
+        }
+
+        if (!array_key_exists('now', $data)) {
+            $data['now'] = $this->dateTime->getNowString();
+        }
+
         foreach ($additionalData as $k => $value) {
             $data[$k] = $value;
         }
 
         $html = $renderer($data);
 
-
         $html = str_replace('?entryPoint=attachment&', '?entryPoint=attachment&', $html);
 
         if ($this->getEntityManager()) {
@@ -269,4 +290,9 @@ class Htmlizer
 
         return $html;
     }
+
+    protected function getFieldType($entityType, $field) {
+        if (!$this->metadata) return;
+        return $this->metadata->get(['entityDefs', $entityType, 'fields', $field, 'type']);
+    }
 }

application/Espo/Core/Mail/Importer.php

@@ -351,7 +351,7 @@ class Importer
         if ($email->get('messageId')) {
             $duplicate = $this->getEntityManager()->getRepository('Email')->select(['id'])->where(array(
                 'messageId' => $email->get('messageId')
-            ))->findOne();
+            ))->findOne(['skipAdditionalSelectParams' => true]);
             if ($duplicate) {
                 return $duplicate;
             }

application/Espo/Core/Mail/Parsers/MailMimeParser.php

@@ -179,9 +179,10 @@ class MailMimeParser
         } else {
             $email->set('isHtml', false);
             $email->set('body', $bodyPlain);
+            $email->set('bodyPlain', $bodyPlain);
         }
 
-        if (!$email->get('body') && $email->get('bodyPlain')) {
+        if (!$email->get('body') && $email->hasBodyPlain()) {
             $email->set('body', $email->get('bodyPlain'));
         }
 

application/Espo/Core/Mail/Parsers/PhpMimeMailParser.php

@@ -165,9 +165,10 @@ class PhpMimeMailParser
         } else {
             $email->set('isHtml', false);
             $email->set('body', $bodyPlain);
+            $email->set('bodyPlain', $bodyPlain);
         }
 
-        if (!$email->get('body') && $email->get('bodyPlain')) {
+        if (!$email->get('body') && $email->hasBodyPlain()) {
             $email->set('body', $email->get('bodyPlain'));
         }
 

application/Espo/Core/Mail/Parsers/ZendMail.php

@@ -139,7 +139,7 @@ class ZendMail
             $this->importPartDataToEmail($email, $zendMessage, $inlineIds, 'text/plain', $inlineAttachmentList);
         }
 
-        if (!$email->get('body') && $email->get('bodyPlain')) {
+        if (!$email->get('body') && $email->hasBodyPlain()) {
             $email->set('body', $email->get('bodyPlain'));
         }
 
@@ -192,7 +192,7 @@ class ZendMail
                     $content = $this->getContentFromPart($part);
                     if ($type == 'text/plain') {
                         $bodyPlain = '';
-                        if ($email->get('bodyPlain')) {
+                        if ($email->hasBodyPlain()) {
                             $bodyPlain .= $email->get('bodyPlain') . "\n";
                         }
                         $bodyPlain .= $content;

application/Espo/Core/Mail/Sender.php

@@ -260,7 +260,7 @@ class Sender
                 $attachment = new MimePart(file_get_contents($fileName));
                 $attachment->disposition = Mime::DISPOSITION_ATTACHMENT;
                 $attachment->encoding = Mime::ENCODING_BASE64;
-                $attachment->filename = $a->get('name');
+                $attachment->filename ='=?utf-8?B?' . base64_encode($a->get('name')) . '?=';
                 if ($a->get('type')) {
                     $attachment->type = $a->get('type');
                 }

application/Espo/Core/Notificators/Base.php

@@ -92,11 +92,27 @@ class Base implements Injectable
 
     public function process(Entity $entity)
     {
-        if (!$entity->get('assignedUserId')) return;
-        if (!$entity->isFieldChanged('assignedUserId')) return;
+        if ($entity->hasLinkMultipleField('assignedUsers')) {
+            $userIdList = $entity->getLinkMultipleIdList('assignedUsers');
+            $fetchedAssignedUserIdList = $entity->getFetched('assignedUsersIds');
+            if (!is_array($fetchedAssignedUserIdList)) {
+                $fetchedAssignedUserIdList = [];
+            }
 
-        $assignedUserId = $entity->get('assignedUserId');
+            foreach ($userIdList as $userId) {
+                if (in_array($userId, $fetchedAssignedUserIdList)) continue;
+                $this->processForUser($entity, $userId);
+            }
+        } else {
+            if (!$entity->get('assignedUserId')) return;
+            if (!$entity->isAttributeChanged('assignedUserId')) return;
+            $assignedUserId = $entity->get('assignedUserId');
+            $this->processForUser($entity, $assignedUserId);
+        }
+    }
 
+    protected function processForUser(Entity $entity, $assignedUserId)
+    {
         if ($entity->hasAttribute('createdById') && $entity->hasAttribute('modifiedById')) {
             if ($entity->isNew()) {
                 $isNotSelfAssignment = $assignedUserId !== $entity->get('createdById');

application/Espo/Core/ORM/Entity.php

@@ -52,10 +52,20 @@ class Entity extends \Espo\ORM\Entity
             if (!$this->entityManager->hasRepository($parentType)) return;
             $repository = $this->entityManager->getRepository($parentType);
 
-            $foreignEntity = $repository->select(['id', 'name'])->where(['id' => $parentId])->findOne();
+            $select = ['id', 'name'];
+            if ($parentType === 'Lead') {
+                $select[] = 'accountName';
+                $select[] = 'emailAddress';
+                $select[] = 'phoneNumber';
+            }
+            $foreignEntity = $repository->select($select)->where(['id' => $parentId])->findOne();
             if ($foreignEntity) {
                 $this->set($field . 'Name', $foreignEntity->get('name'));
+            } else {
+                $this->set($field . 'Name', null);
             }
+        } else {
+            $this->set($field . 'Name', null);
         }
     }
 
@@ -68,26 +78,42 @@ class Entity extends \Espo\ORM\Entity
             $defs['additionalColumns'] = $columns;
         }
 
+        $idsAttribute = $field . 'Ids';
+
         $foreignEntityType = $this->getRelationParam($field, 'entity');
-        if ($foreignEntityType && $this->entityManager) {
-            $foreignEntityDefs = $this->entityManager->getMetadata()->get($foreignEntityType);
-            if ($foreignEntityDefs && !empty($foreignEntityDefs['collection'])) {
-                $collectionDefs = $foreignEntityDefs['collection'];
-                if (!empty($foreignEntityDefs['collection']['orderBy'])) {
-                    $orderBy = $foreignEntityDefs['collection']['orderBy'];
-                    $order = 'ASC';
-                    if (array_key_exists('order', $foreignEntityDefs['collection'])) {
-                        $order = $foreignEntityDefs['collection']['order'];
-                    }
-                    if (array_key_exists($orderBy, $foreignEntityDefs['fields'])) {
-                        $defs['orderBy'] = $orderBy;
-                        $defs['order'] = $order;
+
+        if ($this->getAttributeParam($idsAttribute, 'orderBy')) {
+            $defs['orderBy'] = $this->getAttributeParam($idsAttribute, 'orderBy');
+            $defs['order'] = 'ASC';
+            if ($this->getAttributeParam($idsAttribute, 'orderDirection')) {
+                $defs['order'] = $this->getAttributeParam($idsAttribute, 'orderDirection');
+            }
+        } else {
+            if ($foreignEntityType && $this->entityManager) {
+                $foreignEntityDefs = $this->entityManager->getMetadata()->get($foreignEntityType);
+                if ($foreignEntityDefs && !empty($foreignEntityDefs['collection'])) {
+                    $collectionDefs = $foreignEntityDefs['collection'];
+                    if (!empty($foreignEntityDefs['collection']['orderBy'])) {
+                        $orderBy = $foreignEntityDefs['collection']['orderBy'];
+                        $order = 'ASC';
+                        if (array_key_exists('order', $foreignEntityDefs['collection'])) {
+                            $order = $foreignEntityDefs['collection']['order'];
+                        }
+                        if (array_key_exists($orderBy, $foreignEntityDefs['fields'])) {
+                            $defs['orderBy'] = $orderBy;
+                            $defs['order'] = $order;
+                        }
                     }
                 }
             }
         }
 
         $defs['select'] = ['id', 'name'];
+        if ($foreignEntityType === 'Lead') {
+            $defs['select'][] = 'accountName';
+            $defs['select'][] = 'emailAddress';
+            $defs['select'][] = 'phoneNumber';
+        }
 
         $hasType = false;
         if ($this->hasField($field . 'Types')) {
@@ -120,7 +146,9 @@ class Entity extends \Espo\ORM\Entity
             }
         }
 
-        $this->set($field . 'Ids', $ids);
+        $this->set($idsAttribute, $ids);
+        $this->setFetched($idsAttribute, $ids);
+
         $this->set($field . 'Names', $names);
         if ($hasType) {
             $this->set($field . 'Types', $types);

application/Espo/Core/ORM/Repositories/RDB.php

@@ -40,7 +40,9 @@ use \Espo\Core\Interfaces\Injectable;
 class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
 {
     protected $dependencies = array(
-        'metadata'
+        'metadata',
+        'config',
+        'fieldManagerUtil'
     );
 
     protected $injections = array();
@@ -51,6 +53,8 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
 
     protected $processFieldsAfterSaveDisabled = false;
 
+    protected $processFieldsBeforeSaveDisabled = false;
+
     protected function addDependency($name)
     {
         $this->dependencies[] = $name;
@@ -83,6 +87,16 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
         return $this->getInjection('metadata');
     }
 
+    protected function getConfig()
+    {
+        return $this->getInjection('config');
+    }
+
+    protected function getFieldManagerUtil()
+    {
+        return $this->getInjection('fieldManagerUtil');
+    }
+
     public function __construct($entityType, EntityManager $entityManager, EntityFactory $entityFactory)
     {
         parent::__construct($entityType, $entityManager, $entityFactory);
@@ -254,6 +268,10 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
         if (!$this->hooksDisabled && empty($options['skipHooks'])) {
             $this->getEntityManager()->getHookManager()->process($this->entityType, 'beforeSave', $entity, $options);
         }
+
+        if (!$this->processFieldsBeforeSaveDisabled) {
+            $this->processCurrencyFieldsBeforeSave($entity);
+        }
     }
 
     protected function afterSave(Entity $entity, array $options = array())
@@ -326,6 +344,28 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
         return $result;
     }
 
+    protected function getFieldByTypeList($type)
+    {
+        return $this->getFieldManagerUtil()->getFieldByTypeList($this->entityType, $type);
+    }
+
+    protected function processCurrencyFieldsBeforeSave(Entity $entity)
+    {
+        foreach ($this->getFieldByTypeList('currency') as $field) {
+            $currencyAttribute = $field . 'Currency';
+            $defaultCurrency = $this->getConfig()->get('defaultCurrency');
+            if ($entity->isNew()) {
+                if ($entity->get($field) && !$entity->get($currencyAttribute)) {
+                    $entity->set($currencyAttribute, $defaultCurrency);
+                }
+            } else {
+                if ($entity->isAttributeChanged($field) && $entity->has($currencyAttribute) && !$entity->get($currencyAttribute)) {
+                    $entity->set($currencyAttribute, $defaultCurrency);
+                }
+            }
+        }
+    }
+
     protected function processFileFieldsSave(Entity $entity)
     {
         foreach ($entity->getRelations() as $name => $defs) {
@@ -368,14 +408,14 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
     protected function processEmailAddressSave(Entity $entity)
     {
         if ($entity->hasRelation('emailAddresses') && $entity->hasAttribute('emailAddress')) {
-            $emailAddressRepository = $this->getEntityManager()->getRepository('EmailAddress')->storeEntityEmailAddress($entity);
+            $this->getEntityManager()->getRepository('EmailAddress')->storeEntityEmailAddress($entity);
         }
     }
 
     protected function processPhoneNumberSave(Entity $entity)
     {
         if ($entity->hasRelation('phoneNumbers') && $entity->hasAttribute('phoneNumber')) {
-            $emailAddressRepository = $this->getEntityManager()->getRepository('PhoneNumber')->storeEntityPhoneNumber($entity);
+            $this->getEntityManager()->getRepository('PhoneNumber')->storeEntityPhoneNumber($entity);
         }
     }
 

application/Espo/Core/Portal/AclManager.php

@@ -41,6 +41,8 @@ class AclManager extends \Espo\Core\AclManager
 
     private $portal = null;
 
+    protected $userAclClassName = '\\Espo\\Core\\Portal\\Acl';
+
     public function getImplementation($scope)
     {
         if (empty($this->implementationHashMap[$scope])) {

application/Espo/Core/Portal/Application.php

@@ -99,6 +99,6 @@ class Application extends \Espo\Core\Application
         $this->getContainer()->get('clientManager')->display(null, 'html/portal.html', array(
             'portalId' => $this->getPortal()->id
         ));
+        exit;
     }
 }
-

application/Espo/Core/Repositories/CategoryTree.php

@@ -41,7 +41,7 @@ class CategoryTree extends \Espo\Core\ORM\Repositories\RDB
 		$query = $this->getEntityManager()->getQuery();
 
 		$parentId = $entity->get('parentId');
-		$pathsTableName = $query->toDb($entity->getEntityType() . 'Path');
+		$pathsTableName = $query->toDb($query->sanitize($entity->getEntityType()) . 'Path');
 
 		if ($entity->isNew()) {
 			if ($parentId) {
@@ -62,7 +62,7 @@ class CategoryTree extends \Espo\Core\ORM\Repositories\RDB
 			}
 			$pdo->query($sql);
 		} else {
-			if ($entity->isFieldChanged('parentId')) {
+			if ($entity->isAttributeChanged('parentId')) {
 				$sql = "
 					DELETE a FROM `".$pathsTableName."` AS a
 					JOIN `".$pathsTableName."` AS d ON a.descendor_id = d.descendor_id
@@ -93,7 +93,7 @@ class CategoryTree extends \Espo\Core\ORM\Repositories\RDB
 		$pdo = $this->getEntityManager()->getPDO();
 		$query = $this->getEntityManager()->getQuery();
 
-		$pathsTableName = $query->toDb($entity->getEntityType() . 'Path');
+		$pathsTableName = $query->toDb($query->sanitize($entity->getEntityType()) . 'Path');
 
 		$sql = "DELETE FROM `".$pathsTableName."` WHERE descendor_id = ".$pdo->quote($entity->id)."";
 		$pdo->query($sql);

application/Espo/Core/SelectManagerFactory.php

@@ -32,6 +32,7 @@ namespace Espo\Core;
 use \Espo\Core\Exceptions\Error;
 
 use \Espo\Core\Utils\Util;
+use \Espo\Core\InjectableFactory;
 
 class SelectManagerFactory
 {
@@ -43,7 +44,9 @@ class SelectManagerFactory
 
     private $metadata;
 
-    public function __construct($entityManager, \Espo\Entities\User $user, Acl $acl, AclManager $aclManager, Utils\Metadata $metadata, Utils\Config $config)
+    private $injectableFactory;
+
+    public function __construct($entityManager, \Espo\Entities\User $user, Acl $acl, AclManager $aclManager, Utils\Metadata $metadata, Utils\Config $config, InjectableFactory $injectableFactory)
     {
         $this->entityManager = $entityManager;
         $this->user = $user;
@@ -51,9 +54,10 @@ class SelectManagerFactory
         $this->aclManager = $aclManager;
         $this->metadata = $metadata;
         $this->config = $config;
+        $this->injectableFactory = $injectableFactory;
     }
 
-    public function create($entityType)
+    public function create($entityType, $user = null)
     {
         $normalizedName = Util::normilizeClassName($entityType);
 
@@ -70,7 +74,14 @@ class SelectManagerFactory
             }
         }
 
-        $selectManager = new $className($this->entityManager, $this->user, $this->acl, $this->aclManager, $this->metadata, $this->config);
+        if ($user) {
+            $acl = $this->aclManager->createUserAcl($user);
+        } else {
+            $acl = $this->acl;
+            $user = $this->user;
+        }
+
+        $selectManager = new $className($this->entityManager, $user, $acl, $this->aclManager, $this->metadata, $this->config, $this->injectableFactory);
         $selectManager->setEntityType($entityType);
 
         return $selectManager;

application/Espo/Core/SelectManagers/Base.php

@@ -36,6 +36,7 @@ use \Espo\Core\Acl;
 use \Espo\Core\AclManager;
 use \Espo\Core\Utils\Metadata;
 use \Espo\Core\Utils\Config;
+use \Espo\Core\InjectableFactory;
 
 class Base
 {
@@ -63,15 +64,15 @@ class Base
 
     const MIN_LENGTH_FOR_CONTENT_SEARCH = 4;
 
-    public function __construct($entityManager, \Espo\Entities\User $user, Acl $acl, AclManager $aclManager, Metadata $metadata, Config $config)
+    public function __construct($entityManager, \Espo\Entities\User $user, Acl $acl, AclManager $aclManager, Metadata $metadata, Config $config, InjectableFactory $injectableFactory)
     {
         $this->entityManager = $entityManager;
         $this->user = $user;
         $this->acl = $acl;
         $this->aclManager = $aclManager;
-
         $this->metadata = $metadata;
         $this->config = $config;
+        $this->injectableFactory = $injectableFactory;
     }
 
     protected function getEntityManager()
@@ -104,6 +105,11 @@ class Base
         return $this->aclManager;
     }
 
+    protected function getInjectableFactory()
+    {
+        return $this->injectableFactory;
+    }
+
     public function setEntityType($entityType)
     {
         $this->entityType = $entityType;
@@ -186,7 +192,6 @@ class Base
     {
         $this->prepareResult($result);
 
-        $whereClause = array();
         foreach ($where as $item) {
             if (!isset($item['type'])) continue;
 
@@ -207,10 +212,17 @@ class Base
             }
         }
 
+        $whereClause = $this->convertWhere($where, false, $result);
+
+        $result['whereClause'] = array_merge($result['whereClause'], $whereClause);
+    }
+
+    public function convertWhere(array $where, $ignoreAdditionaFilterTypes = false, &$result = null)
+    {
+        $whereClause = [];
 
         $ignoreTypeList = array_merge(['bool', 'primary'], $this->additionalFilterTypeList);
 
-        $additionalFilters = array();
         foreach ($where as $item) {
             if (!isset($item['type'])) continue;
 
@@ -221,7 +233,7 @@ class Base
                     $whereClause[] = $part;
                 }
             } else {
-                if (in_array($type, $this->additionalFilterTypeList)) {
+                if (!$ignoreAdditionaFilterTypes && in_array($type, $this->additionalFilterTypeList)) {
                     if (!empty($item['value'])) {
                         $methodName = 'apply' . ucfirst($type);
 
@@ -242,7 +254,7 @@ class Base
             }
         }
 
-        $result['whereClause'] = array_merge($result['whereClause'], $whereClause);
+        return $whereClause;
     }
 
     protected function applyLinkedWith($link, $idsValue, &$result)
@@ -472,9 +484,9 @@ class Base
     {
         if ($this->hasAssignedUsersField()) {
             $this->setDistinct(true, $result);
-            $this->addLeftJoin('assignedUsers', $result);
+            $this->addLeftJoin(['assignedUsers', 'assignedUsersAccess'], $result);
             $result['whereClause'][] = array(
-                'assignedUsers.id' => $this->getUser()->id
+                'assignedUsersAccess.id' => $this->getUser()->id
             );
             return;
         }
@@ -1327,6 +1339,20 @@ class Base
         $method = 'filter' . ucfirst($filterName);
         if (method_exists($this, $method)) {
             $this->$method($result);
+        } else {
+            $className = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'filters', $filterName, 'className']);
+            if ($className) {
+                if (!class_exists($className)) {
+                    $GLOBALS['log']->error("Could find class for filter {$filterName}.");
+                    return;
+                }
+                $impl = $this->getInjectableFactory()->createByClassName($className);
+                if (!$impl) {
+                    $GLOBALS['log']->error("Could not create filter {$filterName} implementation.");
+                    return;
+                }
+                $impl->applyFilter($this->entityType, $filterName, $result, $this);
+            }
         }
     }
 
@@ -1480,10 +1506,11 @@ class Base
         $fieldList = $this->getTextFilterFieldList();
         $d = array();
 
+        $textFilterContainsMinLength = $this->getConfig()->get('textFilterContainsMinLength', self::MIN_LENGTH_FOR_CONTENT_SEARCH);
+
         foreach ($fieldList as $field) {
-            $expression = $textFilter . '%';
             if (
-                strlen($textFilter) >= self::MIN_LENGTH_FOR_CONTENT_SEARCH
+                strlen($textFilter) >= $textFilterContainsMinLength
                 &&
                 (
                     !empty($fieldDefs[$field]['type']) && $fieldDefs[$field]['type'] == 'text'
@@ -1531,19 +1558,25 @@ class Base
     protected function boolFilterOnlyMy(&$result)
     {
         if (!$this->checkIsPortal()) {
-            if ($this->hasAssignedUserField()) {
-                $result['whereClause'][] = array(
+            if ($this->hasAssignedUsersField()) {
+                $this->setDistinct(true, $result);
+                $this->addLeftJoin(['assignedUsers', 'assignedUsersAccess'], $result);
+                $result['whereClause'][] = [
+                    'assignedUsersAccess.id' => $this->getUser()->id
+                ];
+            } else if ($this->hasAssignedUserField()) {
+                $result['whereClause'][] = [
                     'assignedUserId' => $this->getUser()->id
-                );
+                ];
             } else {
-                $result['whereClause'][] = array(
+                $result['whereClause'][] = [
                     'createdById' => $this->getUser()->id
-                );
+                ];
             }
         } else {
-            $result['whereClause'][] = array(
+            $result['whereClause'][] = [
                 'createdById' => $this->getUser()->id
-            );
+            ];
         }
     }
 
@@ -1563,4 +1596,3 @@ class Base
         $this->filterFollowed($result);
     }
 }
-

application/Espo/Core/Templates/Metadata/Person/entityDefs.json

@@ -1,7 +1,8 @@
 {
     "fields": {
         "name": {
-            "type": "personName"
+            "type": "personName",
+            "isPersonalData": true
         },
         "salutationName": {
             "type": "enum",
@@ -24,15 +25,18 @@
             "type": "text"
         },
         "emailAddress": {
-            "type": "email"
+            "type": "email",
+            "isPersonalData": true
         },
         "phoneNumber": {
             "type": "phone",
             "typeList": ["Mobile", "Office", "Home", "Fax", "Other"],
-            "defaultType": "Mobile"
+            "defaultType": "Mobile",
+            "isPersonalData": true
         },
         "address": {
-            "type": "address"
+            "type": "address",
+            "isPersonalData": true
         },
         "addressStreet": {
             "type": "text",

application/Espo/Core/Templates/Metadata/Person/scopes.json

@@ -7,5 +7,6 @@
     "aclPortalLevelList": ["all", "account", "contact", "own", "no"],
     "customizable": true,
     "importable": true,
-    "notifications": true
+    "notifications": true,
+    "hasPersonalData": true
 }

application/Espo/Core/Templates/Services/Person.php

@@ -49,7 +49,7 @@ class Person extends \Espo\Services\Record
         if (
             ($entity->get('emailAddress') || $entity->get('emailAddressData'))
             &&
-            ($entity->isNew() || $entity->isFieldChanged('emailAddress') || $entity->isFieldChanged('emailAddressData'))
+            ($entity->isNew() || $entity->isAttributeChanged('emailAddress') || $entity->isAttributeChanged('emailAddressData'))
         ) {
             if ($entity->get('emailAddress')) {
                 $list = [$entity->get('emailAddress')];

application/Espo/Core/Templates/i18n/hr_HR/Base.json

@@ -0,0 +1,5 @@
+{
+  "labels": {
+    "Create {entityType}": "Napravi {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/BasePlus.json

@@ -0,0 +1,10 @@
+{
+  "links": {
+    "meetings": "Sastanci",
+    "calls": "Pozivi",
+    "tasks": "Zadaci"
+  },
+  "labels": {
+    "Create {entityType}": "Kreiraj {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/Company.json

@@ -0,0 +1,15 @@
+{
+  "fields": {
+    "billingAddress": "Adresa za naplatu",
+    "shippingAddress": "Adresa za dostavu",
+    "website": "Sajt"
+  },
+  "links": {
+    "meetings": "Sastanci",
+    "calls": "Pozivi",
+    "tasks": "Zadaci"
+  },
+  "labels": {
+    "Create {entityType}": "Kreiraj {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/Event.json

@@ -0,0 +1,35 @@
+{
+  "fields": {
+    "parent": "Nadređen",
+    "dateStart": "Početni datum",
+    "dateEnd": "Završni datum",
+    "duration": "Trajanje",
+    "reminders": "Podsjetnici"
+  },
+  "links": {
+    "parent": "Nadređen"
+  },
+  "options": {
+    "status": {
+      "Planned": "Planiran",
+      "Held": "Održan",
+      "Not Held": "Nije održan"
+    }
+  },
+  "labels": {
+    "Create {entityType}": "Kreiraj {entityTypeTranslated}",
+    "Schedule {entityType}": "Zakaži {entityTypeTranslated}",
+    "Log {entityType}": "Zabilježi {entitiTipeTranslated}",
+    "Set Held": "Postavi kao održano",
+    "Set Not Held": "Postavi kao nije održano"
+  },
+  "massActions": {
+    "setHeld": "Postavi kao održano",
+    "setNotHeld": "Postavi kao nije održano"
+  },
+  "presetFilters": {
+    "planned": "Planiran",
+    "held": "Održan",
+    "todays": "Današnji"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/Person.json

@@ -0,0 +1,13 @@
+{
+  "fields": {
+    "address": "Adresa"
+  },
+  "links": {
+    "meetings": "Sastanci",
+    "calls": "Pozivi",
+    "tasks": "Zadaci"
+  },
+  "labels": {
+    "Create {entityType}": "Kreiraj {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pl_PL/Base.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Utwórz {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Utwórz {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pl_PL/BasePlus.json

@@ -1,5 +1,10 @@
 {
-    "labels": {
-        "Create {entityType}": "Utwórz {entityTypeTranslated}"
-    }
-}
+  "links": {
+    "meetings": "Spotkania",
+    "calls": "Połączenia",
+    "tasks": "Zadania"
+  },
+  "labels": {
+    "Create {entityType}": "Utwórz {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pl_PL/Company.json

@@ -1,5 +1,15 @@
 {
-    "labels": {
-        "Create {entityType}": "Utwórz {entityTypeTranslated}"
-    }
-}
+  "fields": {
+    "billingAddress": "Adres rozliczeniowy",
+    "shippingAddress": "Adres dostawy",
+    "website": "Strona internetowa"
+  },
+  "links": {
+    "meetings": "Spotkania",
+    "calls": "Połączenia",
+    "tasks": "Zadania"
+  },
+  "labels": {
+    "Create {entityType}": "Utwórz {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pl_PL/Event.json

@@ -1,5 +1,20 @@
 {
-    "labels": {
-        "Create {entityType}": "Utwórz {entityTypeTranslated}"
+  "fields": {
+    "dateStart": "Data rozpoczęcia",
+    "dateEnd": "Data zakończenia",
+    "duration": "Czas trwania",
+    "reminders": "Przypomnienia"
+  },
+  "options": {
+    "status": {
+      "Planned": "Planowane"
     }
-}
+  },
+  "labels": {
+    "Create {entityType}": "Utwórz {entityTypeTranslated}",
+    "Schedule {entityType}": "Zaplanuj {entityTypeTranslated} "
+  },
+  "presetFilters": {
+    "planned": "Planowane"
+  }
+}

application/Espo/Core/Templates/i18n/pl_PL/Person.json

@@ -1,5 +1,13 @@
 {
-    "labels": {
-        "Create {entityType}": "Utwórz {entityTypeTranslated}"
-    }
-}
+  "fields": {
+    "address": "Adres"
+  },
+  "links": {
+    "meetings": "Spotkania",
+    "calls": "Rozmowy",
+    "tasks": "Zadania"
+  },
+  "labels": {
+    "Create {entityType}": "Utwórz {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/ro_RO/Base.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Creare {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Creare {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/ro_RO/BasePlus.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Creare {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Creare {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/ro_RO/Company.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Creare {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Creare {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/ro_RO/Event.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Creare {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Creare {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/ro_RO/Person.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Creare {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Creare {entityTypeTranslated}"
+  }
+}

application/Espo/Core/UpgradeManager.php

@@ -47,6 +47,7 @@ class UpgradeManager extends Upgrades\Base
         'customDirNames' => array(
             'before' => 'beforeUpgradeFiles',
             'after' => 'afterUpgradeFiles',
+            'vendor' => 'vendorFiles',
         )
     );
 }

application/Espo/Core/Upgrades/Actions/Base.php

@@ -28,6 +28,7 @@
  ************************************************************************/
 
 namespace Espo\Core\Upgrades\Actions;
+
 use Espo\Core\Utils\Util;
 use Espo\Core\Utils\System;
 use Espo\Core\Utils\Json;
@@ -83,6 +84,7 @@ abstract class Base
      */
     protected $defaultPackageType = 'extension';
 
+    protected $vendorDirName = 'vendor';
 
     public function __construct(\Espo\Core\Container $container, \Espo\Core\Upgrades\ActionManager $actionManager)
     {
@@ -315,8 +317,17 @@ abstract class Base
     {
         $manifest = $this->getManifest();
 
-        if (isset($manifest[$type])) {
-            return $manifest[$type];
+        switch ($type) {
+            case 'delete':
+            case 'deleteBeforeCopy':
+                if (isset($manifest[$type])) {
+                    return $manifest[$type];
+                }
+                break;
+
+            case 'vendor':
+                return $this->getVendorFileList('delete');
+                break;
         }
 
         return array();
@@ -332,7 +343,7 @@ abstract class Base
         if (!isset($this->data['deleteFileList'])) {
             $deleteFileList = array();
 
-            $deleteList = array_merge($this->getDeleteList('delete'), $this->getDeleteList('deleteBeforeCopy'));
+            $deleteList = array_merge($this->getDeleteList('delete'), $this->getDeleteList('deleteBeforeCopy'), $this->getDeleteList('vendor'));
             foreach ($deleteList as $key => $itemPath) {
                 if (is_dir($itemPath)) {
                     $fileList = $this->getFileManager()->getFileList($itemPath, true, '', true, true);
@@ -356,9 +367,9 @@ abstract class Base
      *
      * @return boolen
      */
-    protected function deleteFiles($withEmptyDirs = false)
+    protected function deleteFiles($type = 'delete', $withEmptyDirs = false)
     {
-        $deleteList = $this->getDeleteList('delete');
+        $deleteList = $this->getDeleteList($type);
 
         if (!empty($deleteList)) {
             return $this->getFileManager()->remove($deleteList, null, $withEmptyDirs);
@@ -367,24 +378,6 @@ abstract class Base
         return true;
     }
 
-    /**
-     * Deleted file/forder list before coppy the upgrade files
-     *
-     * @param  boolean $withEmptyDirs
-     *
-     * @return boolean
-     */
-    protected function deleteBeforeCopy($withEmptyDirs = false)
-    {
-        $deleteList = $this->getDeleteList('deleteBeforeCopy');
-
-        if (!empty($deleteList)) {
-            $this->getFileManager()->remove($deleteList, null, $withEmptyDirs);
-        }
-
-        return true;
-    }
-
     protected function getCopyFileList()
     {
         if (!isset($this->data['fileList'])) {
@@ -445,6 +438,12 @@ abstract class Base
             }
         }
 
+        //vendor file list
+        $vendorFileList = $this->getVendorFileList('copy');
+        if (!empty($vendorFileList)) {
+            $fileList = array_merge($fileList, $vendorFileList);
+        }
+
         return $fileList;
     }
 
@@ -466,7 +465,7 @@ abstract class Base
      *
      * @return boolean
      */
-    protected function copyFiles($type = null)
+    protected function copyFiles($type = null, $dest = '')
     {
         switch ($type) {
             case 'before':
@@ -475,21 +474,63 @@ abstract class Base
                 $dirPath = $dirNames[$type];
                 break;
 
+            case 'vendor':
+                $dirNames = $this->getParams('customDirNames');
+                if (isset($dirNames['vendor'])) {
+                    $dirPath = $dirNames['vendor'];
+                    $dest = $this->vendorDirName;
+                }
+                break;
+
             default:
                 $dirPath = self::FILES;
                 break;
         }
 
-        $packagePath = $this->getPackagePath();
-        $filesPath = Util::concatPath($packagePath, $dirPath);
+        if (isset($dirPath)) {
+            $packagePath = $this->getPackagePath();
+            $filesPath = Util::concatPath($packagePath, $dirPath);
 
-        if (file_exists($filesPath)) {
-            return $this->copy($filesPath, '', true);
+            if (file_exists($filesPath)) {
+                return $this->copy($filesPath, $dest, true);
+            }
         }
 
         return true;
     }
 
+    protected function getVendorFileList($type = 'copy')
+    {
+        $list = [];
+
+        $packagePath = $this->getPackagePath();
+        $dirNames = $this->getParams('customDirNames');
+        if (!isset($dirNames['vendor'])) {
+            return $list;
+        }
+
+        $filesPath = Util::concatPath($packagePath, $dirNames['vendor']);
+        if (!file_exists($filesPath)) {
+            return $list;
+        }
+
+        switch ($type) {
+            case 'copy':
+                $list = $this->getFileManager()->getFileList($filesPath, true, '', true, true);
+                break;
+
+            case 'delete':
+                $list = $this->getFileManager()->getFileList($filesPath, false, '', null, true);
+                break;
+        }
+
+        foreach ($list as &$path) {
+            $path = Util::concatPath($this->vendorDirName, $path);
+        }
+
+        return $list;
+    }
+
     public function getManifest()
     {
         if (!isset($this->data['manifest'])) {
@@ -515,6 +556,11 @@ abstract class Base
         return $this->data['manifest'];
     }
 
+    protected function setManifest()
+    {
+
+    }
+
     /**
      * Check if the manifest is correct
      *

application/Espo/Core/Upgrades/Actions/Base/Install.php

@@ -73,10 +73,12 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         }
 
         /* run before install script */
-        $this->runScript('before');
+        if (!isset($data['skipBeforeScript']) || !$data['skipBeforeScript']) {
+            $this->runScript('before');
+        }
 
         /* remove files defined in a manifest "deleteBeforeCopy" */
-        $this->deleteBeforeCopy(true);
+        $this->deleteFiles('deleteBeforeCopy', true);
 
         /* copy files from directory "Files" to EspoCRM files */
         if (!$this->copyFiles()) {
@@ -84,10 +86,15 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         }
 
         /* remove files defined in a manifest */
-        $this->deleteFiles(true);
+        $this->deleteFiles('delete', true);
 
-        if (!$this->systemRebuild()) {
-            $this->throwErrorAndRemovePackage('Error occurred while EspoCRM rebuild.');
+        $this->deleteFiles('vendor');
+        $this->copyFiles('vendor');
+
+        if (!isset($data['skipSystemRebuild']) || !$data['skipSystemRebuild']) {
+            if (!$this->systemRebuild()) {
+                $this->throwErrorAndRemovePackage('Error occurred while EspoCRM rebuild.');
+            }
         }
 
         //afterInstallFiles
@@ -96,7 +103,9 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         }
 
         /* run before install script */
-        $this->runScript('after');
+        if (!isset($data['skipAfterScript']) || !$data['skipAfterScript']) {
+            $this->runScript('after');
+        }
 
         $this->afterRunAction();
 

application/Espo/Core/Upgrades/Actions/Base/Uninstall.php

@@ -53,7 +53,7 @@ class Uninstall extends \Espo\Core\Upgrades\Actions\Base
         $this->beforeRunAction();
 
         /* run before install script */
-        if (!isset($data['isNotRunScriptBefore']) || !$data['isNotRunScriptBefore']) {
+        if (!isset($data['skipBeforeScript']) || !$data['skipBeforeScript']) {
             $this->runScript('beforeUninstall');
         }
 
@@ -66,17 +66,19 @@ class Uninstall extends \Espo\Core\Upgrades\Actions\Base
             }
 
             /* remove extension files, saved in fileList */
-            if (!$this->deleteFiles(true)) {
+            if (!$this->deleteFiles('delete', true)) {
                 $this->throwErrorAndRemovePackage('Permission denied to delete files.');
             }
         }
 
-        if (!$this->systemRebuild()) {
-            $this->throwErrorAndRemovePackage('Error occurred while EspoCRM rebuild.');
+        if (!isset($data['skipSystemRebuild']) || !$data['skipSystemRebuild']) {
+            if (!$this->systemRebuild()) {
+                $this->throwErrorAndRemovePackage('Error occurred while EspoCRM rebuild.');
+            }
         }
 
         /* run after uninstall script */
-        if (!isset($data['isNotRunScriptAfter']) || !$data['isNotRunScriptAfter']) {
+        if (!isset($data['skipAfterScript']) || !$data['skipAfterScript']) {
             $this->runScript('afterUninstall');
         }
 
@@ -119,10 +121,10 @@ class Uninstall extends \Espo\Core\Upgrades\Actions\Base
         return $res;
     }
 
-    protected function copyFiles($type = null)
+    protected function copyFiles($type = null, $dest = '')
     {
         $backupPath = $this->getPath('backupPath');
-        $res = $this->copy(array($backupPath, self::FILES), '', true);
+        $res = $this->copy(array($backupPath, self::FILES), $dest, true);
 
         return $res;
     }

application/Espo/Core/Upgrades/Actions/Extension/Install.php

@@ -199,7 +199,8 @@ class Install extends \Espo\Core\Upgrades\Actions\Base\Install
 
         $this->executeAction(ExtensionManager::UNINSTALL, array(
                 'id' => $extensionEntity->get('id'),
-                'isNotRunScriptAfter' => true,
+                'skipSystemRebuild' => true,
+                'skipAfterScript' => true,
             )
         );
     }

application/Espo/Core/Utils/AdminNotificationManager.php

@@ -120,6 +120,7 @@ class AdminNotificationManager
         $latestVersion = $config->get('latestVersion');
         if (isset($latestVersion)) {
             $currentVersion = $config->get('version');
+            if ($currentVersion === 'dev') return;
             if (version_compare($latestVersion, $currentVersion, '>')) {
                 return array(
                     'currentVersion' => $currentVersion,
@@ -158,8 +159,8 @@ class AdminNotificationManager
 
         $query = "
             SELECT version FROM extension
-            WHERE name='". $extensionName ."'
-            AND deleted=0
+            WHERE name = ". $pdo->quote($extensionName) ."
+            AND deleted = 0
             AND is_installed = 1
             ORDER BY created_at DESC
         ";

application/Espo/Core/Utils/Api/Auth.php

@@ -58,7 +58,7 @@ class Auth extends \Slim\Middleware
 
         $espoAuth = $req->headers('HTTP_ESPO_AUTHORIZATION');
         if (isset($espoAuth)) {
-            list($authUsername, $authPassword) = explode(':', base64_decode($espoAuth));
+            list($authUsername, $authPassword) = explode(':', base64_decode($espoAuth), 2);
         }
 
         if (!isset($authUsername)) {
@@ -84,7 +84,12 @@ class Auth extends \Slim\Middleware
                 if (isset($routeConditions['auth']) && $routeConditions['auth'] === false) {
 
                     if ($authUsername && $authPassword) {
-                        $isAuthenticated = $this->auth->login($authUsername, $authPassword);
+                        try {
+                            $isAuthenticated = $this->auth->login($authUsername, $authPassword);
+                        } catch (\Exception $e) {
+                            $this->processException($e);
+                            return;
+                        }
                         if ($isAuthenticated) {
                             $this->next->call();
                             return;
@@ -105,8 +110,12 @@ class Auth extends \Slim\Middleware
         }
 
         if ($authUsername && $authPassword) {
-
-            $isAuthenticated = $this->auth->login($authUsername, $authPassword);
+            try {
+                $isAuthenticated = $this->auth->login($authUsername, $authPassword);
+            } catch (\Exception $e) {
+                $this->processException($e);
+                return;
+            }
 
             if ($isAuthenticated) {
                 $this->next->call();
@@ -121,23 +130,31 @@ class Auth extends \Slim\Middleware
         }
     }
 
+    protected function processException(\Exception $e)
+    {
+        $response = $this->app->response();
+
+        if ($e->getMessage()) {
+            $response->headers->set('X-Status-Reason', $e->getMessage());
+        }
+        $response->setStatus($e->getCode());
+    }
+
     protected function processUnauthorized()
     {
-        $res = $this->app->response();
+        $response = $this->app->response();
 
         if ($this->showDialog) {
-            $res->header('WWW-Authenticate', 'Basic realm=""');
-        } else {
-            $res->header('WWW-Authenticate');
+            $response->headers->set('WWW-Authenticate', 'Basic realm=""');
         }
-        $res->status(401);
+        $response->setStatus(401);
     }
 
     protected function isXMLHttpRequest()
     {
-        $req = $this->app->request();
+        $request = $this->app->request();
 
-        $httpXRequestedWith = $req->headers('HTTP_X_REQUESTED_WITH');
+        $httpXRequestedWith = $request->headers('HTTP_X_REQUESTED_WITH');
 
         if (isset($httpXRequestedWith) && strtolower($httpXRequestedWith) == 'xmlhttprequest') {
             return true;
@@ -145,6 +162,4 @@ class Auth extends \Slim\Middleware
 
         return false;
     }
-
 }
-

application/Espo/Core/Utils/Api/Output.php

@@ -28,6 +28,7 @@
  ************************************************************************/
 
 namespace Espo\Core\Utils\Api;
+
 class Output
 {
     private $slim;
@@ -96,8 +97,8 @@ class Output
         ob_clean();
 
         if (!empty( $this->slim)) {
-            $this->getSlim()->response()->status($statusCode);
-            $this->getSlim()->response()->header('X-Status-Reason', $text);
+            $this->getSlim()->response()->setStatus($statusCode);
+            $this->getSlim()->response()->headers->set('X-Status-Reason', $text);
 
             if ($isPrint) {
                 $status = $this->getCodeDesc($statusCode);
@@ -139,4 +140,3 @@ class Output
         return preg_replace('/"(.*?password.*?)":".*?"/i', '"$1":"*****"', $inputData);
     }
 }
-

application/Espo/Core/Utils/Auth.php

@@ -48,6 +48,10 @@ class Auth
 
     const ACCESS_ANY = 3;
 
+    const FAILED_ATTEMPTS_PERIOD = '60 seconds';
+
+    const MAX_FAILED_ATTEMPT_NUMBER = 10;
+
     private $portal;
 
     public function __construct(\Espo\Core\Container $container, $allowAnyAccess = false)
@@ -117,20 +121,34 @@ class Auth
 
     public function login($username, $password)
     {
-        $authToken = $this->getEntityManager()->getRepository('AuthToken')->where(array(
-            'token' => $password,
-            'isActive' => true
-        ))->findOne();
+        $isByTokenOnly = false;
+        if ($this->request->headers->get('HTTP_ESPO_AUTHORIZATION_BY_TOKEN') === 'true') {
+            $isByTokenOnly = true;
+        }
+
+        if (!$isByTokenOnly) {
+            $this->checkFailedAttemptsLimit($username);
+        }
+
+        $authToken = $this->getEntityManager()->getRepository('AuthToken')->where([
+            'token' => $password
+        ])->findOne();
+
+        $authTokenIsFound = false;
 
         if ($authToken) {
+            $authTokenIsFound = true;
+        }
+
+        if ($authToken && $authToken->get('isActive')) {
             if (!$this->allowAnyAccess) {
                 if ($this->isPortal() && $authToken->get('portalId') !== $this->getPortal()->id) {
-                    $GLOBALS['log']->debug("AUTH: Trying to login to portal with a token not related to portal.");
-                    return false;
+                    $GLOBALS['log']->info("AUTH: Trying to login to portal with a token not related to portal.");
+                    return;
                 }
                 if (!$this->isPortal() && $authToken->get('portalId')) {
-                    $GLOBALS['log']->debug("AUTH: Trying to login to crm with a token related to portal.");
-                    return false;
+                    $GLOBALS['log']->info("AUTH: Trying to login to crm with a token related to portal.");
+                    return;
                 }
             }
             if ($this->allowAnyAccess) {
@@ -141,77 +159,190 @@ class Auth
                     }
                 }
             }
+        } else {
+            $authToken = null;
+        }
+
+        if ($isByTokenOnly && !$authToken) {
+            $GLOBALS['log']->info("AUTH: Trying to login as user '{$username}' by token but token is not found.");
+            return;
         }
 
         $user = $this->authentication->login($username, $password, $authToken);
 
-        if ($user) {
-            if (!$user->isActive()) {
-                $GLOBALS['log']->debug("AUTH: Trying to login as user '".$user->get('userName')."' which is not active.");
-                return false;
-            }
+        $authLogRecord = null;
 
-            if (!$user->isAdmin() && !$this->isPortal() && $user->get('isPortalUser')) {
-                $GLOBALS['log']->debug("AUTH: Trying to login to crm as a portal user '".$user->get('userName')."'.");
-                return false;
-            }
+        if (!$authTokenIsFound) {
+            $authLogRecord = $this->createAuthLogRecord($username, $user);
+        }
 
-            if (!$user->isAdmin() && $this->isPortal() && !$user->get('isPortalUser')) {
-                $GLOBALS['log']->debug("AUTH: Trying to login to portal as user '".$user->get('userName')."' which is not portal user.");
-                return false;
-            }
+        if (!$user) {
+            return;
+        }
 
-            if ($this->isPortal()) {
-                if (!$user->isAdmin() && !$this->getEntityManager()->getRepository('Portal')->isRelated($this->getPortal(), 'users', $user)) {
-                    $GLOBALS['log']->debug("AUTH: Trying to login to portal as user '".$user->get('userName')."' which is portal user but does not belongs to portal.");
-                    return false;
+        if (!$user->isActive()) {
+            $GLOBALS['log']->info("AUTH: Trying to login as user '".$user->get('userName')."' which is not active.");
+            $this->logDenied($authLogRecord, 'INACTIVE_USER');
+            return;
+        }
+
+        if (!$user->isAdmin() && !$this->isPortal() && $user->get('isPortalUser')) {
+            $GLOBALS['log']->info("AUTH: Trying to login to crm as a portal user '".$user->get('userName')."'.");
+            $this->logDenied($authLogRecord, 'IS_PORTAL_USER');
+            return;
+        }
+
+        if (!$user->isAdmin() && $this->isPortal() && !$user->get('isPortalUser')) {
+            $GLOBALS['log']->info("AUTH: Trying to login to portal as user '".$user->get('userName')."' which is not portal user.");
+            $this->logDenied($authLogRecord, 'IS_NOT_PORTAL_USER');
+            return;
+        }
+
+        if ($this->isPortal()) {
+            if (!$user->isAdmin() && !$this->getEntityManager()->getRepository('Portal')->isRelated($this->getPortal(), 'users', $user)) {
+                $GLOBALS['log']->info("AUTH: Trying to login to portal as user '".$user->get('userName')."' which is portal user but does not belongs to portal.");
+                $this->logDenied($authLogRecord, 'USER_IS_NOT_IN_PORTAL');
+                return;
+            }
+            $user->set('portalId', $this->getPortal()->id);
+        } else {
+            $user->loadLinkMultipleField('teams');
+        }
+
+        $user->set('ipAddress', $_SERVER['REMOTE_ADDR']);
+
+        $this->getEntityManager()->setUser($user);
+        $this->getContainer()->setUser($user);
+
+        if ($this->request->headers->get('HTTP_ESPO_AUTHORIZATION')) {
+            if (!$authToken) {
+                $authToken = $this->getEntityManager()->getEntity('AuthToken');
+                $token = $this->generateToken();
+                $authToken->set('token', $token);
+                $authToken->set('hash', $user->get('password'));
+                $authToken->set('ipAddress', $_SERVER['REMOTE_ADDR']);
+                $authToken->set('userId', $user->id);
+                if ($this->isPortal()) {
+                    $authToken->set('portalId', $this->getPortal()->id);
                 }
-                $user->set('portalId', $this->getPortal()->id);
-            } else {
-                $user->loadLinkMultipleField('teams');
-            }
 
-            $user->set('ipAddress', $_SERVER['REMOTE_ADDR']);
-
-            $this->getEntityManager()->setUser($user);
-            $this->getContainer()->setUser($user);
-
-            if ($this->request->headers->get('HTTP_ESPO_AUTHORIZATION')) {
-	            if (!$authToken) {
-	                $authToken = $this->getEntityManager()->getEntity('AuthToken');
-	                $token = $this->createToken($user);
-	                $authToken->set('token', $token);
-	                $authToken->set('hash', $user->get('password'));
-	                $authToken->set('ipAddress', $_SERVER['REMOTE_ADDR']);
-	                $authToken->set('userId', $user->id);
-                    if ($this->isPortal()) {
-                        $authToken->set('portalId', $this->getPortal()->id);
+                if ($this->getConfig()->get('authTokenPreventConcurrent')) {
+                    $concurrentAuthTokenList = $this->getEntityManager()->getRepository('AuthToken')->select(['id'])->where([
+                        'userId' => $user->id,
+                        'isActive' => true
+                    ])->find();
+                    foreach ($concurrentAuthTokenList as $concurrentAuthToken) {
+                        $concurrentAuthToken->set('isActive', false);
+                        $this->getEntityManager()->saveEntity($concurrentAuthToken);
                     }
-	            }
-            	$authToken->set('lastAccess', date('Y-m-d H:i:s'));
-
-            	$this->getEntityManager()->saveEntity($authToken);
-            	$user->set('token', $authToken->get('token'));
-                $user->set('authTokenId', $authToken->id);
+                }
             }
+        	$authToken->set('lastAccess', date('Y-m-d H:i:s'));
 
-            return true;
+        	$this->getEntityManager()->saveEntity($authToken);
+        	$user->set('token', $authToken->get('token'));
+            $user->set('authTokenId', $authToken->id);
+
+            if ($authLogRecord) {
+                $authLogRecord->set('authTokenId', $authToken->id);
+            }
+        }
+
+        if ($authLogRecord) {
+            $this->getEntityManager()->saveEntity($authLogRecord);
+        }
+
+        if ($authToken && !$authLogRecord) {
+            $authLogRecord = $this->getEntityManager()->getRepository('AuthLogRecord')->select(['id'])->where([
+                'authTokenId' => $authToken->id
+            ])->order('requestTime', true)->findOne();
+        }
+
+        if ($authLogRecord) {
+            $user->set('authLogRecordId', $authLogRecord->id);
+        }
+
+        return true;
+    }
+
+    protected function checkFailedAttemptsLimit($username = null)
+    {
+        $failedAttemptsPeriod = $this->getConfig()->get('authFailedAttemptsPeriod', self::FAILED_ATTEMPTS_PERIOD);
+        $maxFailedAttempts = $this->getConfig()->get('authMaxFailedAttemptNumber', self::MAX_FAILED_ATTEMPT_NUMBER);
+
+        $requestTimeFrom = (new \DateTime('@' . intval($_SERVER['REQUEST_TIME_FLOAT'])))->modify('-' . $failedAttemptsPeriod);
+
+        $failAttemptCount = $this->getEntityManager()->getRepository('AuthLogRecord')->where([
+            'requestTime>' => $requestTimeFrom->format('U'),
+            'ipAddress' => $_SERVER['REMOTE_ADDR'],
+            'isDenied' => true
+        ])->count();
+
+        if ($failAttemptCount > $maxFailedAttempts) {
+            $GLOBALS['log']->warning("AUTH: Max failed login attempts exceeded for IP '".$_SERVER['REMOTE_ADDR']."'.");
+            throw new Forbidden("Max failed login attempts exceeded.");
         }
     }
 
-    protected function createToken($user)
+    protected function generateToken()
     {
-        return md5(uniqid($user->get('id')));
+        $length = 16;
+
+        if (function_exists('random_bytes')) {
+            return bin2hex(random_bytes($length));
+        }
+        if (function_exists('mcrypt_create_iv')) {
+            return bin2hex(mcrypt_create_iv($length, \MCRYPT_DEV_URANDOM));
+        }
+        if (function_exists('openssl_random_pseudo_bytes')) {
+            return bin2hex(openssl_random_pseudo_bytes($length));
+        }
     }
 
     public function destroyAuthToken($token)
     {
-        $authToken = $this->getEntityManager()->getRepository('AuthToken')->where(array('token' => $token))->findOne();
+        $authToken = $this->getEntityManager()->getRepository('AuthToken')->select(['id', 'isActive'])->where(['token' => $token])->findOne();
         if ($authToken) {
             $authToken->set('isActive', false);
             $this->getEntityManager()->saveEntity($authToken);
             return true;
         }
     }
-}
 
+    protected function createAuthLogRecord($username, $user)
+    {
+        if ($username === '**logout') return;
+
+        $authLogRecord = $this->getEntityManager()->getEntity('AuthLogRecord');
+
+        $authLogRecord->set([
+            'username' => $username,
+            'ipAddress' => $_SERVER['REMOTE_ADDR'],
+            'requestTime' => $_SERVER['REQUEST_TIME_FLOAT'],
+            'requestMethod' => $this->request->getMethod(),
+            'requestUrl' => $this->request->getUrl() . $this->request->getPath()
+        ]);
+
+        if ($this->isPortal()) {
+            $authLogRecord->set('portalId', $this->getPortal()->id);
+        }
+
+        if ($user) {
+            $authLogRecord->set('userId', $user->id);
+        } else {
+            $authLogRecord->set('isDenied', true);
+            $authLogRecord->set('denialReason', 'CREDENTIALS');
+            $this->getEntityManager()->saveEntity($authLogRecord);
+        }
+
+        return $authLogRecord;
+    }
+
+    protected function logDenied($authLogRecord, $denialReason)
+    {
+        if (!$authLogRecord) return;
+
+        $authLogRecord->set('denialReason', $denialReason);
+        $this->getEntityManager()->saveEntity($authLogRecord);
+    }
+}

application/Espo/Core/Utils/Authentication/LDAP.php

@@ -108,7 +108,7 @@ class LDAP extends Base
 
         $ldapClient = $this->getLdapClient();
 
-        //login LDAP system user (ldapUsername, ldapPassword)
+        /* Login LDAP system user (ldapUsername, ldapPassword) */
         try {
             $ldapClient->bind();
         } catch (\Exception $e) {
@@ -119,17 +119,30 @@ class LDAP extends Base
             if (!isset($adminUser)) {
                 return null;
             }
+
             $GLOBALS['log']->info('LDAP: Administrator ['.$username.'] was logged in by Espo method.');
         }
 
         if (!isset($adminUser)) {
-            $userDn = $this->findLdapUserDnByUsername($username);
-            $GLOBALS['log']->debug('Found DN for ['.$username.']: ['.$userDn.'].');
+            try {
+                $userDn = $this->findLdapUserDnByUsername($username);
+            } catch (\Exception $e) {
+                $GLOBALS['log']->error('Error while finding DN for ['.$username.'], details: ' . $e->getMessage() . '.');
+            }
+
             if (!isset($userDn)) {
                 $GLOBALS['log']->error('LDAP: Authentication failed for user ['.$username.'], details: user is not found.');
-                return;
+
+                $adminUser = $this->adminLogin($username, $password);
+                if (!isset($adminUser)) {
+                    return null;
+                }
+
+                $GLOBALS['log']->info('LDAP: Administrator ['.$username.'] was logged in by Espo method.');
             }
 
+            $GLOBALS['log']->debug('User ['.$username.'] is found with this DN ['.$userDn.'].');
+
             try {
                 $ldapClient->bind($userDn, $password);
             } catch (\Exception $e) {
@@ -179,7 +192,7 @@ class LDAP extends Base
         $user = $this->getEntityManager()->getRepository('User')->findOne(array(
             'whereClause' => array(
                 'userName' => $username,
-            ),
+            )
         ));
 
         return $user;
@@ -201,7 +214,7 @@ class LDAP extends Base
                 'userName' => $username,
                 'password' => $hash,
                 'isAdmin' => 1
-            ),
+            )
         ));
 
         return $user;

application/Espo/Core/Utils/ClientManager.php

@@ -109,8 +109,5 @@ class ClientManager
         }
 
         echo $html;
-        exit;
     }
 }
-
-

application/Espo/Core/Utils/Database/DBAL/Platforms/MySqlPlatform.php

@@ -133,7 +133,6 @@ class MySqlPlatform extends \Doctrine\DBAL\Platforms\MySqlPlatform
             );
         }
 
-
         return array_merge($sql, $tableSql, $columnSql);
     }
 
@@ -305,10 +304,23 @@ class MySqlPlatform extends \Doctrine\DBAL\Platforms\MySqlPlatform
     protected function _getCreateTableSQL($tableName, array $columns, array $options = array())
     {
         if (!isset($options['engine'])) {
-            $options['engine'] = 'MyISAM';
+            $options['engine'] = 'InnoDB';
+        }
+
+        if (!isset($options['charset'])) {
+            $options['charset'] = 'utf8mb4';
+        }
+
+        if (!isset($options['collate'])) {
+            $options['collate'] = 'utf8mb4_unicode_ci';
         }
 
         return parent::_getCreateTableSQL($tableName, $columns, $options);
     }
+
+    public function getColumnCollationDeclarationSQL($collation)
+    {
+        return $this->getCollationFieldDeclaration($collation);
+    }
     //end: ESPO
 }

application/Espo/Core/Utils/Database/Orm/Converter.php

@@ -62,6 +62,7 @@ class Converter
         'maxLength' => 'len',
         'len' => 'len',
         'notNull' => 'notNull',
+        'exportDisabled' => 'notExportable',
         'autoincrement' => 'autoincrement',
         'entity' => 'entity',
         'notStorable' => 'notStorable',
@@ -275,7 +276,8 @@ class Converter
             )
         );
 
-        foreach($entityMetadata['fields'] as $fieldName => $fieldParams) {
+        foreach ($entityMetadata['fields'] as $fieldName => $fieldParams) {
+            if (empty($fieldParams['type'])) continue;
 
             /** check if "fields" option exists in $fieldMeta */
             $fieldTypeMetadata = $this->getMetadataHelper()->getFieldDefsByType($fieldParams);

application/Espo/Core/Utils/Database/Orm/Fields/AttachmentMultiple.php

@@ -37,20 +37,23 @@ class AttachmentMultiple extends Base
             $entityType => array (
                 'fields' => array(
                     $fieldName.'Ids' => array(
-                        'type' => 'varchar',
-                        'notStorable' => true
+                        'type' => 'jsonArray',
+                        'notStorable' => true,
+                        'orderBy' => [['createdAt', 'ASC'], ['name', 'ASC']],
+                        'isLinkMultipleIdList' => true
                     ),
                     $fieldName.'Names' => array(
-                        'type' => 'varchar',
-                        'notStorable' => true
-                    ),
+                        'type' => 'jsonObject',
+                        'notStorable' => true,
+                        'isLinkMultipleNameMap' => true
+                    )
                 )
             ),
             'unset' => array(
                 $entityType => array(
                     'fields.'.$fieldName,
-                ),
-            ),
+                )
+            )
         );
 
         return $data;

application/Espo/Core/Utils/Database/Orm/Fields/Email.php

@@ -85,6 +85,11 @@ class Email extends Base
                         'type' => 'text',
                         'notStorable' => true
                     ),
+                    $fieldName .'IsOptedOut' => array(
+                        'type' => 'bool',
+                        'notStorable' => true,
+                        'select' => 'emailAddresses.opt_out'
+                    )
                 ),
                 'relations' => array(
                     'emailAddresses' => array(

application/Espo/Core/Utils/Database/Orm/Fields/LinkMultiple.php

@@ -37,28 +37,38 @@ class LinkMultiple extends Base
             $entityName => array (
                 'fields' => array(
                     $fieldName.'Ids' => array(
-                        'type' => 'varchar',
+                        'type' => 'jsonArray',
                         'notStorable' => true,
                         'isLinkMultipleIdList' => true,
                         'relation' => $fieldName
                     ),
                     $fieldName.'Names' => array(
-                        'type' => 'varchar',
+                        'type' => 'jsonObject',
                         'notStorable' => true,
-                    ),
-                ),
+                        'isLinkMultipleNameMap' => true
+                    )
+                )
             ),
             'unset' => array(
                 $entityName => array(
-                    'fields.'.$fieldName,
-                ),
-            ),
+                    'fields.'.$fieldName
+                )
+            )
         );
 
+        $fieldParams = $this->getFieldParams();
+
+        if (array_key_exists('orderBy', $fieldParams)) {
+            $data[$entityName]['fields'][$fieldName . 'Ids']['orderBy'] = $fieldParams['orderBy'];
+            if (array_key_exists('orderDirection', $fieldParams)) {
+                $data[$entityName]['fields'][$fieldName . 'Ids']['orderDirection'] = $fieldParams['orderDirection'];
+            }
+        }
+
         $columns = $this->getMetadata()->get("entityDefs.{$entityName}.fields.{$fieldName}.columns");
         if (!empty($columns)) {
             $data[$entityName]['fields'][$fieldName . 'Columns'] = array(
-                'type' => 'varchar',
+                'type' => 'jsonObject',
                 'notStorable' => true,
             );
         }

application/Espo/Core/Utils/Database/Schema/Converter.php

@@ -28,15 +28,18 @@
  ************************************************************************/
 
 namespace Espo\Core\Utils\Database\Schema;
-use Espo\Core\Utils\Util,
-    Espo\ORM\Entity,
-    Espo\Core\Exceptions\Error;
 
+use Espo\Core\Utils\Util;
+use Espo\ORM\Entity;
+use Espo\Core\Exceptions\Error;
+use Espo\Core\Utils\Database\Schema\Utils as SchemaUtils;
 
 class Converter
 {
     private $dbalSchema;
 
+    private $databaseSchema;
+
     private $fileManager;
 
     private $metadata;
@@ -76,10 +79,13 @@ class Converter
         'foreign'
     );
 
-    public function __construct(\Espo\Core\Utils\Metadata $metadata, \Espo\Core\Utils\File\Manager $fileManager)
+    protected $maxIndexLength;
+
+    public function __construct(\Espo\Core\Utils\Metadata $metadata, \Espo\Core\Utils\File\Manager $fileManager, \Espo\Core\Utils\Database\Schema\Schema $databaseSchema)
     {
         $this->metadata = $metadata;
         $this->fileManager = $fileManager;
+        $this->databaseSchema = $databaseSchema;
 
         $this->typeList = array_keys(\Doctrine\DBAL\Types\Type::getTypesMap());
     }
@@ -110,6 +116,20 @@ class Converter
         return $this->dbalSchema;
     }
 
+    protected function getDatabaseSchema()
+    {
+        return $this->databaseSchema;
+    }
+
+    protected function getMaxIndexLength()
+    {
+        if (!isset($this->maxIndexLength)) {
+            $this->maxIndexLength = $this->getDatabaseSchema()->getMaxIndexLength();
+        }
+
+        return $this->maxIndexLength;
+    }
+
     /**
      * Schema convertation process
      *
@@ -154,6 +174,9 @@ class Converter
 
         $schema = $this->getSchema(true);
 
+        $indexList = SchemaUtils::getIndexList($ormMeta);
+        $fieldListExceededIndexMaxLength = SchemaUtils::getFieldListExceededIndexMaxLength($ormMeta, $this->getMaxIndexLength());
+
         $tables = array();
         foreach ($ormMeta as $entityName => $entityParams) {
 
@@ -177,7 +200,7 @@ class Converter
 
             $primaryColumns = array();
             $uniqueColumns = array();
-            $indexList = array(); //list of indexes like array( array(comlumn1, column2), array(column3))
+
             foreach ($entityParams['fields'] as $fieldName => $fieldParams) {
 
                 if ((isset($fieldParams['notStorable']) && $fieldParams['notStorable']) || in_array($fieldParams['type'], $this->notStorableTypes)) {
@@ -197,37 +220,26 @@ class Converter
                     continue;
                 }
 
+                if (isset($fieldListExceededIndexMaxLength[$entityName]) && in_array($fieldName, $fieldListExceededIndexMaxLength[$entityName])) {
+                    $fieldParams['utf8mb3'] = true;
+                }
+
                 $columnName = Util::toUnderScore($fieldName);
                 if (!$tables[$entityName]->hasColumn($columnName)) {
                     $tables[$entityName]->addColumn($columnName, $fieldType, $this->getDbFieldParams($fieldParams));
                 }
 
                 //add unique
-                if ($fieldParams['type']!= 'id' && isset($fieldParams['unique'])) {
+                if ($fieldParams['type'] != 'id' && isset($fieldParams['unique'])) {
                     $uniqueColumns = $this->getKeyList($columnName, $fieldParams['unique'], $uniqueColumns);
                 } //END: add unique
-
-                //add index. It can be defined in entityDefs as "index"
-                if (isset($fieldParams['index'])) {
-                    $indexList = $this->getKeyList($columnName, $fieldParams['index'], $indexList);
-                } //END: add index
             }
 
             $tables[$entityName]->setPrimaryKey($primaryColumns);
 
-            //add indexes
-            if (isset($entityParams['indexes']) && is_array($entityParams['indexes'])) {
-                foreach ($entityParams['indexes'] as $indexName => $indexParams) {
-                    if (is_array($indexParams['columns'])) {
-                        $tableIndexName = $this->generateIndexName($indexName, $entityName);
-                        $indexList[$tableIndexName] = Util::toUnderScore($indexParams['columns']);
-                    }
-                }
-            }
-            if (!empty($indexList)) {
-                foreach($indexList as $indexName => $indexItem) {
-                    $tableIndexName = is_string($indexName) ? $indexName : null;
-                    $tables[$entityName]->addIndex($indexItem, $tableIndexName);
+            if (!empty($indexList[$entityName])) {
+                foreach($indexList[$entityName] as $indexName => $indexColumnList) {
+                    $tables[$entityName]->addIndex($indexColumnList, $indexName);
                 }
             }
 
@@ -285,14 +297,21 @@ class Converter
         }
 
         $table = $this->getSchema()->createTable($tableName);
-        $table->addColumn('id', 'int', array('length'=>$this->defaultLength['int'], 'autoincrement' => true, 'notnull' => true,));  //'unique' => true,
+        $table->addColumn('id', 'int', $this->getDbFieldParams(array(
+            'type' => 'int',
+            'len' => $this->defaultLength['int'],
+            'autoincrement' => true,
+        )));
 
         //add midKeys to a schema
         $uniqueIndex = array();
         foreach($relationParams['midKeys'] as $index => $midKey) {
 
             $columnName = Util::toUnderScore($midKey);
-            $table->addColumn($columnName, $this->idParams['dbType'], array('length'=>$this->idParams['len']));
+            $table->addColumn($columnName, $this->idParams['dbType'], $this->getDbFieldParams(array(
+                'type' => 'foreignId',
+                'len' => $this->idParams['len'],
+            )));
             $table->addIndex(array($columnName));
 
             $uniqueIndex[] = $columnName;
@@ -306,7 +325,7 @@ class Converter
                 if (!isset($fieldParams['type'])) {
                     $fieldParams = array_merge($fieldParams, array(
                         'type' => 'varchar',
-                        'length' => $this->defaultLength['varchar'],
+                        'len' => $this->defaultLength['varchar'],
                     ));
                 }
 
@@ -326,7 +345,11 @@ class Converter
         }
         //END: add unique indexes
 
-        $table->addColumn('deleted', 'bool', array('default' => 0));
+        $table->addColumn('deleted', 'bool', $this->getDbFieldParams(array(
+            'type' => 'bool',
+            'default' => false,
+        )));
+
         $table->setPrimaryKey(array("id"));
 
         return $table;
@@ -337,13 +360,20 @@ class Converter
         $dbFieldParams = array();
 
         foreach($this->allowedDbFieldParams as $espoName => $dbalName) {
-
             if (isset($fieldParams[$espoName])) {
                 $dbFieldParams[$dbalName] = $fieldParams[$espoName];
             }
         }
 
         switch ($fieldParams['type']) {
+            case 'id':
+            case 'foreignId':
+            case 'foreignType':
+                if ($this->getMaxIndexLength() < 3072) {
+                    $fieldParams['utf8mb3'] = true;
+                }
+                break;
+
             case 'array':
             case 'jsonArray':
             case 'text':
@@ -360,12 +390,17 @@ class Converter
                 break;
         }
 
-
-        if ( isset($fieldParams['autoincrement']) && $fieldParams['autoincrement'] ) {
+        if (isset($fieldParams['autoincrement']) && $fieldParams['autoincrement']) {
             $dbFieldParams['unique'] = true;
             $dbFieldParams['notnull'] = true;
         }
 
+        if (isset($fieldParams['utf8mb3']) && $fieldParams['utf8mb3']) {
+            $dbFieldParams['platformOptions'] = array(
+                'collation' => 'utf8_unicode_ci',
+            );
+        }
+
         return $dbFieldParams;
     }
 
@@ -378,9 +413,11 @@ class Converter
     protected function getKeyList($columnName, $keyValue, array $keyList)
     {
         if ($keyValue === true) {
-            $keyList[] = array($columnName);
+            $tableIndexName = SchemaUtils::generateIndexName($columnName);
+            $keyList[$tableIndexName] = array($columnName);
         } else if (is_string($keyValue)) {
-            $keyList[$keyValue][] = $columnName;
+            $tableIndexName = SchemaUtils::generateIndexName($keyValue);
+            $keyList[$tableIndexName][] = $columnName;
         }
 
         return $keyList;
@@ -451,23 +488,6 @@ class Converter
         return $dependentEntities;
     }
 
-    /**
-     * Generate index name
-     *
-     * @return string
-     */
-    protected function generateIndexName($name, $entityName)
-    {
-        $names = array(
-            'IDX',
-        );
-
-        $names[] = strtoupper( Util::toUnderScore($entityName) );
-        $names[] = strtoupper( Util::toUnderScore($name) );
-
-        return implode('_', $names);
-    }
-
     protected function loadData($path)
     {
         $tables = array();
@@ -487,4 +507,4 @@ class Converter
 
         return $tables;
     }
-}
+}

application/Espo/Core/Utils/Database/Schema/Schema.php

@@ -94,7 +94,7 @@ class Schema
 
         $this->converter = new \Espo\Core\Utils\Database\Converter($this->metadata, $this->fileManager);
 
-        $this->schemaConverter = new Converter($this->metadata, $this->fileManager);
+        $this->schemaConverter = new Converter($this->metadata, $this->fileManager, $this);
 
         $this->ormMetadata = $ormMetadata;
     }
@@ -312,5 +312,45 @@ class Schema
         }
     }
 
+    public function getMaxIndexLength()
+    {
+        $connection = $this->getConnection();
+        $mysqlEngine = $this->getMysqlEngine();
 
+        switch ($mysqlEngine) {
+            case 'InnoDB':
+                $mysqlVersion = $this->getMysqlVersion();
+
+                if (version_compare($mysqlVersion, '10.0.0') >= 0) {
+                    return 767; //InnoDB, MariaDB
+                }
+
+                if (version_compare($mysqlVersion, '5.7.0') >= 0) {
+                    return 3072; //InnoDB, MySQL 5.7+
+                }
+
+                return 767; //InnoDB
+                break;
+        }
+
+        return 1000; //MyISAM
+    }
+
+    protected function getMysqlVersion()
+    {
+        $connection = $this->getConnection();
+        return $connection->fetchColumn("select version()");
+    }
+
+    protected function getMysqlEngine()
+    {
+        $connection = $this->getConnection();
+        $result = $connection->fetchColumn("SHOW TABLE STATUS WHERE Engine = 'MyISAM'");
+
+        if (!empty($result)) {
+            return 'MyISAM';
+        }
+
+        return 'InnoDB';
+    }
 }

application/Espo/Core/Utils/Database/Schema/Utils.php

@@ -0,0 +1,166 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Utils\Database\Schema;
+
+use Espo\Core\Utils\Util;
+
+class Utils
+{
+    public static function getIndexList(array $ormMeta)
+    {
+        $indexList = array();
+
+        foreach ($ormMeta as $entityName => $entityParams) {
+            foreach ($entityParams['fields'] as $fieldName => $fieldParams) {
+                if (isset($fieldParams['notStorable']) && $fieldParams['notStorable']) {
+                    continue;
+                }
+
+                if (isset($fieldParams['index'])) {
+                    $keyValue = $fieldParams['index'];
+                    $columnName = Util::toUnderScore($fieldName);
+
+                    if (!isset($indexList[$entityName])) {
+                        $indexList[$entityName] = [];
+                    }
+
+                    if ($keyValue === true) {
+                        $tableIndexName = static::generateIndexName($columnName);
+                        $indexList[$entityName][$tableIndexName] = array($columnName);
+                    } else if (is_string($keyValue)) {
+                        $tableIndexName = static::generateIndexName($keyValue);
+                        $indexList[$entityName][$tableIndexName][] = $columnName;
+                    }
+                }
+            }
+
+            if (isset($entityParams['indexes']) && is_array($entityParams['indexes'])) {
+                foreach ($entityParams['indexes'] as $indexName => $indexParams) {
+                    if (is_array($indexParams['columns'])) {
+                        $tableIndexName = static::generateIndexName($indexName);
+                        $indexList[$entityName][$tableIndexName] = Util::toUnderScore($indexParams['columns']);
+                    }
+                }
+            }
+        }
+
+        return $indexList;
+    }
+
+    public static function generateIndexName($name, $prefix = 'IDX', $maxLength = 30)
+    {
+        $nameList = [];
+        $nameList[] = strtoupper($prefix);
+        $nameList[] = strtoupper( Util::toUnderScore($name) );
+
+        return substr(implode('_', $nameList), 0, $maxLength);
+    }
+
+    public static function getFieldListExceededIndexMaxLength(array $ormMeta, $indexMaxLength = 1000, $characterLength = 4)
+    {
+        $permittedFieldTypeList = [
+            'varchar',
+        ];
+
+        $fields = array();
+
+        $indexList = static::getIndexList($ormMeta);
+
+        foreach ($indexList as $entityName => $indexes) {
+            foreach ($indexes as $indexName => $columnList) {
+                $indexLength = 0;
+                foreach ($columnList as $columnName) {
+                    $fieldName = Util::toCamelCase($columnName);
+
+                    if (!isset($ormMeta[$entityName]['fields'][$fieldName])) {
+                        continue;
+                    }
+
+                    $indexLength += static::getFieldLength($ormMeta[$entityName]['fields'][$fieldName], $characterLength);
+                }
+
+                if ($indexLength > $indexMaxLength) {
+                    foreach ($columnList as $columnName) {
+                        $fieldName = Util::toCamelCase($columnName);
+                        if (!isset($ormMeta[$entityName]['fields'][$fieldName])) {
+                            continue;
+                        }
+
+                        $fieldType = static::getFieldType($ormMeta[$entityName]['fields'][$fieldName]);
+
+                        if (in_array($fieldType, $permittedFieldTypeList)) {
+                            if (!isset($fields[$entityName]) || !in_array($fieldName, $fields[$entityName])) {
+                                $fields[$entityName][] = $fieldName;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        return $fields;
+    }
+
+    protected static function getFieldLength(array $ormFieldDefs, $characterLength = 4)
+    {
+        $length = 0;
+
+        if (isset($ormFieldDefs['notStorable']) && $ormFieldDefs['notStorable']) {
+            return $length;
+        }
+
+        $defaultLength = array(
+            'datetime' => 8,
+            'time' => 4,
+            'int' => 4,
+            'bool' => 1,
+            'float' => 4,
+            'varchar' => 255,
+        );
+
+        $type = static::getFieldType($ormFieldDefs);
+
+        $length = isset($defaultLength[$type]) ? $defaultLength[$type] : $length;
+        $length = isset($ormFieldDefs['len']) ? $ormFieldDefs['len'] : $length;
+
+        switch ($type) {
+            case 'varchar':
+                $length = $length * $characterLength;
+                break;
+        }
+
+        return $length;
+    }
+
+    protected static function getFieldType(array $ormFieldDefs)
+    {
+        return isset($ormFieldDefs['dbType']) ? $ormFieldDefs['dbType'] : $ormFieldDefs['type'];
+    }
+}

application/Espo/Core/Utils/Database/Schema/rebuildActions/Currency.php

@@ -28,6 +28,7 @@
  ************************************************************************/
 
 namespace Espo\Core\Utils\Database\Schema\rebuildActions;
+
 class Currency extends \Espo\Core\Utils\Database\Schema\BaseRebuildActions
 {
 

application/Espo/Core/Utils/DateTime.php

@@ -189,4 +189,38 @@ class DateTime
     {
         return date($this->getInternalDateFormat());
     }
+
+    public function getTodayString($timezone = null)
+    {
+        if ($timezone) {
+            $timezoneObj = new \DateTimeZone($timezone);
+        } else {
+            $timezoneObj = $this->timezone;
+        }
+
+        $dateTime = new \DateTime();
+        $dateTime->setTimezone($timezoneObj);
+
+        return $dateTime->format($this->getPhpDateFormat());
+    }
+
+    public function getNowString($timezone = null, $format = null)
+    {
+        if ($timezone) {
+            $timezoneObj = new \DateTimeZone($timezone);
+        } else {
+            $timezoneObj = $this->timezone;
+        }
+
+        $dateTime = new \DateTime();
+        $dateTime->setTimezone($timezoneObj);
+
+        if ($format) {
+            $phpFormat = $this->convertFormatToPhp($format);
+        } else {
+            $phpFormat = $this->getPhpDateTimeFormat();
+        }
+
+        return $dateTime->format($phpFormat);
+    }
 }

application/Espo/Core/Utils/EntityManager.php

@@ -30,6 +30,7 @@
 namespace Espo\Core\Utils;
 
 use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\BadRequest;
 use \Espo\Core\Exceptions\Forbidden;
 use \Espo\Core\Exceptions\Conflict;
 use \Espo\Core\Utils\Json;
@@ -80,6 +81,11 @@ class EntityManager
         return $this->language;
     }
 
+    protected function getBaseLanguage()
+    {
+        return $this->container->get('baseLanguage');
+    }
+
     protected function getFileManager()
     {
         return $this->fileManager;
@@ -122,17 +128,36 @@ class EntityManager
         return false;
     }
 
-    public function create($name, $type, $params = array())
+    public function create($name, $type, $params = [], $replaceData = [])
     {
         $name = ucfirst($name);
         $name = trim($name);
 
+        if (empty($name) || empty($type)) {
+            throw new BadRequest();
+        }
+
+        if (strlen($name) > 100) {
+            throw new Error('Entity name should not be longer than 100.');
+        }
+
+        if (is_numeric($name[0])) {
+            throw new Error('Bad entity name.');
+        }
+
+        if (!in_array($type, $this->getMetadata()->get(['app', 'entityTemplateList'], []))) {
+            throw new Error('Type \''.$type.'\' does not exist.');
+        }
+
+        $templateDefs = $this->getMetadata()->get(['app', 'entityTemplates', $type], []);
+
+        if (!empty($templateDefs['isNotCreatable']) && empty($params['forceCreate'])) {
+            throw new Error('Type \''.$type.'\' is not creatable.');
+        }
+
         if ($this->getMetadata()->get('scopes.' . $name)) {
             throw new Conflict('Entity \''.$name.'\' already exists.');
         }
-        if (empty($name) || empty($type)) {
-            throw new Error();
-        }
 
         if ($this->checkControllerExists($name)) {
             throw new Conflict('Entity name \''.$name.'\' is not allowed.');
@@ -149,9 +174,20 @@ class EntityManager
 
         $normalizedName = Util::normilizeClassName($name);
 
+        $templateNamespace = "\Espo\Core\Templates";
+        $templatePath = "application/Espo/Core/Templates";
+
+        $templateModuleName = null;
+        if (!empty($templateDefs['module'])) {
+            $templateModuleName = $templateDefs['module'];
+            $normalizedTemplateModuleName = Util::normilizeClassName($templateModuleName);
+            $templateNamespace = "\Espo\Modules\\{$normalizedTemplateModuleName}\Core\Templates";
+            $templatePath = "application/Espo/Modules/".$normalizedTemplateModuleName."/Core/Templates";
+        }
+
         $contents = "<" . "?" . "php\n\n".
             "namespace Espo\Custom\Entities;\n\n".
-            "class {$normalizedName} extends \Espo\Core\Templates\Entities\\{$type}\n".
+            "class {$normalizedName} extends {$templateNamespace}\Entities\\{$type}\n".
             "{\n".
             "    protected \$entityType = \"$name\";\n".
             "}\n";
@@ -161,7 +197,7 @@ class EntityManager
 
         $contents = "<" . "?" . "php\n\n".
             "namespace Espo\Custom\Controllers;\n\n".
-            "class {$normalizedName} extends \Espo\Core\Templates\Controllers\\{$type}\n".
+            "class {$normalizedName} extends {$templateNamespace}\Controllers\\{$type}\n".
             "{\n".
             "}\n";
         $filePath = "custom/Espo/Custom/Controllers/{$normalizedName}.php";
@@ -169,7 +205,7 @@ class EntityManager
 
         $contents = "<" . "?" . "php\n\n".
             "namespace Espo\Custom\Services;\n\n".
-            "class {$normalizedName} extends \Espo\Core\Templates\Services\\{$type}\n".
+            "class {$normalizedName} extends {$templateNamespace}\Services\\{$type}\n".
             "{\n".
             "}\n";
         $filePath = "custom/Espo/Custom/Services/{$normalizedName}.php";
@@ -177,17 +213,17 @@ class EntityManager
 
         $contents = "<" . "?" . "php\n\n".
             "namespace Espo\Custom\Repositories;\n\n".
-            "class {$normalizedName} extends \Espo\Core\Templates\Repositories\\{$type}\n".
+            "class {$normalizedName} extends {$templateNamespace}\Repositories\\{$type}\n".
             "{\n".
             "}\n";
 
         $filePath = "custom/Espo/Custom/Repositories/{$normalizedName}.php";
         $this->getFileManager()->putContents($filePath, $contents);
 
-        if (file_exists('application/Espo/Core/Templates/SelectManagers/' . $type . '.php')) {
+        if (file_exists($templatePath . '/SelectManagers/' . $type . '.php')) {
             $contents = "<" . "?" . "php\n\n".
                 "namespace Espo\Custom\SelectManagers;\n\n".
-                "class {$normalizedName} extends \Espo\Core\Templates\SelectManagers\\{$type}\n".
+                "class {$normalizedName} extends {$templateNamespace}\SelectManagers\\{$type}\n".
                 "{\n".
                 "}\n";
 
@@ -214,19 +250,26 @@ class EntityManager
 
         $languageList = $this->getConfig()->get('languageList', []);
         foreach ($languageList as $language) {
-            $filePath = 'application/Espo/Core/Templates/i18n/' . $language . '/' . $type . '.json';
+            $filePath = $templatePath . '/i18n/' . $language . '/' . $type . '.json';
             if (!file_exists($filePath)) continue;
             $languageContents = $this->getFileManager()->getContents($filePath);
             $languageContents = str_replace('{entityType}', $name, $languageContents);
             $languageContents = str_replace('{entityTypeTranslated}', $labelSingular, $languageContents);
+            foreach ($replaceData as $key => $value) {
+                $languageContents = str_replace('{'.$key.'}', $value, $languageContents);
+            }
 
             $destinationFilePath = 'custom/Espo/Custom/Resources/i18n/' . $language . '/' . $name . '.json';
             $this->getFileManager()->putContents($destinationFilePath, $languageContents);
         }
 
-        $filePath = "application/Espo/Core/Templates/Metadata/{$type}/scopes.json";
+        $filePath = $templatePath . "/Metadata/{$type}/scopes.json";
         $scopesDataContents = $this->getFileManager()->getContents($filePath);
         $scopesDataContents = str_replace('{entityType}', $name, $scopesDataContents);
+        foreach ($replaceData as $key => $value) {
+            $scopesDataContents = str_replace('{'.$key.'}', $value, $scopesDataContents);
+        }
+
         $scopesData = Json::decode($scopesDataContents, true);
 
         $scopesData['stream'] = $stream;
@@ -236,28 +279,54 @@ class EntityManager
         $scopesData['object'] = true;
         $scopesData['isCustom'] = true;
 
+        if (!empty($templateDefs['isNotRemovable']) ||!empty($params['isNotRemovable'])) {
+            $scopesData['isNotRemovable'] = true;
+        }
+
+        if (!empty($params['kanbanStatusIgnoreList'])) {
+            $scopesData['kanbanStatusIgnoreList'] = $params['kanbanStatusIgnoreList'];
+        }
+
         $this->getMetadata()->set('scopes', $name, $scopesData);
 
-        $filePath = "application/Espo/Core/Templates/Metadata/{$type}/entityDefs.json";
+        $filePath = $templatePath . "/Metadata/{$type}/entityDefs.json";
         $entityDefsDataContents = $this->getFileManager()->getContents($filePath);
         $entityDefsDataContents = str_replace('{entityType}', $name, $entityDefsDataContents);
         $entityDefsDataContents = str_replace('{tableName}', $this->getEntityManager()->getQuery()->toDb($name), $entityDefsDataContents);
+        foreach ($replaceData as $key => $value) {
+            $entityDefsDataContents = str_replace('{'.$key.'}', $value, $entityDefsDataContents);
+        }
         $entityDefsData = Json::decode($entityDefsDataContents, true);
         $this->getMetadata()->set('entityDefs', $name, $entityDefsData);
 
-        $filePath = "application/Espo/Core/Templates/Metadata/{$type}/clientDefs.json";
+        $filePath = $templatePath . "/Metadata/{$type}/clientDefs.json";
         $clientDefsContents = $this->getFileManager()->getContents($filePath);
         $clientDefsContents = str_replace('{entityType}', $name, $clientDefsContents);
+        foreach ($replaceData as $key => $value) {
+            $clientDefsContents = str_replace('{'.$key.'}', $value, $clientDefsContents);
+        }
         $clientDefsData = Json::decode($clientDefsContents, true);
+
+        if (array_key_exists('color', $params)) {
+            $clientDefsData['color'] = $params['color'];
+        }
+
+        if (array_key_exists('iconClass', $params)) {
+            $clientDefsData['iconClass'] = $params['iconClass'];
+        }
+
+        if (!empty($params['kanbanViewMode'])) {
+            $clientDefsData['kanbanViewMode'] = true;
+        }
         $this->getMetadata()->set('clientDefs', $name, $clientDefsData);
 
-        $this->getLanguage()->set('Global', 'scopeNames', $name, $labelSingular);
-        $this->getLanguage()->set('Global', 'scopeNamesPlural', $name, $labelPlural);
+        $this->getBaseLanguage()->set('Global', 'scopeNames', $name, $labelSingular);
+        $this->getBaseLanguage()->set('Global', 'scopeNamesPlural', $name, $labelPlural);
 
         $this->getMetadata()->save();
-        $this->getLanguage()->save();
+        $this->getBaseLanguage()->save();
 
-        $layoutsPath = "application/Espo/Core/Templates/Layouts/{$type}";
+        $layoutsPath = $templatePath . "/Layouts/{$type}";
         if ($this->getFileManager()->isDir($layoutsPath)) {
             $this->getFileManager()->copy($layoutsPath, 'custom/Espo/Custom/Resources/layouts/' . $name);
         }
@@ -284,6 +353,11 @@ class EntityManager
             $this->getMetadata()->set('scopes', $name, $scopeData);
         }
 
+        $isCustom = false;
+        if (!empty($scopeData['isCustom'])) {
+            $isCustom = true;
+        }
+
         if (array_key_exists('statusField', $data)) {
             $scopeData['statusField'] = $data['statusField'];
             $this->getMetadata()->set('scopes', $name, $scopeData);
@@ -291,14 +365,23 @@ class EntityManager
 
         if (!empty($data['labelSingular'])) {
             $labelSingular = $data['labelSingular'];
-            $this->getLanguage()->set('Global', 'scopeNames', $name, $labelSingular);
             $labelCreate = $this->getLanguage()->translate('Create') . ' ' . $labelSingular;
+
+            $this->getLanguage()->set('Global', 'scopeNames', $name, $labelSingular);
             $this->getLanguage()->set($name, 'labels', 'Create ' . $name, $labelCreate);
+
+            if ($isCustom) {
+                $this->getBaseLanguage()->set('Global', 'scopeNames', $name, $labelSingular);
+                $this->getBaseLanguage()->set($name, 'labels', 'Create ' . $name, $labelCreate);
+            }
         }
 
         if (!empty($data['labelPlural'])) {
             $labelPlural = $data['labelPlural'];
             $this->getLanguage()->set('Global', 'scopeNamesPlural', $name, $labelPlural);
+            if ($isCustom) {
+                $this->getBaseLanguage()->set('Global', 'scopeNamesPlural', $name, $labelPlural);
+            }
         }
 
         if (isset($data['sortBy'])) {
@@ -320,13 +403,44 @@ class EntityManager
             $this->getMetadata()->set('entityDefs', $name, $entityDefsData);
         }
 
+        if (array_key_exists('kanbanStatusIgnoreList', $data)) {
+            $scopeData['kanbanStatusIgnoreList'] = $data['kanbanStatusIgnoreList'];
+            $this->getMetadata()->set('scopes', $name, $scopeData);
+        }
+
+        if (array_key_exists('kanbanViewMode', $data)) {
+            $clientDefsData = [
+                'kanbanViewMode' => $data['kanbanViewMode']
+            ];
+            $this->getMetadata()->set('clientDefs', $name, $clientDefsData);
+        }
+
+        if (array_key_exists('color', $data)) {
+            $clientDefsData = [
+                'color' => $data['color']
+            ];
+            $this->getMetadata()->set('clientDefs', $name, $clientDefsData);
+        }
+
+        if (array_key_exists('iconClass', $data)) {
+            $clientDefsData = [
+                'iconClass' => $data['iconClass']
+            ];
+            $this->getMetadata()->set('clientDefs', $name, $clientDefsData);
+        }
+
         $this->getMetadata()->save();
         $this->getLanguage()->save();
+        if ($isCustom) {
+            if ($this->getLanguage()->getLanguage() !== $this->getBaseLanguage()->getLanguage()) {
+                $this->getBaseLanguage()->save();
+            }
+        }
 
         return true;
     }
 
-    public function delete($name)
+    public function delete($name, $params = [])
     {
         if (!$this->isCustom($name)) {
             throw new Forbidden;
@@ -336,6 +450,19 @@ class EntityManager
 
         $type = $this->getMetadata()->get(['scopes', $name, 'type']);
 
+        $isNotRemovable = $this->getMetadata()->get(['scopes', $name, 'isNotRemovable']);
+
+        $templateDefs = $this->getMetadata()->get(['app', 'entityTemplates', $type], []);
+
+        $templateModuleName = null;
+        if (!empty($templateDefs['module'])) {
+            $templateModuleName = $templateDefs['module'];
+        }
+
+        if ((!empty($templateDefs['isNotRemovable']) || $isNotRemovable) && empty($params['forceRemove'])) {
+            throw new Error('Type \''.$type.'\' is not removable.');
+        }
+
         $unsets = array(
             'entityDefs',
             'clientDefs',
@@ -377,11 +504,18 @@ class EntityManager
         try {
             $this->getLanguage()->delete('Global', 'scopeNames', $name);
             $this->getLanguage()->delete('Global', 'scopeNamesPlural', $name);
+
+            $this->getBaseLanguage()->delete('Global', 'scopeNames', $name);
+            $this->getBaseLanguage()->delete('Global', 'scopeNamesPlural', $name);
         } catch (\Exception $e) {}
 
         $this->getMetadata()->save();
         $this->getLanguage()->save();
 
+        if ($this->getLanguage()->getLanguage() !== $this->getBaseLanguage()->getLanguage()) {
+            $this->getBaseLanguage()->save();
+        }
+
         if ($type) {
             $this->processHook('afterRemove', $type, $name);
         }
@@ -414,6 +548,18 @@ class EntityManager
             }
         }
 
+        if (empty($link) || empty($linkForeign)) {
+            throw new BadRequest();
+        }
+
+        if (strlen($link) > 255 || strlen($linkForeign) > 255) {
+            throw new Error('Link name should not be longer than 255.');
+        }
+
+        if (is_numeric($link[0]) || is_numeric($linkForeign[0])) {
+            throw new Error('Bad link name.');
+        }
+
         $linkMultipleField = false;
         if (!empty($params['linkMultipleField'])) {
             $linkMultipleField = true;
@@ -619,9 +765,16 @@ class EntityManager
         $this->getLanguage()->set($entity, 'links', $link, $label);
         $this->getLanguage()->set($entityForeign, 'fields', $linkForeign, $labelForeign);
         $this->getLanguage()->set($entityForeign, 'links', $linkForeign, $labelForeign);
-
         $this->getLanguage()->save();
 
+        if ($this->getLanguage()->getLanguage() !== $this->getBaseLanguage()->getLanguage()) {
+            $this->getBaseLanguage()->set($entity, 'fields', $link, $label);
+            $this->getBaseLanguage()->set($entity, 'links', $link, $label);
+            $this->getBaseLanguage()->set($entityForeign, 'fields', $linkForeign, $labelForeign);
+            $this->getBaseLanguage()->set($entityForeign, 'links', $linkForeign, $labelForeign);
+            $this->getBaseLanguage()->save();
+        }
+
         return true;
     }
 
@@ -632,9 +785,6 @@ class EntityManager
         $entityForeign = $params['entityForeign'];
         $linkForeign = $params['linkForeign'];
 
-        $label = $params['label'];
-        $labelForeign = $params['labelForeign'];
-
         if (empty($entity) || empty($entityForeign)) {
             throw new Error();
         }
@@ -642,6 +792,8 @@ class EntityManager
             throw new Error();
         }
 
+        $isCustom = $this->getMetadata()->get("entityDefs.{$entity}.links.{$link}.isCustom");
+
         if (
             $this->getMetadata()->get("entityDefs.{$entity}.links.{$link}.type") == 'hasMany'
             &&
@@ -726,13 +878,41 @@ class EntityManager
             }
         }
 
-        $this->getLanguage()->set($entity, 'fields', $link, $label);
-        $this->getLanguage()->set($entity, 'links', $link, $label);
-        $this->getLanguage()->set($entityForeign, 'fields', $linkForeign, $labelForeign);
-        $this->getLanguage()->set($entityForeign, 'links', $linkForeign, $labelForeign);
+        $label = null;
+        if (isset($params['label'])) {
+            $label = $params['label'];
+        }
+        $labelForeign = null;
+        if (isset($params['labelForeign'])) {
+            $labelForeign = $params['labelForeign'];
+        }
+
+        if ($label) {
+            $this->getLanguage()->set($entity, 'fields', $link, $label);
+            $this->getLanguage()->set($entity, 'links', $link, $label);
+        }
+
+        if ($labelForeign) {
+            $this->getLanguage()->set($entityForeign, 'fields', $linkForeign, $labelForeign);
+            $this->getLanguage()->set($entityForeign, 'links', $linkForeign, $labelForeign);
+        }
 
         $this->getLanguage()->save();
 
+        if ($isCustom) {
+            if ($this->getBaseLanguage()->getLanguage() !== $this->getBaseLanguage()->getLanguage()) {
+                if ($label) {
+                    $this->getBaseLanguage()->set($entity, 'fields', $link, $label);
+                    $this->getBaseLanguage()->set($entity, 'links', $link, $label);
+                }
+                if ($labelForeign) {
+                    $this->getBaseLanguage()->set($entityForeign, 'fields', $linkForeign, $labelForeign);
+                    $this->getBaseLanguage()->set($entityForeign, 'links', $linkForeign, $labelForeign);
+                }
+                $this->getBaseLanguage()->save();
+            }
+        }
+
         return true;
     }
 
@@ -786,8 +966,20 @@ class EntityManager
 
     protected function getHook($type)
     {
+        $templateDefs = $this->getMetadata()->get(['app', 'entityTemplates', $type], []);
+
         $className = '\\Espo\\Core\\Utils\\EntityManager\\Hooks\\' . $type . 'Type';
-        $className = $this->getMetadata()->get(['entityTemplates', $type, 'hookClassName'], $className);
+
+        $templateModuleName = null;
+        if (!empty($templateDefs['module'])) {
+            $templateModuleName = $templateDefs['module'];
+            $normalizedTemplateModuleName = Util::normilizeClassName($templateModuleName);
+            $className = '\\Espo\\Modules\\'.$normalizedTemplateModuleName.'\\Core\\Utils\\EntityManager\\Hooks\\' . $type . 'Type';
+        }
+
+
+
+        $className = $this->getMetadata()->get(['app', 'entityTemplates', $type, 'hookClassName'], $className);
 
         if (class_exists($className)) {
             $hook = new $className();
@@ -798,4 +990,33 @@ class EntityManager
         }
         return;
     }
+
+    public function resetToDefaults($scope)
+    {
+        if ($this->isCustom($scope)) {
+            throw new Error("Can't reset to defaults custom entity type '{$scope}.'");
+        }
+
+        $this->getMetadata()->delete('scopes', $scope, [
+            'disabled',
+            'stream',
+            'statusField',
+            'kanbanStatusIgnoreList'
+        ]);
+        $this->getMetadata()->delete('clientDefs', $scope, [
+            'iconClass',
+            'statusField',
+            'kanbanViewMode'
+        ]);
+        $this->getMetadata()->delete('entityDefs', $scope, [
+            'collection.sortBy',
+            'collection.asc',
+            'collection.textFilterFields'
+        ]);
+        $this->getMetadata()->save();
+
+        $this->getLanguage()->delete('Global', 'scopeNames', $scope);
+        $this->getLanguage()->delete('Global', 'scopeNamesPlural', $scope);
+        $this->getLanguage()->save();
+    }
 }

application/Espo/Core/Utils/FieldManager.php

@@ -45,29 +45,28 @@ class FieldManager
 
     private $container;
 
-    protected $metadataType = 'entityDefs';
-
-    protected $customOptionName = 'isCustom';
-
     protected $forbiddenFieldNameList = ['id', 'deleted'];
 
-    public function __construct(Metadata $metadata, Language $language, Container $container = null)
+    public function __construct(Container $container = null)
     {
-        $this->metadata = $metadata;
-        $this->language = $language;
         $this->container = $container;
 
-        $this->metadataHelper = new \Espo\Core\Utils\Metadata\Helper($this->metadata);
+        $this->metadataHelper = new \Espo\Core\Utils\Metadata\Helper($this->getMetadata());
     }
 
     protected function getMetadata()
     {
-        return $this->metadata;
+        return $this->container->get('metadata');
     }
 
     protected function getLanguage()
     {
-        return $this->language;
+        return $this->container->get('language');
+    }
+
+    protected function getBaseLanguage()
+    {
+        return $this->container->get('baseLanguage');
     }
 
     protected function getMetadataHelper()
@@ -95,6 +94,18 @@ class FieldManager
 
     public function create($scope, $name, $fieldDefs)
     {
+        if (empty($name)) {
+            throw new BadRequest();
+        }
+
+        if (strlen($name) > 255) {
+            throw new Error('Field name should not be longer than 255.');
+        }
+
+        if (is_numeric($name[0])) {
+            throw new Error('Bad field name.');
+        }
+
         $existingField = $this->getFieldDefs($scope, $name);
         if (isset($existingField)) {
             throw new Conflict('Field ['.$name.'] exists in '.$scope);
@@ -119,18 +130,25 @@ class FieldManager
         $name = trim($name);
         $this->isChanged = false;
 
-        /*Add option to metadata to identify the custom field*/
         if (!$this->isCore($scope, $name)) {
-            $fieldDefs[$this->customOptionName] = true;
+            $fieldDefs['isCustom'] = true;
+        }
+
+        $isCustom = false;
+        if (!empty($fieldDefs['isCustom'])) {
+            $isCustom = true;
         }
 
         $result = true;
         $isLabelChanged = false;
+
         if (isset($fieldDefs['label'])) {
-            $isLabelChanged |= $this->setLabel($scope, $name, $fieldDefs['label']);
+            $this->setLabel($scope, $name, $fieldDefs['label'], $isNew, $isCustom);
+            $isLabelChanged = true;
         }
         if (isset($fieldDefs['tooltipText'])) {
-            $isLabelChanged |= $this->setTooltipText($scope, $name, $fieldDefs['tooltipText']);
+            $this->setTooltipText($scope, $name, $fieldDefs['tooltipText'], $isNew, $isCustom);
+            $isLabelChanged = true;
         }
 
         $type = isset($fieldDefs['type']) ? $fieldDefs['type'] : $type = $this->getMetadata()->get(['entityDefs', $scope, 'fields', $name, 'type']);
@@ -146,7 +164,8 @@ class FieldManager
                     unset($translatedOptions['_empty_']);
                 }
 
-                $isLabelChanged |= $this->setTranslatedOptions($scope, $name, $translatedOptions);
+                $this->setTranslatedOptions($scope, $name, $translatedOptions, $isNew, $isCustom);
+                $isLabelChanged = true;
             }
         }
 
@@ -163,17 +182,19 @@ class FieldManager
                             $subFieldName = $name . ucfirst($partField);
                             $subFieldLabel = $fieldDefs['label'] . ' ' . $partLabel;
                         }
-                        $isLabelChanged |= $this->setLabel($scope, $subFieldName, $subFieldLabel);
+                        $this->setLabel($scope, $subFieldName, $subFieldLabel, $isNew, $isCustom);
+                        $isLabelChanged = true;
                     }
                 }
             }
         }
 
         if ($isLabelChanged) {
-            $result &= $this->getLanguage()->save();
-
-            if (isset($fieldDefs['tooltipText'])) {
-                $this->getDefaultLanguage()->save();
+            $this->getLanguage()->save();
+            if ($isNew || $isCustom) {
+                if ($this->getBaseLanguage()->getLanguage() !== $this->getLanguage()->getLanguage()) {
+                    $this->getBaseLanguage()->save();
+                }
             }
         }
 
@@ -185,9 +206,7 @@ class FieldManager
         if (array_key_exists('dynamicLogicVisible', $fieldDefs)) {
             if (!is_null($fieldDefs['dynamicLogicVisible'])) {
                 $this->prepareClientDefsFieldsDynamicLogic($clientDefs, $name);
-                $clientDefs['dynamicLogic']['fields'][$name]['visible'] = array(
-                    'conditionGroup' => $fieldDefs['dynamicLogicVisible']
-                );
+                $clientDefs['dynamicLogic']['fields'][$name]['visible'] = $fieldDefs['dynamicLogicVisible'];
                 $metadataToBeSaved = true;
                 $clientDefsToBeSet = true;
             } else {
@@ -198,15 +217,12 @@ class FieldManager
                     $clientDefsToBeSet = true;
                 }
             }
-
         }
 
         if (array_key_exists('dynamicLogicReadOnly', $fieldDefs)) {
             if (!is_null($fieldDefs['dynamicLogicReadOnly'])) {
                 $this->prepareClientDefsFieldsDynamicLogic($clientDefs, $name);
-                $clientDefs['dynamicLogic']['fields'][$name]['readOnly'] = array(
-                    'conditionGroup' => $fieldDefs['dynamicLogicReadOnly']
-                );
+                $clientDefs['dynamicLogic']['fields'][$name]['readOnly'] = $fieldDefs['dynamicLogicReadOnly'];
                 $metadataToBeSaved = true;
                 $clientDefsToBeSet = true;
             } else {
@@ -222,9 +238,7 @@ class FieldManager
         if (array_key_exists('dynamicLogicRequired', $fieldDefs)) {
             if (!is_null($fieldDefs['dynamicLogicRequired'])) {
                 $this->prepareClientDefsFieldsDynamicLogic($clientDefs, $name);
-                $clientDefs['dynamicLogic']['fields'][$name]['required'] = array(
-                    'conditionGroup' => $fieldDefs['dynamicLogicRequired']
-                );
+                $clientDefs['dynamicLogic']['fields'][$name]['required'] = $fieldDefs['dynamicLogicRequired'];
                 $metadataToBeSaved = true;
                 $clientDefsToBeSet = true;
             } else {
@@ -337,6 +351,11 @@ class FieldManager
             }
         }
 
+        $this->getLanguage()->save();
+        if ($this->getBaseLanguage()->getLanguage() !== $this->getLanguage()->getLanguage()) {
+            $this->getBaseLanguage()->save();
+        }
+
         $this->processHook('afterRemove', $type, $scope, $name);
 
         return (bool) $res;
@@ -362,47 +381,37 @@ class FieldManager
         $this->getLanguage()->delete($scope, 'fields', $name);
         $this->getLanguage()->delete($scope, 'options', $name);
         $this->getLanguage()->delete($scope, 'tooltips', $name);
-        $this->getDefaultLanguage()->delete($scope, 'tooltips', $name);
 
         $this->getLanguage()->save();
-        $this->getDefaultLanguage()->save();
     }
 
-    protected function setTranslatedOptions($scope, $name, $value)
+    protected function setTranslatedOptions($scope, $name, $value, $isNew, $isCustom)
     {
-        if (!$this->isLabelChanged($scope, 'options', $name, $value)) {
-            return false;
+        if ($isNew || $isCustom) {
+            $this->getBaseLanguage()->set($scope, 'options', $name, $value);
         }
 
         $this->getLanguage()->set($scope, 'options', $name, $value);
-        return true;
     }
 
-    protected function setLabel($scope, $name, $value)
+    protected function setLabel($scope, $name, $value, $isNew, $isCustom)
     {
-        if (!$this->isLabelChanged($scope, 'fields', $name, $value)) {
-            return false;
+        if ($isNew || $isCustom) {
+            $this->getBaseLanguage()->set($scope, 'fields', $name, $value);
         }
 
         $this->getLanguage()->set($scope, 'fields', $name, $value);
-        return true;
     }
 
-    protected function setTooltipText($scope, $name, $value)
+    protected function setTooltipText($scope, $name, $value, $isNew, $isCustom)
     {
-        if (!$this->isLabelChanged($scope, 'tooltips', $name, $value)) {
-            return false;
-        }
-
         if ($value && $value !== '') {
             $this->getLanguage()->set($scope, 'tooltips', $name, $value);
-            $this->getDefaultLanguage()->set($scope, 'tooltips', $name, $value);
+            $this->getBaseLanguage()->set($scope, 'tooltips', $name, $value);
         } else {
             $this->getLanguage()->delete($scope, 'tooltips', $name);
-            $this->getDefaultLanguage()->delete($scope, 'tooltips', $name);
+            $this->getBaseLanguage()->delete($scope, 'tooltips', $name);
         }
-
-        return true;
     }
 
     protected function deleteLabel($scope, $name)
@@ -410,10 +419,10 @@ class FieldManager
         $this->getLanguage()->delete($scope, 'fields', $name);
         $this->getLanguage()->delete($scope, 'tooltips', $name);
         $this->getLanguage()->delete($scope, 'options', $name);
-        $this->getDefaultLanguage()->delete($scope, 'tooltips', $name);
 
-        $this->getLanguage()->save();
-        $this->getDefaultLanguage()->save();
+        $this->getBaseLanguage()->delete($scope, 'fields', $name);
+        $this->getBaseLanguage()->delete($scope, 'tooltips', $name);
+        $this->getBaseLanguage()->delete($scope, 'options', $name);
     }
 
     protected function getFieldDefs($scope, $name)
@@ -557,16 +566,7 @@ class FieldManager
         return $this->isChanged;
     }
 
-    /**
-     * Check if label is changed
-     *
-     * @param  string  $scope
-     * @param  string  $category
-     * @param  string  $name
-     * @param  mixed  $newLabel
-     *
-     * @return boolean
-     */
+
     protected function isLabelChanged($scope, $category, $name, $newLabel)
     {
          $currentLabel = $this->getLanguage()->get([$scope, $category, $name]);
@@ -578,11 +578,7 @@ class FieldManager
          return false;
     }
 
-    /**
-     * Only for update method
-     *
-     * @return boolean
-     */
+
     public function isChanged()
     {
         return $this->isChanged;
@@ -598,7 +594,7 @@ class FieldManager
     protected function isCore($scope, $name)
     {
         $existingField = $this->getFieldDefs($scope, $name);
-        if (isset($existingField) && (!isset($existingField[$this->customOptionName]) || !$existingField[$this->customOptionName])) {
+        if (isset($existingField) && (!isset($existingField['isCustom']) || !$existingField['isCustom'])) {
             return true;
         }
 

application/Espo/Core/Utils/FieldManagerUtil.php

@@ -33,6 +33,8 @@ class FieldManagerUtil
 {
     private $metadata;
 
+    private $fieldByTypeListCache = [];
+
     public function __construct(Metadata $metadata)
     {
         $this->metadata = $metadata;
@@ -95,4 +97,23 @@ class FieldManagerUtil
         return array_merge($this->getActualAttributeList($scope, $name), $this->getNotActualAttributeList($scope, $name));
     }
 
-}
+    public function getFieldByTypeList($scope, $type)
+    {
+        if (!array_key_exists($scope, $this->fieldByTypeListCache)) {
+            $this->fieldByTypeListCache[$scope] = [];
+        }
+
+        if (!array_key_exists($type, $this->fieldByTypeListCache[$scope])) {
+            $fieldDefs = $this->getMetadata()->get(['entityDefs', $scope, 'fields'], []);
+            $list = [];
+            foreach ($fieldDefs as $field => $defs) {
+                if (isset($defs['type']) && $defs['type'] === $type) {
+                    $list[] = $field;
+                }
+            }
+            $this->fieldByTypeListCache[$scope][$type] = $list;
+        }
+
+        return $this->fieldByTypeListCache[$scope][$type];
+    }
+}

application/Espo/Core/Utils/File/Manager.php

@@ -28,8 +28,9 @@
  ************************************************************************/
 
 namespace Espo\Core\Utils\File;
-use Espo\Core\Utils,
-    Espo\Core\Exceptions\Error;
+
+use Espo\Core\Utils;
+use Espo\Core\Exceptions\Error;
 
 class Manager
 {
@@ -110,7 +111,7 @@ class Manager
         }
 
         if ($isReturnSingleArray) {
-            return $this->getSingeFileList($result, $onlyFileType);
+            return $this->getSingeFileList($result, $onlyFileType, $path);
         }
 
         return $result;
@@ -125,7 +126,7 @@ class Manager
      *
      * @return aray
      */
-    protected function getSingeFileList(array $fileList, $onlyFileType = null, $parentDirName = '')
+    protected function getSingeFileList(array $fileList, $onlyFileType = null, $basePath = null, $parentDirName = '')
     {
         $singleFileList = array();
         foreach($fileList as $dirName => $fileName) {
@@ -133,16 +134,16 @@ class Manager
             if (is_array($fileName)) {
                 $currentDir = Utils\Util::concatPath($parentDirName, $dirName);
 
-                if (!isset($onlyFileType) || $onlyFileType == $this->isFile($currentDir)) {
+                if (!isset($onlyFileType) || $onlyFileType == $this->isFile($currentDir, $basePath)) {
                     $singleFileList[] = $currentDir;
                 }
 
-                $singleFileList = array_merge($singleFileList, $this->getSingeFileList($fileName, $onlyFileType, $currentDir));
+                $singleFileList = array_merge($singleFileList, $this->getSingeFileList($fileName, $onlyFileType, $basePath, $currentDir));
 
             } else {
                 $currentFileName = Utils\Util::concatPath($parentDirName, $fileName);
 
-                if (!isset($onlyFileType) || $onlyFileType == $this->isFile($currentFileName)) {
+                if (!isset($onlyFileType) || $onlyFileType == $this->isFile($currentFileName, $basePath)) {
                     $singleFileList[] = $currentFileName;
                 }
             }
@@ -221,7 +222,6 @@ class Manager
      */
     public function putPhpContents($path, $data, $withObjects = false)
     {
-
         return $this->putContents($path, $this->wrapForDataExport($data, $withObjects), LOCK_EX);
     }
 
@@ -425,13 +425,7 @@ class Manager
         $sourcePath = $this->concatPaths($sourcePath);
         $destPath = $this->concatPaths($destPath);
 
-        if (isset($fileList)) {
-            if (!empty($sourcePath)) {
-                foreach ($fileList as &$fileName) {
-                    $fileName = $this->concatPaths(array($sourcePath, $fileName));
-                }
-            }
-        } else {
+        if (!isset($fileList)) {
             $fileList = is_file($sourcePath) ? (array) $sourcePath : $this->getFileList($sourcePath, $recursively, '', true, true);
         }
 
@@ -489,8 +483,7 @@ class Manager
         $defaultPermissions = $this->getPermissionUtils()->getDefaultPermissions();
 
         if (file_exists($filePath)) {
-
-            if (!in_array($this->getPermissionUtils()->getCurrentPermission($filePath), array($defaultPermissions['file'], $defaultPermissions['dir']))) {
+            if (!is_writable($filePath) && !in_array($this->getPermissionUtils()->getCurrentPermission($filePath), array($defaultPermissions['file'], $defaultPermissions['dir']))) {
                 return $this->getPermissionUtils()->setDefaultPermissions($filePath, true);
             }
             return true;
@@ -679,10 +672,16 @@ class Manager
      * Check if $dirname is directory.
      *
      * @param  string  $dirname
+     * @param  string  $basePath
+     *
      * @return boolean
      */
-    public function isDir($dirname)
+    public function isDir($dirname, $basePath = null)
     {
+        if (!empty($basePath)) {
+            $dirname = $this->concatPaths([$basePath, $dirname]);
+        }
+
         return is_dir($dirname);
     }
 
@@ -690,10 +689,16 @@ class Manager
      * Check if $filename is file. If $filename doesn'ot exist, check by pathinfo
      *
      * @param  string  $filename
+     * @param  string  $basePath
+     *
      * @return boolean
      */
-    public function isFile($filename)
+    public function isFile($filename, $basePath = null)
     {
+        if (!empty($basePath)) {
+            $filename = $this->concatPaths([$basePath, $filename]);
+        }
+
         if (file_exists($filename)) {
             return is_file($filename);
         }

application/Espo/Core/Utils/Metadata.php

@@ -236,17 +236,39 @@ class Metadata
         }
     }
 
-    public function getAllObjects($isJSON = false, $reload = false)
+    protected function getObjData($reload = false)
     {
         if (!isset($this->objData) || $reload) {
             $this->objInit($reload);
         }
 
+        return $this->objData;
+    }
+
+    /**
+    * Get Object Metadata
+    *
+    * @param mixed string|array $key
+    * @param mixed $default
+    *
+    * @return object
+    */
+    public function getObjects($key = null, $default = null)
+    {
+        $objData = $this->getObjData();
+
+        return Util::getValueByKey($objData, $key, $default);
+    }
+
+    public function getAllObjects($isJSON = false, $reload = false)
+    {
+        $objData = $this->getObjData($reload);
+
         if ($isJSON) {
-            return Json::encode($this->objData);
+            return Json::encode($objData);
         }
 
-        return $this->objData;
+        return $objData;
     }
 
     public function getAllForFrontend()
@@ -305,6 +327,47 @@ class Metadata
         return $data;
     }
 
+    /**
+     * Get metadata definition in custom directory
+     *
+     * @param  string|array $key
+     * @param  mixed $default
+     *
+     * @return object|mixed
+     */
+    public function getCustom($key1, $key2, $default = null)
+    {
+        $filePath = array($this->paths['customPath'], $key1, $key2.'.json');
+        $fileContent = $this->getFileManager()->getContents($filePath);
+
+        if ($fileContent) {
+            return Json::decode($fileContent);
+        }
+
+        return $default;
+    }
+
+    /**
+     * Set and save metadata in custom directory. The data is not merging with existing data. Use getCustom() to get existing data.
+     *
+     * @param  string $key1
+     * @param  string $key2
+     * @param  array $data
+     *
+     * @return boolean
+     */
+    public function saveCustom($key1, $key2, $data)
+    {
+        $filePath = array($this->paths['customPath'], $key1, $key2.'.json');
+        $changedData = Json::encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+
+        $result = $this->getFileManager()->putContents($filePath, $changedData);
+
+        $this->init(true);
+
+        return true;
+    }
+
     /**
     * Set Metadata data
     * Ex. $key1 = menu, $key2 = Account then will be created a file metadataFolder/menu/Account.json

application/Espo/Core/defaults/config.php

@@ -32,7 +32,7 @@ return array (
         'driver' => 'pdo_mysql',
         'host' => 'localhost',
         'port' => '',
-        'charset' => 'utf8',
+        'charset' => 'utf8mb4',
         'dbname' => '',
         'user' => '',
         'password' => '',
@@ -70,6 +70,7 @@ return array (
         'da_DK',
         'de_DE',
         'es_ES',
+        'hr_HR',
         'fr_FR',
         'id_ID',
         'it_IT',
@@ -113,6 +114,7 @@ return array (
     'assignmentNotificationsEntityList' => ['Meeting', 'Call', 'Task', 'Email'],
     "portalStreamEmailNotifications" => true,
     'streamEmailNotificationsEntityList' => ['Case'],
+    'streamEmailNotificationsTypeList' => ['Post', 'Status', 'EmailReceived'],
     'emailMessageMaxSize' => 10,
     'notificationsCheckInterval' => 10,
     'disabledCountQueryEntityList' => ['Email'],
@@ -139,7 +141,7 @@ return array (
                     'x' => 2,
                     'y' => 2,
                     'width' => 2,
-                    'height' => 2
+                    'height' => 4
                 ],
                 (object) [
                     'id' => 'default-stream',
@@ -148,14 +150,6 @@ return array (
                     'y' => 0,
                     'width' => 2,
                     'height' => 4
-                ],
-                (object) [
-                    'id' => 'default-tasks',
-                    'name' => 'Tasks',
-                    'x' => 2,
-                    'y' => 0,
-                    'width' => 2,
-                    'height' => 2
                 ]
             ]
         ]
@@ -172,6 +166,8 @@ return array (
     'aclStrictMode' => false,
     'aclAllowDeleteCreated' => false,
     'inlineAttachmentUploadMaxSize' => 20,
+    'textFilterUseContainsForVarchar' => false,
+    'tabColorsDisabled' => false,
     'isInstalled' => false
 );
 

application/Espo/Core/defaults/layouts/kanban.json

@@ -0,0 +1,3 @@
+[
+    {"name":"name", "link": true}
+]

application/Espo/Entities/AuthLogRecord.php

@@ -0,0 +1,35 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Entities;
+
+class AuthLogRecord extends \Espo\Core\ORM\Entity
+{
+
+}

application/Espo/Entities/Email.php

@@ -72,11 +72,20 @@ class Email extends \Espo\Core\ORM\Entity
         }
     }
 
+    protected function _getBodyPlain()
+    {
+        return $this->getBodyPlain();
+    }
+
+    public function hasBodyPlain()
+    {
+        return !empty($this->valuesContainer['bodyPlain']);
+    }
+
     public function getBodyPlain()
     {
-        $bodyPlain = $this->get('bodyPlain');
-        if (!empty($bodyPlain)) {
-            return $bodyPlain;
+        if (!empty($this->valuesContainer['bodyPlain'])) {
+            return $this->valuesContainer['bodyPlain'];
         }
 
         $body = $this->get('body');
@@ -84,6 +93,34 @@ class Email extends \Espo\Core\ORM\Entity
         $breaks = array("<br />","<br>","<br/>","<br />","&lt;br /&gt;","&lt;br/&gt;","&lt;br&gt;");
         $body = str_ireplace($breaks, "\r\n", $body);
         $body = strip_tags($body);
+
+        $reList = [
+            '/&(quot|#34);/i',
+            '/&(amp|#38);/i',
+            '/&(lt|#60);/i',
+            '/&(gt|#62);/i',
+            '/&(nbsp|#160);/i',
+            '/&(iexcl|#161);/i',
+            '/&(cent|#162);/i',
+            '/&(pound|#163);/i',
+            '/&(copy|#169);/i',
+            '/&(reg|#174);/i'
+        ];
+        $replaceList = [
+            '',
+            '&',
+            '<',
+            '>',
+            ' ',
+            chr(161),
+            chr(162),
+            chr(163),
+            chr(169),
+            chr(174)
+        ];
+
+        $body = preg_replace($reList, $replaceList, $body);
+
         return $body;
     }
 

application/Espo/Entities/Note.php

@@ -34,17 +34,14 @@ class Note extends \Espo\Core\ORM\Entity
     public function loadAttachments()
     {
         $data = $this->get('data');
-        if (!empty($data) && !empty($data->attachmentsIds)) {
+        if (!empty($data) && !empty($data->attachmentsIds) && is_array($data->attachmentsIds)) {
             $attachmentsIds = $data->attachmentsIds;
-            $collection = array();
-            foreach ($attachmentsIds as $id) {
-                $attachment = $this->entityManager->getEntity('Attachment', $id);
-                if ($attachment) {
-                    $collection[] = $attachment;
-                }
-            }
+            $collection = $this->entityManager->getRepository('Attachment')->select(['id', 'name', 'type'])->order('createdAt')->where([
+                'id' => $attachmentsIds
+            ])->find();
         } else {
-            $collection = $this->get('attachments');
+            $this->loadLinkMultipleField('attachments');
+            return;
         }
 
         $ids = array();

application/Espo/EntryPoints/Image.php

@@ -197,6 +197,7 @@ class Image extends \Espo\Core\EntryPoints\Base
                 break;
         }
 
+        $targetImage = imagerotate($targetImage, array_values([0, 0, 0, 180, 0, 0, -90, 0, 90])[@exif_read_data($filePath)['Orientation'] ?: 0], 0);
 
         return $targetImage;
     }

application/Espo/Hooks/Common/AssignmentEmailNotification.php

@@ -41,27 +41,49 @@ class AssignmentEmailNotification extends \Espo\Core\Hooks\Base
         if (
             $this->getConfig()->get('assignmentEmailNotifications')
             &&
-            $entity->has('assignedUserId')
+            (
+                $entity->has('assignedUserId')
+                ||
+                $entity->hasLinkMultipleField('assignedUsers') && $entity->has('assignedUsersIds')
+            )
             &&
             in_array($entity->getEntityType(), $this->getConfig()->get('assignmentEmailNotificationsEntityList', []))
         ) {
+            if ($entity->has('assignedUsersIds')) {
+                $userIdList = $entity->getLinkMultipleIdList('assignedUsers');
+                $fetchedAssignedUserIdList = $entity->getFetched('assignedUsersIds');
+                if (!is_array($fetchedAssignedUserIdList)) {
+                    $fetchedAssignedUserIdList = [];
+                }
 
-            $userId = $entity->get('assignedUserId');
-            if (!empty($userId) && $userId != $this->getUser()->id && $entity->isFieldChanged('assignedUserId')) {
-                $job = $this->getEntityManager()->getEntity('Job');
-                $job->set(array(
-                    'serviceName' => 'EmailNotification',
-                    'methodName' => 'notifyAboutAssignmentJob',
-                    'data' => json_encode(array(
-                        'userId' => $userId,
-                        'assignerUserId' => $this->getUser()->id,
-                        'entityId' => $entity->id,
-                        'entityType' => $entity->getEntityType()
-                    )),
-                    'executeTime' => date('Y-m-d H:i:s'),
-                ));
-                $this->getEntityManager()->saveEntity($job);
+                foreach ($userIdList as $userId) {
+                    if (in_array($userId, $fetchedAssignedUserIdList)) continue;
+                    if ($this->getUser()->id === $userId) continue;
+                    $this->createJob($entity, $userId);
+                }
+            } else {
+                $userId = $entity->get('assignedUserId');
+                if (!empty($userId) && $userId != $this->getUser()->id && $entity->isAttributeChanged('assignedUserId')) {
+                    $this->createJob($entity, $userId);
+                }
             }
         }
     }
+
+    protected function createJob(Entity $entity, $userId)
+    {
+        $job = $this->getEntityManager()->getEntity('Job');
+        $job->set(array(
+            'serviceName' => 'EmailNotification',
+            'methodName' => 'notifyAboutAssignmentJob',
+            'data' => json_encode(array(
+                'userId' => $userId,
+                'assignerUserId' => $this->getUser()->id,
+                'entityId' => $entity->id,
+                'entityType' => $entity->getEntityType()
+            )),
+            'executeTime' => date('Y-m-d H:i:s'),
+        ));
+        $this->getEntityManager()->saveEntity($job);
+    }
 }

application/Espo/Hooks/Common/NextNumber.php

@@ -81,8 +81,9 @@ class NextNumber extends \Espo\Core\Hooks\Base
                     'entityType' => $entity->getEntityType()
                 ))->findOne();
                 if (!$nextNumber) {
-                    $this->getEntityManager()->getPdo()->query('UNLOCK TABLES');
-                    continue;
+                    $nextNumber = $this->getEntityManager()->getEntity('NextNumber');
+                    $nextNumber->set('entityType', $entity->getEntityType());
+                    $nextNumber->set('fieldName', $fieldName);
                 }
                 $entity->set($fieldName, $this->composeNumberAttribute($nextNumber));
 

application/Espo/Hooks/Common/Notifications.php

@@ -92,7 +92,7 @@ class Notifications extends \Espo\Core\Hooks\Base
 
         $entityType = $entity->getEntityType();
 
-        if (!$this->checkHasStream($entityType)) {
+        if (!$this->checkHasStream($entityType) || $entity->hasLinkMultipleField('assignedUsers')) {
             if (in_array($entityType, $this->getConfig()->get('assignmentNotificationsEntityList', []))) {
                 $notificator = $this->getNotificator($entityType);
                 $notificator->process($entity);

application/Espo/Hooks/Common/Stream.php

@@ -183,12 +183,23 @@ class Stream extends \Espo\Core\Hooks\Base
         $entityType = $entity->getEntityType();
 
         if ($this->checkHasStream($entity)) {
+
+            $hasAssignedUsersField = false;
+            if ($entity->hasLinkMultipleField('assignedUsers')) {
+                $hasAssignedUsersField = true;
+            }
+
             if ($entity->isNew()) {
                 $userIdList = [];
 
                 $assignedUserId = $entity->get('assignedUserId');
                 $createdById = $entity->get('createdById');
 
+                $assignedUserIdList = [];
+                if ($hasAssignedUsersField) {
+                    $assignedUserIdList = $entity->getLinkMultipleIdList('assignedUsers');
+                }
+
                 if (
                     !$this->getUser()->isSystem()
                     &&
@@ -210,6 +221,15 @@ class Stream extends \Espo\Core\Hooks\Base
                 ) {
                     $userIdList[] = $createdById;
                 }
+
+                if ($hasAssignedUsersField) {
+                    foreach ($assignedUserIdList as $userId) {
+                        if (!empty($userId) && !in_array($userId, $userIdList)) {
+                            $userIdList[] = $userId;
+                        }
+                    }
+                }
+
                 if (!empty($assignedUserId) && !in_array($assignedUserId, $userIdList)) {
                     $userIdList[] = $assignedUserId;
                 }
@@ -249,7 +269,7 @@ class Stream extends \Espo\Core\Hooks\Base
                 }
             } else {
                 if (empty($options['noStream']) && empty($options['silent'])) {
-                    if ($entity->isFieldChanged('assignedUserId')) {
+                    if ($entity->isAttributeChanged('assignedUserId')) {
                         $assignedUserId = $entity->get('assignedUserId');
                         if (!empty($assignedUserId)) {
                             $this->getStreamService()->followEntity($entity, $assignedUserId);
@@ -273,6 +293,27 @@ class Stream extends \Espo\Core\Hooks\Base
                             $this->getStreamService()->noteStatus($entity, $field);
                         }
                     }
+
+                    $assignedUserIdList = [];
+                    if ($hasAssignedUsersField) {
+                        $assignedUserIdList = $entity->getLinkMultipleIdList('assignedUsers');
+                    }
+
+                    if ($hasAssignedUsersField) {
+                        $fetchedAssignedUserIdList = $entity->getFetched('assignedUsersIds');
+                        if (!is_array($fetchedAssignedUserIdList)) {
+                            $fetchedAssignedUserIdList = [];
+                        }
+                        foreach ($assignedUserIdList as $userId) {
+                            if (in_array($userId, $fetchedAssignedUserIdList)) {
+                                continue;
+                            }
+                            $this->getStreamService()->followEntity($entity, $userId);
+                            if ($this->getUser()->id === $userId) {
+                                $entity->set('isFollowed', true);
+                            }
+                        }
+                    }
                 }
 
                 $methodName = 'isChangedWithAclAffect';

application/Espo/Jobs/Cleanup.php

@@ -39,6 +39,8 @@ class Cleanup extends \Espo\Core\Jobs\Base
 
     protected $cleanupAuthTokenPeriod = '1 month';
 
+    protected $cleanupAuthLogPeriod = '2 months';
+
     protected $cleanupNotificationsPeriod = '2 months';
 
     protected $cleanupRemovedNotesPeriod = '2 months';
@@ -61,14 +63,27 @@ class Cleanup extends \Espo\Core\Jobs\Base
         $this->cleanupNotifications();
         $this->cleanupActionHistory();
         $this->cleanupAuthToken();
+        $this->cleanupAuthLog();
         $this->cleanupUpgradeBackups();
+        $this->cleanupUniqueIds();
     }
 
     protected function cleanupJobs()
     {
-        $query = "DELETE FROM `job` WHERE DATE(modified_at) < '".$this->getCleanupJobFromDate()."' AND status <> 'Pending'";
-
         $pdo = $this->getEntityManager()->getPDO();
+
+        $query = "DELETE FROM `job` WHERE DATE(modified_at) < ".$pdo->quote($this->getCleanupJobFromDate())." AND status <> 'Pending'";
+
+        $sth = $pdo->prepare($query);
+        $sth->execute();
+    }
+
+    protected function cleanupUniqueIds()
+    {
+        $pdo = $this->getEntityManager()->getPDO();
+
+        $query = "DELETE FROM `unique_id` WHERE terminate_at IS NOT NULL AND terminate_at < ".$pdo->quote(date('Y-m-d H:i:s'))."";
+
         $sth = $pdo->prepare($query);
         $sth->execute();
     }
@@ -83,29 +98,35 @@ class Cleanup extends \Espo\Core\Jobs\Base
         while ($row = $sth->fetch(\PDO::FETCH_ASSOC)) {
             $id = $row['id'];
 
-            $lastRowsSql = "SELECT id FROM scheduled_job_log_record WHERE scheduled_job_id = '".$id."' ORDER BY created_at DESC LIMIT 0,10";
+            $lastRowsSql = "SELECT id FROM scheduled_job_log_record WHERE scheduled_job_id = ".$pdo->quote($id)." ORDER BY created_at DESC LIMIT 0,10";
             $lastRowsSth = $pdo->prepare($lastRowsSql);
             $lastRowsSth->execute();
             $lastRowIds = $lastRowsSth->fetchAll(\PDO::FETCH_COLUMN, 0);
 
-            $delSql = "DELETE FROM `scheduled_job_log_record`
-                    WHERE scheduled_job_id = '".$id."'
-                    AND DATE(created_at) < '".$this->getCleanupJobFromDate()."'
-                    AND id NOT IN ('".implode("', '", $lastRowIds)."')
-                ";
-            $pdo->query($delSql);
+            if (count($lastRowIds)) {
+                foreach ($lastRowIds as $i => $v) {
+                    $lastRowIds[$i] = $pdo->quote($v);
+                }
+                $delSql = "DELETE FROM `scheduled_job_log_record`
+                        WHERE scheduled_job_id = ".$pdo->quote($id)."
+                        AND DATE(created_at) < ".$pdo->quote($this->getCleanupJobFromDate())."
+                        AND id NOT IN (".implode(',', $lastRowIds).")
+                    ";
+                $pdo->query($delSql);
+            }
         }
     }
 
     protected function cleanupActionHistory()
     {
+        $pdo = $this->getEntityManager()->getPDO();
+
         $period = '-' . $this->getConfig()->get('cleanupActionHistoryPeriod', $this->cleanupActionHistoryPeriod);
         $datetime = new \DateTime();
         $datetime->modify($period);
 
-        $query = "DELETE FROM `action_history_record` WHERE DATE(created_at) < '" . $datetime->format('Y-m-d') . "'";
+        $query = "DELETE FROM `action_history_record` WHERE DATE(created_at) < " . $pdo->quote($datetime->format('Y-m-d')) . "";
 
-        $pdo = $this->getEntityManager()->getPDO();
         $sth = $pdo->prepare($query);
         $sth->execute();
     }
@@ -116,7 +137,7 @@ class Cleanup extends \Espo\Core\Jobs\Base
         $datetime = new \DateTime();
         $datetime->modify($period);
 
-        $query = "DELETE FROM `reminder` WHERE DATE(remind_at) < '" . $datetime->format('Y-m-d') . "'";
+        $query = "DELETE FROM `reminder` WHERE DATE(remind_at) < " . $pdo->quote($datetime->format('Y-m-d')) . "";
 
         $pdo = $this->getEntityManager()->getPDO();
         $sth = $pdo->prepare($query);
@@ -125,13 +146,28 @@ class Cleanup extends \Espo\Core\Jobs\Base
 
     protected function cleanupAuthToken()
     {
+        $pdo = $this->getEntityManager()->getPDO();
+
         $period = '-' . $this->getConfig()->get('cleanupAuthTokenPeriod', $this->cleanupAuthTokenPeriod);
         $datetime = new \DateTime();
         $datetime->modify($period);
 
-        $query = "DELETE FROM `auth_token` WHERE DATE(modified_at) < '" . $datetime->format('Y-m-d') . "' AND is_active = 0";
+        $query = "DELETE FROM `auth_token` WHERE DATE(modified_at) < " . $pdo->quote($datetime->format('Y-m-d')) . " AND is_active = 0";
 
+        $sth = $pdo->prepare($query);
+        $sth->execute();
+    }
+
+    protected function cleanupAuthLog()
+    {
         $pdo = $this->getEntityManager()->getPDO();
+
+        $period = '-' . $this->getConfig()->get('cleanupAuthLogPeriod', $this->cleanupAuthLogPeriod);
+        $datetime = new \DateTime();
+        $datetime->modify($period);
+
+        $query = "DELETE FROM `auth_log_record` WHERE DATE(created_at) < " . $pdo->quote($datetime->format('Y-m-d')) . "";
+
         $sth = $pdo->prepare($query);
         $sth->execute();
     }
@@ -334,4 +370,3 @@ class Cleanup extends \Espo\Core\Jobs\Base
         }
     }
 }
-

application/Espo/Modules/Crm/Business/Event/Ics.php

@@ -31,29 +31,29 @@ namespace Espo\Modules\Crm\Business\Event;
 
 class Ics
 {
-    private $_d_end;
+    private $dEnd;
 
-    private $_d_start;
+    private $dStart;
 
-    private $_s_address;
+    private $sAddress;
 
-    private $_s_description;
+    private $sDescription;
 
-    private $_s_html;
+    private $sHtml;
 
-    private $_s_who;
+    private $sWho;
 
-    private $_s_email;
+    private $sEmail;
 
-    private $_s_uri;
+    private $sUri;
 
-    private $_s_uid;
+    private $sUid;
 
-    private $_s_summary;
+    private $sSummary;
 
-    private $_s_output;
+    private $sOutput;
 
-    private $_s_prodid;
+    private $sProdid;
 
     public function __construct($prodid, array $attributes = array())
     {
@@ -61,7 +61,7 @@ class Ics
             throw new \Exception('PRODID is required');
         }
 
-        $this->_s_prodid = $prodid;
+        $this->sProdid = $prodid;
 
         foreach ($attributes as $key => $value) {
             $this->$key = $value;
@@ -72,43 +72,43 @@ class Ics
     {
         switch ($name) {
             case 'startDate':
-                $this->_d_start = $value;
+                $this->dStart = $value;
                 break;
 
             case 'endDate':
-                $this->_d_end = $value;
+                $this->dEnd = $value;
                 break;
 
             case 'address':
-                $this->_s_address = $value;
+                $this->sAddress = $value;
                 break;
 
             case 'summary':
-                $this->_s_summary = $value;
+                $this->sSummary = $value;
                 break;
 
             case 'who':
-                $this->_s_who = $value;
+                $this->sWho = $value;
                 break;
 
             case 'email':
-                $this->_s_email = $value;
+                $this->sEmail = $value;
                 break;
 
             case 'uri':
-                $this->_s_uri = $value;
+                $this->sUri = $value;
                 break;
 
             case 'uid':
-                $this->_s_uid = $value;
+                $this->sUid = $value;
                 break;
 
             case 'description':
-                $this->_s_description = $value;
+                $this->sDescription = $value;
                 break;
 
             case 'html':
-                $this->_s_html = $value;
+                $this->sHtml = $value;
                 break;
         }
 
@@ -119,82 +119,86 @@ class Ics
         switch ($name)
         {
             case 'startDate':
-                return $this->_d_start;
+                return $this->dStart;
                 break;
 
             case 'endDate':
-                return $this->_d_end;
+                return $this->dEnd;
                 break;
 
             case 'address':
-                return $this->_s_address;
+                return $this->sAddress;
                 break;
 
             case 'summary':
-                return $this->_s_summary;
+                return $this->sSummary;
                 break;
 
             case 'uri':
-                return $this->_s_uri;
+                return $this->sUri;
                 break;
 
             case 'who':
-                return $this->_s_who;
+                return $this->sWho;
                 break;
 
             case 'email':
-                return $this->_s_email;
+                return $this->sEmail;
                 break;
 
             case 'uid':
-                return $this->_s_uid;
+                return $this->sUid;
                 break;
 
             case 'description':
-                return $this->_s_description;
+                return $this->sDescription;
                 break;
 
             case 'html':
-                return $this->_s_html;
+                return $this->sHtml;
                 break;
         }
     }
 
     public function get()
     {
-        ($this->_s_output) ? $this->_s_output : $this->_generate();
+        ($this->sOutput) ? $this->sOutput : $this->generate();
 
-        return $this->_s_output;
+        return $this->sOutput;
     }
 
-    private function _generate()
+    private function generate()
     {
-        $this->_s_output = "BEGIN:VCALENDAR\n".
+        $this->sOutput = "BEGIN:VCALENDAR\n".
              "VERSION:2.0\n".
-             "PRODID:-".$this->_s_prodid."\n".
+             "PRODID:-".$this->sProdid."\n".
              "METHOD:REQUEST\n".
              "BEGIN:VEVENT\n".
-             "DTSTART:".$this->_dateToCal($this->startDate)."\n".
-             "DTEND:".$this->_dateToCal($this->endDate)."\n".
-             "SUMMARY:New ".$this->_escapeString($this->summary)."\n".
-             "LOCATION:".$this->_escapeString($this->address)."\n".
-             "ORGANIZER;CN=".$this->_escapeString($this->who).":MAILTO:" . $this->_escapeString($this->email)."\n".
-             "DESCRIPTION:".$this->_escapeString($this->description)."\n".
+             "DTSTART:".$this->dateToCal($this->startDate)."\n".
+             "DTEND:".$this->dateToCal($this->endDate)."\n".
+             "SUMMARY:New ".$this->escapeString($this->summary)."\n".
+             "LOCATION:".$this->escapeString($this->address)."\n".
+             "ORGANIZER;CN=".$this->escapeString($this->who).":MAILTO:" . $this->escapeString($this->email)."\n".
+             "DESCRIPTION:".$this->escapeString($this->formatMultiline($this->description))."\n".
              "UID:".$this->uid."\n".
              "SEQUENCE:0\n".
-             "DTSTAMP:".$this->_dateToCal(time())."\n".
+             "DTSTAMP:".$this->dateToCal(time())."\n".
              "END:VEVENT\n".
              "END:VCALENDAR";
     }
 
-    private function _dateToCal($timestamp)
+    private function dateToCal($timestamp)
     {
         return date('Ymd\THis\Z', ($timestamp) ? $timestamp : time());
     }
 
-    private function _escapeString($string)
+    private function escapeString($string)
     {
         return preg_replace('/([\,;])/','\\\$1', ($string) ? $string : '');
     }
-}
 
+    private function formatMultiline($string)
+    {
+        return str_replace(["\r\n", "\n"], "\\n", $string);
+    }
+}

application/Espo/Modules/Crm/Business/Event/Invitations.php

@@ -97,6 +97,21 @@ class Invitations
             'inviteeType' => $invitee->getEntityType(),
             'link' => $link
         ));
+
+        if ($entity->get('dateEnd')) {
+            $terminateAt = $entity->get('dateEnd');
+        } else {
+            $dt = new \DateTime();
+            $dt->modify('+1 month');
+            $terminateAt = $dt->format('Y-m-d H:i:s');
+        }
+
+        $uid->set([
+            'targetId' => $entity->id,
+            'targetType' => $entity->getEntityType(),
+            'terminateAt' => $terminateAt
+        ]);
+
         $this->getEntityManager()->saveEntity($uid);
 
         $emailAddress = $invitee->get('emailAddress');

application/Espo/Modules/Crm/Controllers/Activities.php

@@ -65,13 +65,23 @@ class Activities extends \Espo\Core\Controllers\Base
 
         $userId = $request->get('userId');
         $userIdList = $request->get('userIdList');
+        $teamIdList = $request->get('teamIdList');
+
+        if ($teamIdList) {
+            $teamIdList = explode(',', $teamIdList);
+            return $userResultList = $service->getEventsForTeams($teamIdList, $from, $to, $scopeList);
+        }
 
         if ($userIdList) {
             $userIdList = explode(',', $userIdList);
 
             $resultList = [];
             foreach ($userIdList as $userId) {
-                $userResultList = $service->getEvents($userId, $from, $to, $scopeList);
+                try {
+                    $userResultList = $service->getEvents($userId, $from, $to, $scopeList);
+                } catch (\Exception $e) {
+                    continue;
+                }
                 foreach ($userResultList as $item) {
                     $item['userId'] = $userId;
                     $resultList[] = $item;
@@ -101,6 +111,8 @@ class Activities extends \Espo\Core\Controllers\Base
 
         $entityTypeList = $request->get('entityTypeList');
 
+        $futureDays = intval($request->get('futureDays'));
+
         if (empty($maxSize)) {
             $maxSize = $this->maxSizeLimit;
         }
@@ -111,7 +123,7 @@ class Activities extends \Espo\Core\Controllers\Base
         return $service->getUpcomingActivities($userId, array(
             'offset' => $offset,
             'maxSize' => $maxSize
-        ), $entityTypeList);
+        ), $entityTypeList, $futureDays);
     }
 
     public function actionPopupNotifications()

application/Espo/Modules/Crm/Controllers/Opportunity.php

@@ -31,13 +31,14 @@ namespace Espo\Modules\Crm\Controllers;
 
 use \Espo\Core\Exceptions\Error;
 use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
 
 class Opportunity extends \Espo\Core\Controllers\Record
 {
     public function actionReportByLeadSource($params, $data, $request)
     {
         $level = $this->getAcl()->getLevel('Opportunity', 'read');
-        if (!$level || $level == 'own' || $level == 'no') {
+        if (!$level || $level == 'no') {
             throw new Forbidden();
         }
 
@@ -51,7 +52,7 @@ class Opportunity extends \Espo\Core\Controllers\Record
     public function actionReportByStage($params, $data, $request)
     {
         $level = $this->getAcl()->getLevel('Opportunity', 'read');
-        if (!$level || $level == 'own' || $level == 'no') {
+        if (!$level || $level == 'no') {
             throw new Forbidden();
         }
 
@@ -65,7 +66,7 @@ class Opportunity extends \Espo\Core\Controllers\Record
     public function actionReportSalesByMonth($params, $data, $request)
     {
         $level = $this->getAcl()->getLevel('Opportunity', 'read');
-        if (!$level || $level == 'own' || $level == 'no') {
+        if (!$level || $level == 'no') {
             throw new Forbidden();
         }
 
@@ -79,7 +80,7 @@ class Opportunity extends \Espo\Core\Controllers\Record
     public function actionReportSalesPipeline($params, $data, $request)
     {
         $level = $this->getAcl()->getLevel('Opportunity', 'read');
-        if (!$level || $level == 'own' || $level == 'no') {
+        if (!$level || $level == 'no') {
             throw new Forbidden();
         }
 
@@ -89,5 +90,26 @@ class Opportunity extends \Espo\Core\Controllers\Record
 
         return $this->getService('Opportunity')->reportSalesPipeline($dateFilter, $dateFrom, $dateTo);
     }
-}
 
+    public function postActionMassConvertCurrency($params, $data, $request)
+    {
+        if (empty($data->field)) throw new BadRequest();
+        if (!$this->getAcl()->checkScope($this->name, 'edit')) throw new Forbidden();
+
+        $params = array();
+        if (property_exists($data, 'where') && !empty($data->byWhere)) {
+            $params['where'] = json_decode(json_encode($data->where), true);
+            if (property_exists($data, 'selectData')) {
+                $params['selectData'] = json_decode(json_encode($data->selectData), true);
+            }
+        } else if (property_exists($data, 'ids')) {
+            $params['ids'] = $data->ids;
+        }
+
+        if (empty($data->currencyRates)) throw new BadRequest();
+        if (empty($data->targetCurrency)) throw new BadRequest();
+        if (empty($data->baseCurrency)) throw new BadRequest();
+
+        return $this->getRecordService()->massConvertCurrency($data->field, $data->targetCurrency, $params, $data->baseCurrency, $data->currencyRates);
+    }
+}

application/Espo/Modules/Crm/EntryPoints/EventConfirmation.php

@@ -56,7 +56,6 @@ class EventConfirmation extends \Espo\Core\EntryPoints\Base
 
         if (!$uniqueId) {
             throw new NotFound();
-            return;
         }
 
         $data = $uniqueId->get('data');
@@ -70,36 +69,55 @@ class EventConfirmation extends \Espo\Core\EntryPoints\Base
         if (!empty($eventType) && !empty($eventId) && !empty($inviteeType) && !empty($inviteeId) && !empty($link)) {
             $event = $this->getEntityManager()->getEntity($eventType, $eventId);
             $invitee = $this->getEntityManager()->getEntity($inviteeType, $inviteeId);
-            if ($event && $invitee) {
-                $relDefs = $event->getRelations();
-                $tableName = Util::toUnderscore($relDefs[$link]['relationName']);
 
-                $status = 'None';
-                if ($action == 'accept') {
-                    $status = 'Accepted';
-                } else if ($action == 'decline') {
-                    $status = 'Declined';
-                } else if ($action == 'tentative') {
-                    $status = 'Tentative';
-                }
-
-                $pdo = $this->getEntityManager()->getPDO();
-                $sql = "
-                    UPDATE `{$tableName}` SET status = '{$status}'
-                    WHERE ".strtolower($eventType)."_id = '{$eventId}' AND ".strtolower($inviteeType)."_id = '{$inviteeId}'
-                ";
-
-                $sth = $pdo->prepare($sql);
-                $sth->execute();
-
-                $this->getEntityManager()->getRepository('UniqueId')->remove($uniqueId);
-
-                echo $status;
-                return;
+            if (!$event || !$invitee) {
+                throw new NotFound();
             }
+
+            if ($event->get('status') === 'Held' || $event->get('status') === 'Not Held') {
+                throw new NotFound();
+            }
+
+            $status = 'None';
+            $hookMethodName = 'afterConfirmation';
+            if ($action == 'accept') {
+                $status = 'Accepted';
+            } else if ($action == 'decline') {
+                $status = 'Declined';
+            } else if ($action == 'tentative') {
+                $status = 'Tentative';
+            }
+
+            $data = (object) [
+                'status' => $status
+            ];
+            $this->getEntityManager()->getRepository($eventType)->updateRelation($event, $link, $invitee->id, $data);
+
+            $actionData = [
+                'eventName' => $event->get('name'),
+                'eventType' => $event->getEntityType(),
+                'eventId' => $event->id,
+                'dateStart' => $event->get('dateStart'),
+                'action' => $action,
+                'status' => $status,
+                'link' => $link,
+                'inviteeType' => $invitee->getEntityType(),
+                'inviteeId' => $invitee->id
+            ];
+
+            $this->getEntityManager()->getHookManager()->process($event->getEntityType(), $hookMethodName, $event, [], $actionData);
+
+            $runScript = "
+                Espo.require('crm:controllers/event-confirmation', function (Controller) {
+                    var controller = new Controller(app.baseController.params, app.getControllerInjection());
+                    controller.masterView = app.masterView;
+                    controller.doAction('confirmEvent', ".json_encode($actionData).");
+                });
+            ";
+
+            $this->getClientManager()->display($runScript);
         }
 
         throw new Error();
     }
 }
-

application/Espo/Modules/Crm/EntryPoints/SubscribeAgain.php

@@ -113,9 +113,19 @@ class SubscribeAgain extends \Espo\Core\EntryPoints\Base
                                 $this->getHookManager()->process('TargetList', 'afterCancelOptOut', $targetList, [], $hookData);
                             }
                         }
-                        echo $this->getLanguage()->translate('subscribedAgain', 'messages', 'Campaign');
-                        echo '<br><br>';
-                        echo '<a href="?entryPoint=unsubscribe&id='.$queueItemId.'">' . $this->getLanguage()->translate('Unsubscribe again', 'labels', 'Campaign') . '</a>';
+
+                        $data = [
+                            'queueItemId' => $queueItemId
+                        ];
+
+                        $runScript = "
+                            Espo.require('crm:controllers/unsubscribe', function (Controller) {
+                                var controller = new Controller(app.baseController.params, app.getControllerInjection());
+                                controller.masterView = app.masterView;
+                                controller.doAction('subscribeAgain', ".json_encode($data).");
+                            });
+                        ";
+                        $this->getClientManager()->display($runScript);
                     }
                 }
             }

application/Espo/Modules/Crm/EntryPoints/Unsubscribe.php

@@ -113,9 +113,19 @@ class Unsubscribe extends \Espo\Core\EntryPoints\Base
                                 $this->getHookManager()->process('TargetList', 'afterOptOut', $targetList, [], $hookData);
                             }
                         }
-                        echo $this->getLanguage()->translate('unsubscribed', 'messages', 'Campaign');
-                        echo '<br><br>';
-                        echo '<a href="?entryPoint=subscribeAgain&id='.$queueItemId.'">' . $this->getLanguage()->translate('Subscribe again', 'labels', 'Campaign') . '</a>';
+
+                        $data = [
+                            'queueItemId' => $queueItemId
+                        ];
+
+                        $runScript = "
+                            Espo.require('crm:controllers/unsubscribe', function (Controller) {
+                                var controller = new Controller(app.baseController.params, app.getControllerInjection());
+                                controller.masterView = app.masterView;
+                                controller.doAction('unsubscribe', ".json_encode($data).");
+                            });
+                        ";
+                        $this->getClientManager()->display($runScript);
                     }
                 }
             }