v

$selectParams in the line https://github.com/espocrm/espocrm/blob/master/application/Espo/Modules/Crm/Services/Activities.php#L1057 was not defined so I moved it to be after initialized
$selectManager->addLeftJoin(['assignedUsers', 'assignedUsers'], $selectParams); seems not needed as it is added in the line 1095

CONTRIBUTING.md

@@ -6,4 +6,4 @@ Before we can merge your pull request you need to accept our CLA [here](https://
 
 ## Issues
 
-We don't provide developer help or any kind of support on github. Please use our [forum](http://forum.espocrm.com/) for this.
+We don't provide developer help or any kind of support on github. Please use our [forum](https://forum.espocrm.com) for this.

Gruntfile.js

@@ -28,6 +28,7 @@ module.exports = function (grunt) {
         'client/lib/handlebars.js',
         'client/lib/base64.js',
         'client/lib/jquery-ui.min.js',
+        'client/lib/jquery.ui.touch-punch.min.js',
         'client/lib/moment.min.js',
         'client/lib/moment-timezone-with-data.min.js',
         'client/lib/jquery.timepicker.min.js',
@@ -118,6 +119,9 @@ module.exports = function (grunt) {
         clean: {
             start: ['build/*'],
             final: ['build/tmp'],
+            beforeFinal: {
+                src: ['build/tmp/custom/Espo/Custom/*', '!build/tmp/custom/Espo/Custom/.htaccess']
+            }
         },
         less: lessData,
         uglify: {
@@ -167,6 +171,7 @@ module.exports = function (grunt) {
                     'html/**',
                     'bootstrap.php',
                     'cron.php',
+                    'daemon.php',
                     'rebuild.php',
                     'clear_cache.php',
                     'upgrade.php',
@@ -290,9 +295,10 @@ module.exports = function (grunt) {
         'copy:frontendLib',
         'copy:backend',
         'replace',
+        'clean:beforeFinal',
         'copy:final',
         'chmod',
-        'clean:final',
+        'clean:final'
     ]);
 
 };

README.md

@@ -9,7 +9,7 @@ Download the latest release from our [website](http://www.espocrm.com).
 ### Requirements
 
 * PHP 5.6 or above (with pdo, json, gd, openssl, zip, imap, mbstring, curl extensions);
-* MySQL 5.5.3 or above.
+* MySQL 5.5.3 or above, or MariaDB.
 
 For more information about server configuration see [this article](https://www.espocrm.com/documentation/administration/server-configuration/).
 
@@ -17,10 +17,14 @@ For more information about server configuration see [this article](https://www.e
 
 Documentation for administrators, users and developers is available [here](https://www.espocrm.com/documentation/).
 
-### How to report bug
+### How to report a bug
 
 Create an issue [here](https://github.com/espocrm/espocrm/issues) or post on our [forum](http://forum.espocrm.com/forum/bug-reports).
 
+### How to install a stable version
+
+[Download](https://www.espocrm.com/download/) the latest version. See the [instructions](https://www.espocrm.com/documentation/administration/installation/) about installation.
+
 ### How to get started (for developers)
 
 1. Clone repository to your local computer.
@@ -34,7 +38,7 @@ Now you can build. Build will create compiled css files.
 
 To compose a proper config.php and populate database you can run install by opening `http(s)://{YOUR_CRM_URL}/install` location in a browser. Then open `data/config.php` file and add `isDeveloperMode => true`.
 
-### How to build
+### How to build (for developers)
 
 You need to have nodejs and Grunt CLI installed.
 
@@ -48,6 +52,12 @@ The build will be created in the `build` directory.
 
 Before we can merge your pull request you need to accept our CLA [here](https://github.com/espocrm/cla). It's very simple to do.
 
+Branches:
+
+* hotfix/* – an upcoming maintenance release; fixes should be pushed to this branch;
+* master – an upcoming minor or major release; new features should be pushed to this branch;
+* stable – a last stable release.
+
 ### How to make a translation
 
 Build po file with command:

application/Espo/Acl/Email.php

@@ -34,6 +34,7 @@ use \Espo\ORM\Entity;
 
 class Email extends \Espo\Core\Acl\Base
 {
+    protected $ownerUserIdAttribute = 'usersIds';
 
     public function checkEntityRead(EntityUser $user, Entity $entity, $data)
     {
@@ -118,4 +119,3 @@ class Email extends \Espo\Core\Acl\Base
         return false;
     }
 }
-

application/Espo/Acl/EmailAddress.php

@@ -0,0 +1,65 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class EmailAddress extends \Espo\Core\Acl\Base
+{
+    public function checkEditInEntity(EntityUser $user, Entity $entity, Entity $excludeEntity)
+    {
+        $id = $entity->id;
+
+        $isFobidden = false;
+
+        $repository = $this->getEntityManager()->getRepository('EmailAddress');
+
+        if (!$user->isAdmin()) {
+            $entityWithSameAddressList = $repository->getEntityListByAddressId($id, $excludeEntity);
+            foreach ($entityWithSameAddressList as $e) {
+                if (!$this->getAclManager()->check($user, $e, 'edit')) {
+                    $isFobidden = true;
+                    if (
+                        $e->getEntityType() === 'User' &&
+                        $e->isPortal() &&
+                        $excludeEntity->getEntityType() === 'Contact' &&
+                        $e->get('contactId') === $excludeEntity->id
+                    ) {
+                        $isFobidden = false;
+                    }
+                    if ($isFobidden) break;
+                }
+            }
+        }
+        return !$isFobidden;
+    }
+}
+

application/Espo/Acl/Import.php

@@ -0,0 +1,53 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Import extends \Espo\Core\Acl\Base
+{
+
+    public function checkEntityRead(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if ($user->id === $entity->get('createdById')) return true;
+
+        return false;
+    }
+
+    public function checkEntityDelete(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if ($user->id === $entity->get('createdById')) return true;
+
+        return false;
+    }
+}

application/Espo/Acl/Note.php

@@ -34,6 +34,10 @@ use \Espo\ORM\Entity;
 
 class Note extends \Espo\Core\Acl\Base
 {
+    protected $deleteThresholdPeriod = '1 month';
+
+    protected $editThresholdPeriod = '7 days';
+
     public function checkIsOwner(EntityUser $user, Entity $entity)
     {
         if ($entity->get('type') === 'Post' && $user->id === $entity->get('createdById')) {
@@ -41,5 +45,60 @@ class Note extends \Espo\Core\Acl\Base
         }
         return false;
     }
-}
 
+    public function checkEntityEdit(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        if ($this->checkEntity($user, $entity, $data, 'edit')) {
+            if ($this->checkIsOwner($user, $entity)) {
+                $createdAt = $entity->get('createdAt');
+                if ($createdAt) {
+                    $noteEditThresholdPeriod = '-' . $this->getConfig()->get('noteEditThresholdPeriod', $this->editThresholdPeriod);
+                    $dt = new \DateTime();
+                    $dt->modify($noteEditThresholdPeriod);
+                    try {
+                        if ($dt->format('U') > (new \DateTime($createdAt))->format('U')) {
+                            return false;
+                        }
+                    } catch (\Exception $e) {
+                        return false;
+                    }
+                }
+            }
+            return true;
+        }
+
+        return false;
+    }
+
+    public function checkEntityDelete(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) {
+            return true;
+        }
+
+        if ($this->checkEntity($user, $entity, $data, 'delete')) {
+            if ($this->checkIsOwner($user, $entity)) {
+                $createdAt = $entity->get('createdAt');
+                if ($createdAt) {
+                    $deleteThresholdPeriod = '-' . $this->getConfig()->get('noteDeleteThresholdPeriod', $this->deleteThresholdPeriod);
+                    $dt = new \DateTime();
+                    $dt->modify($deleteThresholdPeriod);
+                    try {
+                        if ($dt->format('U') > (new \DateTime($createdAt))->format('U')) {
+                            return false;
+                        }
+                    } catch (\Exception $e) {
+                        return false;
+                    }
+                }
+            }
+            return true;
+        }
+
+        return false;
+    }
+}

application/Espo/Acl/PhoneNumber.php

@@ -0,0 +1,65 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class PhoneNumber extends \Espo\Core\Acl\Base
+{
+    public function checkEditInEntity(EntityUser $user, Entity $entity, Entity $excludeEntity)
+    {
+        $id = $entity->id;
+
+        $isFobidden = false;
+
+        $repository = $this->getEntityManager()->getRepository('PhoneNumber');
+
+        if (!$user->isAdmin()) {
+            $entityWithSameNumberList = $repository->getEntityListByPhoneNumberId($id, $excludeEntity);
+            foreach ($entityWithSameNumberList as $e) {
+                if (!$this->getAclManager()->check($user, $e, 'edit')) {
+                    $isFobidden = true;
+                    if (
+                        $e->getEntityType() === 'User' &&
+                        $e->isPortal() &&
+                        $excludeEntity->getEntityType() === 'Contact' &&
+                        $e->get('contactId') === $excludeEntity->id
+                    ) {
+                        $isFobidden = false;
+                    }
+                    if ($isFobidden) break;
+                }
+            }
+        }
+
+        return !$isFobidden;
+    }
+}

application/Espo/Acl/User.php

@@ -44,6 +44,9 @@ class User extends \Espo\Core\Acl\Base
         if (!$user->isAdmin()) {
             return false;
         }
+        if ($entity->isSuperAdmin() && !$user->isSuperAdmin()) {
+            return false;
+        }
         return $this->checkEntity($user, $entity, $data, 'create');
     }
 
@@ -55,6 +58,12 @@ class User extends \Espo\Core\Acl\Base
         if (!$user->isAdmin()) {
             return false;
         }
+        if ($entity->isSystem()) {
+            return false;
+        }
+        if ($entity->isSuperAdmin() && !$user->isSuperAdmin()) {
+            return false;
+        }
         return parent::checkEntityDelete($user, $entity, $data);
     }
 
@@ -63,11 +72,17 @@ class User extends \Espo\Core\Acl\Base
         if ($entity->id === 'system') {
             return false;
         }
+        if ($entity->isSystem()) {
+            return false;
+        }
         if (!$user->isAdmin()) {
             if ($user->id !== $entity->id) {
                 return false;
             }
         }
+        if ($entity->isSuperAdmin() && !$user->isSuperAdmin()) {
+            return false;
+        }
         return $this->checkEntity($user, $entity, $data, 'edit');
     }
 }

application/Espo/AclPortal/Email.php

@@ -34,6 +34,7 @@ use \Espo\ORM\Entity;
 
 class Email extends \Espo\Core\AclPortal\Base
 {
+    protected $ownerUserIdAttribute = 'usersIds';
 
     public function checkEntityRead(EntityUser $user, Entity $entity, $data)
     {

application/Espo/AclPortal/EmailAddress.php

@@ -0,0 +1,56 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class EmailAddress extends \Espo\Core\AclPortal\Base
+{
+    public function checkEditInEntity(EntityUser $user, Entity $entity, Entity $excludeEntity)
+    {
+        $id = $entity->id;
+
+        $isFobidden = false;
+
+        $repository = $this->getEntityManager()->getRepository('EmailAddress');
+
+        if (!$user->isAdmin()) {
+            $entityWithSameAddressList = $repository->getEntityListByAddressId($id, $excludeEntity);
+            foreach ($entityWithSameAddressList as $e) {
+                if (!$this->getAclManager()->check($user, $e, 'edit')) {
+                    $isFobidden = true;
+                    break;
+                }
+            }
+        }
+        return !$isFobidden;
+    }
+}

application/Espo/AclPortal/PhoneNumber.php

@@ -0,0 +1,57 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\AclPortal;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class PhoneNumber extends \Espo\Core\AclPortal\Base
+{
+    public function checkEditInEntity(EntityUser $user, Entity $entity, Entity $excludeEntity)
+    {
+        $id = $entity->id;
+
+        $isFobidden = false;
+
+        $repository = $this->getEntityManager()->getRepository('PhoneNumber');
+
+        if (!$user->isAdmin()) {
+            $entityWithSameNumberList = $repository->getEntityListByPhoneNumberId($id, $excludeEntity);
+            foreach ($entityWithSameNumberList as $e) {
+                if (!$this->getAclManager()->check($user, $e, 'edit')) {
+                    $isFobidden = true;
+                    break;
+                }
+            }
+        }
+
+        return !$isFobidden;
+    }
+}

application/Espo/Controllers/Admin.php

@@ -69,7 +69,7 @@ class Admin extends \Espo\Core\Controllers\Base
     public function postActionUploadUpgradePackage($params, $data)
     {
         if ($this->getConfig()->get('restrictedMode')) {
-            if (!$this->getUser()->get('isSuperAdmin')) {
+            if (!$this->getUser()->isSuperAdmin()) {
                 throw new Forbidden();
             }
         }
@@ -87,7 +87,7 @@ class Admin extends \Espo\Core\Controllers\Base
     public function postActionRunUpgrade($params, $data)
     {
         if ($this->getConfig()->get('restrictedMode')) {
-            if (!$this->getUser()->get('isSuperAdmin')) {
+            if (!$this->getUser()->isSuperAdmin()) {
                 throw new Forbidden();
             }
         }
@@ -108,4 +108,10 @@ class Admin extends \Espo\Core\Controllers\Base
         $adminNotificationManager = new \Espo\Core\Utils\AdminNotificationManager($this->getContainer());
         return $adminNotificationManager->getNotificationList();
     }
+
+    public function actionSystemRequirementList($params)
+    {
+        $systemRequirementManager = new \Espo\Core\Utils\SystemRequirements($this->getContainer());
+        return $systemRequirementManager->getAllRequiredList();
+    }
 }

application/Espo/Controllers/Attachment.php

@@ -34,5 +34,27 @@ use \Espo\Core\Exceptions\BadRequest;
 
 class Attachment extends \Espo\Core\Controllers\Record
 {
+    public function actionList($params, $data, $request)
+    {
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+        return parent::actionList($params, $data, $request);
+    }
 
+    public function postActionGetAttachmentFromImageUrl($params, $data)
+    {
+        if (empty($data->url)) throw new BadRequest();
+        if (empty($data->field)) throw new BadRequest('postActionGetAttachmentFromImageUrl: No field specified');
+
+        return $this->getRecordService()->getAttachmentFromImageUrl($data)->getValueMap();
+    }
+
+    public function postActionGetCopiedAttachment($params, $data)
+    {
+        if (empty($data->id)) throw new BadRequest();
+        if (empty($data->field)) throw new BadRequest('postActionGetCopiedAttachment copy: No field specified');
+
+        return $this->getRecordService()->getCopiedAttachment($data)->getValueMap();
+    }
 }

application/Espo/Controllers/AuthLogRecord.php

@@ -0,0 +1,67 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Forbidden;
+
+class AuthLogRecord extends \Espo\Core\Controllers\Record
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function actionUpdate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionMassUpdate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionCreate($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionCreateLink($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+
+    public function actionRemoveLink($params, $data, $request)
+    {
+        throw new Forbidden();
+    }
+}

application/Espo/Controllers/DataPrivacy.php

@@ -0,0 +1,55 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use Espo\Core\Exceptions\Error;
+use Espo\Core\Exceptions\Forbidden;
+use Espo\Core\Exceptions\NotFound;
+use Espo\Core\Exceptions\BadRequest;
+
+class DataPrivacy extends \Espo\Core\Controllers\Base
+{
+    protected function checkControllerAccess()
+    {
+        if ($this->getAcl()->get('dataPrivacyPermission') === 'no') {
+            throw new Forbidden();
+        }
+    }
+
+    public function postActionErase($params, $data)
+    {
+        if (empty($data->entityType) || empty($data->id) || empty($data->fieldList) || !is_array($data->fieldList)) {
+            throw new BadRequest();
+        }
+
+        return $this->getServiceFactory()->create('DataPrivacy')->erase($data->entityType, $data->id, $data->fieldList);
+    }
+
+}

application/Espo/Controllers/EmailAddress.php

@@ -42,11 +42,13 @@ class EmailAddress extends \Espo\Core\Controllers\Record
             throw new Forbidden();
         }
         $q = $request->get('q');
-        $limit = intval($request->get('limit'));
-        if (empty($limit) || $limit > 30) {
-            $limit = 5;
+        $maxSize = intval($request->get('maxSize'));
+        if (empty($maxSize) || $maxSize > 50) {
+            $maxSize = $this->getConfig()->get('recordsPerPage', 20);
         }
-        return $this->getRecordService()->searchInAddressBook($q, $limit);
+
+        $onlyActual = $request->get('onlyActual') === 'true';
+
+        return $this->getRecordService()->searchInAddressBook($q, $maxSize, $onlyActual);
     }
 }
-

application/Espo/Controllers/EmailTemplateCategory.php

@@ -0,0 +1,35 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+class EmailTemplateCategory extends \Espo\Core\Templates\Controllers\CategoryTree
+{
+
+}

application/Espo/Controllers/EntityManager.php

@@ -83,6 +83,20 @@ class EntityManager extends \Espo\Core\Controllers\Base
         if (isset($data['textFilterFields']) && is_array($data['textFilterFields'])) {
             $params['textFilterFields'] = $data['textFilterFields'];
         }
+        if (!empty($data['color'])) {
+            $params['color'] = $data['color'];
+        }
+        if (!empty($data['iconClass'])) {
+            $params['iconClass'] = $data['iconClass'];
+        }
+        if (isset($data['fullTextSearch'])) {
+            $params['fullTextSearch'] = $data['fullTextSearch'];
+        }
+
+        $params['kanbanViewMode'] = !empty($data['kanbanViewMode']);
+        if (!empty($data['kanbanStatusIgnoreList'])) {
+            $params['kanbanStatusIgnoreList'] = $data['kanbanStatusIgnoreList'];
+        }
 
         $result = $this->getContainer()->get('entityManagerUtil')->create($name, $type, $params);
 
@@ -116,10 +130,6 @@ class EntityManager extends \Espo\Core\Controllers\Base
         $name = $data['name'];
         $name = filter_var($name, \FILTER_SANITIZE_STRING);
 
-        if (!empty($data['sortDirection'])) {
-            $data['asc'] = $data['sortDirection'] === 'asc';
-        }
-
         $result = $this->getContainer()->get('entityManagerUtil')->update($name, $data);
 
         if ($result) {
@@ -324,4 +334,16 @@ class EntityManager extends \Espo\Core\Controllers\Base
 
         return true;
     }
+
+    public function postActionResetToDefault($params, $data, $request)
+    {
+        if (empty($data->scope)) {
+            throw new BadRequest();
+        }
+
+        $this->getContainer()->get('entityManagerUtil')->resetToDefaults($data->scope);
+        $this->getContainer()->get('dataManager')->clearCache();
+
+        return true;
+    }
 }

application/Espo/Controllers/Extension.php

@@ -66,7 +66,7 @@ class Extension extends \Espo\Core\Controllers\Record
             throw new Forbidden();
         }
         if ($this->getConfig()->get('restrictedMode')) {
-            if (!$this->getUser()->get('isSuperAdmin')) {
+            if (!$this->getUser()->isSuperAdmin()) {
                 throw new Forbidden();
             }
         }
@@ -84,7 +84,7 @@ class Extension extends \Espo\Core\Controllers\Record
             throw new Forbidden();
         }
         if ($this->getConfig()->get('restrictedMode')) {
-            if (!$this->getUser()->get('isSuperAdmin')) {
+            if (!$this->getUser()->isSuperAdmin()) {
                 throw new Forbidden();
             }
         }
@@ -120,7 +120,7 @@ class Extension extends \Espo\Core\Controllers\Record
             throw BadRequest();
         }
         if ($this->getConfig()->get('restrictedMode')) {
-            if (!$this->getUser()->get('isSuperAdmin')) {
+            if (!$this->getUser()->isSuperAdmin()) {
                 throw new Forbidden();
             }
         }

application/Espo/Controllers/Import.php

@@ -38,7 +38,7 @@ class Import extends \Espo\Core\Controllers\Record
 {
     protected function checkControllerAccess()
     {
-        if (!$this->getUser()->isAdmin()) {
+        if (!$this->getAcl()->check('Import')) {
             throw new Forbidden();
         }
     }
@@ -90,10 +90,9 @@ class Import extends \Espo\Core\Controllers\Record
         $attachment->set('type', 'text/csv');
         $attachment->set('role', 'Import File');
         $attachment->set('name', 'import-file.csv');
+        $attachment->set('contents', $contents);
         $this->getEntityManager()->saveEntity($attachment);
 
-        $this->getFileStorageManager()->putContents($attachment, $contents);
-
         return array(
             'attachmentId' => $attachment->id
         );
@@ -127,7 +126,7 @@ class Import extends \Espo\Core\Controllers\Record
             throw new BadRequest();
         }
 
-        if (!isset($data->fieldDelimiter)) {
+        if (!isset($data->delimiter)) {
             throw new BadRequest();
         }
 
@@ -167,7 +166,7 @@ class Import extends \Espo\Core\Controllers\Record
             throw new BadRequest();
         }
 
-        if (!isset($data->fields)) {
+        if (!isset($data->attributeList)) {
             throw new BadRequest();
         }
 
@@ -178,7 +177,7 @@ class Import extends \Espo\Core\Controllers\Record
 
         $importParams = array(
             'headerRow' => !empty($data->headerRow),
-            'fieldDelimiter' => $data->fieldDelimiter,
+            'delimiter' => $data->delimiter,
             'textQualifier' => $data->textQualifier,
             'dateFormat' => $data->dateFormat,
             'timeFormat' => $data->timeFormat,
@@ -202,7 +201,7 @@ class Import extends \Espo\Core\Controllers\Record
             throw new Forbidden();
         }
 
-        return $this->getService('Import')->import($data->entityType, $data->fields, $attachmentId, $importParams);
+        return $this->getService('Import')->import($data->entityType, $data->attributeList, $attachmentId, $importParams);
     }
 
     public function postActionUnmarkAsDuplicate($params, $data)

application/Espo/Controllers/LastViewed.php

@@ -35,12 +35,24 @@ class LastViewed extends \Espo\Core\Controllers\Base
 {
     public function getActionIndex($params, $data, $request)
     {
-        $result = $this->getServiceFactory()->create('LastViewed')->get();
+        $params = [];
 
-        return [
-            'total' => $result['total'],
-            'list' => isset($result['collection']) ? $result['collection']->toArray() : $result['list']
+        $params['offset'] = $request->get('offset', 0);
+        $params['maxSize'] = $request->get('maxSize');
+
+        $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', \Espo\Core\Controllers\Record::MAX_SIZE_LIMIT);
+        if (empty($params['maxSize'])) {
+            $params['maxSize'] = $maxSizeLimit;
+        }
+        if (!empty($params['maxSize']) && $params['maxSize'] > $maxSizeLimit) {
+            throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
+        }
+
+        $result = $this->getServiceFactory()->create('LastViewed')->getList($params);
+
+        return (object) [
+            'total' => $result->total,
+            'list' => $result->collection->getValueMapList()
         ];
     }
 }
-

application/Espo/Controllers/Layout.php

@@ -78,15 +78,18 @@ class Layout extends \Espo\Core\Controllers\Base
         return $this->actionUpdate($params, $data, $request);
     }
 
-    public function actionResetToDefault($params, $data, $request)
+    public function postActionResetToDefault($params, $data, $request)
     {
-        if (!$request->isPost()) {
-            throw new BadRequest();
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
         }
+
         if (empty($data->scope) || empty($data->name)) {
             throw new BadRequest();
         }
 
+        $this->getContainer()->get('dataManager')->updateCacheTimestamp();
+
         return $this->getContainer()->get('layout')->resetToDefault($data->scope, $data->name);
     }
 }

application/Espo/Controllers/LeadCapture.php

@@ -0,0 +1,72 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
+use \Espo\Core\Exceptions\NotFound;
+
+class LeadCapture extends \Espo\Core\Controllers\Record
+{
+    public function postActionLeadCapture($params, $data, $request, $response)
+    {
+        if (empty($params['apiKey'])) throw new BadRequest('No API key provided.');
+        if (empty($data)) throw new BadRequest('No payload provided.');
+
+        $allowOrigin = $this->getConfig()->get('leadCaptureAllowOrigin', '*');
+        $response->headers->set('Access-Control-Allow-Origin', $allowOrigin);
+
+        return $this->getRecordService()->leadCapture($params['apiKey'], $data);
+    }
+
+    public function optionsActionLeadCapture($params, $data, $request, $response)
+    {
+        if (empty($params['apiKey'])) throw new BadRequest('No API key provided.');
+
+        if (!$this->getRecordService()->isApiKeyValid($params['apiKey'])) {
+            throw new NotFound();
+        }
+
+        $allowOrigin = $this->getConfig()->get('leadCaptureAllowOrigin', '*');
+
+        $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Accept');
+        $response->headers->set('Access-Control-Allow-Origin', $allowOrigin);
+        $response->headers->set('Access-Control-Allow-Methods', 'POST');
+
+        return true;
+    }
+
+    public function postActionGenerateNewApiKey($params, $data, $request)
+    {
+        if (empty($data->id)) throw new BadRequest();
+
+        return $this->getRecordService()->generateNewApiKeyForEntity($data->id)->getValueMap();
+    }
+}

application/Espo/Controllers/LeadCaptureLogRecord.php

@@ -0,0 +1,38 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
+
+class LeadCaptureLogRecord extends \Espo\Core\Controllers\Record
+{
+
+}

application/Espo/Controllers/Pdf.php

@@ -0,0 +1,60 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
+use \Espo\Core\Exceptions\Error;
+
+class Pdf extends \Espo\Core\Controllers\Base
+{
+    public function postActionMassPrint($params, $data)
+    {
+        if (empty($data->idList) || !is_array($data->idList)) {
+            throw new BadRequest();
+        }
+        if (empty($data->entityType)) {
+            throw new BadRequest();
+        }
+        if (empty($data->templateId)) {
+            throw new BadRequest();
+        }
+        if (!$this->getAcl()->checkScope('Template')) {
+            throw new Forbidden();
+        }
+        if (!$this->getAcl()->checkScope($data->entityType)) {
+            throw new Forbidden();
+        }
+
+        return [
+            'id' => $this->getServiceFactory()->create('Pdf')->massGenerate($data->entityType, $data->idList, $data->templateId, true)
+        ];
+    }
+}

application/Espo/Controllers/Preferences.php

@@ -88,7 +88,7 @@ class Preferences extends \Espo\Core\Controllers\Base
             throw new BadRequest();
         }
 
-        if ($this->getAcl()->getLevel('Preferences', 'read') === 'no') {
+        if ($this->getAcl()->getLevel('Preferences', 'edit') === 'no') {
             throw new Forbidden();
         }
 
@@ -132,7 +132,7 @@ class Preferences extends \Espo\Core\Controllers\Base
 
         $entity->set('smtpEmailAddress', $user->get('emailAddress'));
         $entity->set('name', $user->get('name'));
-        $entity->set('isPortalUser', $user->get('isPortalUser'));
+        $entity->set('isPortalUser', $user->isPortal());
 
         $entity->clear('smtpPassword');
 
@@ -142,5 +142,45 @@ class Preferences extends \Espo\Core\Controllers\Base
 
         return $entity->getValueMap();
     }
-}
 
+    public function postActionResetDashboard($params, $data)
+    {
+        if (empty($data->id)) throw new BadRequest();
+
+        $userId = $data->id;
+
+        $this->handleUserAccess($userId);
+
+        $user = $this->getEntityManager()->getEntity('User', $userId);
+        $preferences = $this->getEntityManager()->getEntity('Preferences', $userId);
+        if (!$user)  throw new NotFound();
+        if (!$preferences)  throw new NotFound();
+
+        if ($user->isPortal()) throw new Forbidden();
+
+        if ($this->getAcl()->getLevel('Preferences', 'edit') === 'no') {
+            throw new Forbidden();
+        }
+
+        $forbiddenAttributeList = $this->getAcl()->getScopeForbiddenAttributeList('Preferences', 'edit');
+
+        if (in_array('dashboardLayout', $forbiddenAttributeList)) {
+            throw new Forbidden();
+        }
+
+        $dashboardLayout = $this->getConfig()->get('dashboardLayout');
+        $dashletsOptions = $this->getConfig()->get('dashletsOptions');
+
+        $preferences->set([
+            'dashboardLayout' => $dashboardLayout,
+            'dashletsOptions' => $dashletsOptions
+        ]);
+
+        $this->getEntityManager()->saveEntity($preferences);
+
+        return (object) [
+            'dashboardLayout' => $preferences->get('dashboardLayout'),
+            'dashletsOptions' => $preferences->get('dashletsOptions')
+        ];
+    }
+}

application/Espo/Controllers/Settings.php

@@ -35,23 +35,12 @@ use \Espo\Core\Exceptions\BadRequest;
 
 class Settings extends \Espo\Core\Controllers\Base
 {
+
     protected function getConfigData()
     {
-        if ($this->getUser()->id == 'system') {
-            $data = $this->getConfig()->getData();
-        } else {
-            $data = $this->getConfig()->getData($this->getUser()->isAdmin());
-        }
+        $data = $this->getServiceFactory()->create('Settings')->getConfigData();
 
-        $fieldDefs = $this->getMetadata()->get('entityDefs.Settings.fields');
-
-        foreach ($fieldDefs as $field => $d) {
-            if ($d['type'] === 'password') {
-                unset($data[$field]);
-            }
-        }
-
-        $data['jsLibs'] = $this->getMetadata()->get('app.jsLibs');
+        $data->jsLibs = $this->getMetadata()->get('app.jsLibs');
 
         return $data;
     }
@@ -76,23 +65,7 @@ class Settings extends \Espo\Core\Controllers\Base
             throw new BadRequest();
         }
 
-        if (
-            (isset($data->useCache) && $data->useCache !== $this->getConfig()->get('useCache'))
-            ||
-            (isset($data->aclStrictMode) && $data->aclStrictMode !== $this->getConfig()->get('aclStrictMode'))
-        ) {
-            $this->getContainer()->get('dataManager')->clearCache();
-        }
-
-        $this->getConfig()->setData($data, $this->getUser()->isAdmin());
-        $result = $this->getConfig()->save();
-        if ($result === false) {
-            throw new Error('Cannot save settings');
-        }
-
-        if (isset($data->defaultCurrency) || isset($data->baseCurrency) || isset($data->currencyRates)) {
-            $this->getContainer()->get('dataManager')->rebuildDatabase([]);
-        }
+        $this->getServiceFactory()->create('Settings')->setConfigData($data);
 
         return $this->getConfigData();
     }

application/Espo/Controllers/Stream.php

@@ -49,24 +49,59 @@ class Stream extends \Espo\Core\Controllers\Base
 
         $service = $this->getService('Stream');
 
+        $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
         if (empty($maxSize)) {
-            $maxSize = self::MAX_SIZE_LIMIT;
+            $maxSize = $maxSizeLimit;
         }
-        if (!empty($maxSize) && $maxSize > self::MAX_SIZE_LIMIT) {
-            throw new Forbidden();
+        if (!empty($maxSize) && $maxSize > $maxSizeLimit) {
+            throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
         }
 
-        $result = $service->find($scope, $id, array(
+        $result = $service->find($scope, $id, [
             'offset' => $offset,
             'maxSize' => $maxSize,
             'after' => $after,
             'filter' => $filter
-        ));
+        ]);
 
-        return array(
-            'total' => $result['total'],
-            'list' => $result['collection']->toArray()
-        );
+        return (object) [
+            'total' => $result->total,
+            'list' => $result->collection->getValueMapList()
+        ];
+    }
+
+    public function getActionListPosts($params, $data, $request)
+    {
+        $scope = $params['scope'];
+        $id = isset($params['id']) ? $params['id'] : null;
+
+        $offset = intval($request->get('offset'));
+        $maxSize = intval($request->get('maxSize'));
+        $after = $request->get('after');
+
+        $where = $request->get('where');
+
+        $service = $this->getService('Stream');
+
+        $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
+        if (empty($maxSize)) {
+            $maxSize = $maxSizeLimit;
+        }
+        if (!empty($maxSize) && $maxSize > $maxSizeLimit) {
+            throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
+        }
+
+        $result = $service->find($scope, $id, [
+            'offset' => $offset,
+            'maxSize' => $maxSize,
+            'after' => $after,
+            'filter' => 'posts',
+            'where' => $where
+        ]);
+
+        return (object) [
+            'total' => $result->total,
+            'list' => $result->collection->getValueMapList()
+        ];
     }
 }
-

application/Espo/Controllers/TemplateManager.php

@@ -0,0 +1,122 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use Espo\Core\Utils as Utils;
+use \Espo\Core\Exceptions\NotFound;
+use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
+
+class TemplateManager extends \Espo\Core\Controllers\Base
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function getActionGetTemplate($params, $data, $request)
+    {
+        $name = $request->get('name');
+        if (empty($name)) throw new BadRequest();
+        $scope = $request->get('scope');
+        $module = null;
+        $module = $this->getMetadata()->get(['app', 'templates', $name, 'module']);
+        $hasSubject = !$this->getMetadata()->get(['app', 'templates', $name, 'noSubject']);
+
+        $templateFileManager = $this->getContainer()->get('templateFileManager');
+
+        $returnData = (object) [];
+        $returnData->body = $templateFileManager->getTemplate($name, 'body', $scope, $module);
+
+        if ($hasSubject) {
+            $returnData->subject = $templateFileManager->getTemplate($name, 'subject', $scope, $module);
+        }
+
+        return $returnData;
+    }
+
+    public function postActionSaveTemplate($params, $data)
+    {
+        $scope = null;
+        if (empty($data->name)) {
+            throw new BadRequest();
+        }
+        if (!empty($data->scope)) {
+            $scope = $data->scope;
+        }
+
+        $templateFileManager = $this->getContainer()->get('templateFileManager');
+
+        if (isset($data->subject)) {
+            $templateFileManager->saveTemplate($data->name, 'subject', $data->subject, $scope);
+        }
+
+        if (isset($data->body)) {
+            $templateFileManager->saveTemplate($data->name, 'body', $data->body, $scope);
+        }
+
+        return true;
+    }
+
+    public function postActionResetTemplate($params, $data)
+    {
+        $scope = null;
+        if (empty($data->name)) {
+            throw new BadRequest();
+        }
+        if (!empty($data->scope)) {
+            $scope = $data->scope;
+        }
+
+        $module = null;
+        $module = $this->getMetadata()->get(['app', 'templates', $data->name, 'module']);
+        $hasSubject = !$this->getMetadata()->get(['app', 'templates', $data->name, 'noSubject']);
+
+        $templateFileManager = $this->getContainer()->get('templateFileManager');
+
+        if ($hasSubject) {
+            $templateFileManager->resetTemplate($data->name, 'subject', $scope);
+        }
+
+        $templateFileManager->resetTemplate($data->name, 'body', $scope);
+
+        $returnData = (object) [];
+        $returnData->body = $templateFileManager->getTemplate($data->name, 'body', $scope, $module);
+
+        if ($hasSubject) {
+            $returnData->subject = $templateFileManager->getTemplate($data->name, 'subject', $scope, $module);
+        }
+
+        return $returnData;
+    }
+}

application/Espo/Controllers/User.php

@@ -105,5 +105,18 @@ class User extends \Espo\Core\Controllers\Record
 
         return $this->getService('User')->passwordChangeRequest($userName, $emailAddress, $url);
     }
-}
 
+    public function actionCreateLink($params, $data, $request)
+    {
+        if (!$this->getUser()->isAdmin()) throw new Forbidden();
+
+        return parent::actionCreateLink($params, $data, $request);
+    }
+
+    public function actionRemoveLink($params, $data, $request)
+    {
+        if (!$this->getUser()->isAdmin()) throw new Forbidden();
+
+        return parent::actionRemoveLink($params, $data, $request);
+    }
+}

application/Espo/Core/Acl.php

@@ -133,5 +133,19 @@ class Acl
     {
         return $this->getAclManager()->checkAssignmentPermission($this->getUser(), $target);
     }
-}
 
+    public function getScopeRestrictedFieldList($scope, $type)
+    {
+        return $this->getAclManager()->getScopeRestrictedFieldList($scope, $type);
+    }
+
+    public function getScopeRestrictedAttributeList($scope, $type)
+    {
+        return $this->getAclManager()->getScopeRestrictedAttributeList($scope, $type);
+    }
+
+    public function getScopeRestrictedLinkList($scope, $type)
+    {
+        return $this->getAclManager()->getScopeRestrictedLinkList($scope, $type);
+    }
+}

application/Espo/Core/Acl/Base.php

@@ -46,6 +46,10 @@ class Base implements Injectable
 
     protected $injections = array();
 
+    protected $ownerUserIdAttribute = null;
+
+    protected $allowDeleteCreatedThresholdPeriod = '24 hours';
+
     public function inject($name, $object)
     {
         $this->injections[$name] = $object;
@@ -217,7 +221,7 @@ class Base implements Injectable
             }
         }
 
-        if ($entity->hasAttribute('assignedUsersIds') && $entity->hasRelation('assignedUsers')) {
+        if ($entity->hasLinkMultipleField('assignedUsers')) {
             if ($entity->hasLinkMultipleId('assignedUsers', $user->id)) {
                 return true;
             }
@@ -265,15 +269,26 @@ class Base implements Injectable
                     &&
                     $entity->has('createdById') && $entity->get('createdById') == $user->id
                 ) {
+                    $isDeletedAllowed = false;
                     if (!$entity->has('assignedUserId')) {
-                        return true;
+                        $isDeletedAllowed = true;
                     } else {
                         if (!$entity->get('assignedUserId')) {
-                            return true;
+                            $isDeletedAllowed = true;
+                        } else if ($entity->get('assignedUserId') == $entity->get('createdById')) {
+                            $isDeletedAllowed = true;
                         }
-                        if ($entity->get('assignedUserId') == $entity->get('createdById')) {
-                            return true;
+                    }
+
+                    if ($isDeletedAllowed) {
+                        $createdAt = $entity->get('createdAt');
+                        if ($createdAt) {
+                            $deleteThresholdPeriod = $this->getConfig()->get('aclAllowDeleteCreatedThresholdPeriod', $this->allowDeleteCreatedThresholdPeriod);
+                            if (\Espo\Core\Utils\DateTime::isAfterThreshold($createdAt, $deleteThresholdPeriod)) {
+                                return false;
+                            }
                         }
+                        return true;
                     }
                 }
             }
@@ -281,5 +296,23 @@ class Base implements Injectable
 
         return false;
     }
-}
 
+    public function getOwnerUserIdAttribute(Entity $entity)
+    {
+        if ($this->ownerUserIdAttribute) {
+            return $this->ownerUserIdAttribute;
+        }
+
+        if ($entity->hasLinkMultipleField('assignedUsers')) {
+            return 'assignedUsersIds';
+        }
+
+        if ($entity->hasAttribute('assignedUserId')) {
+            return 'assignedUserId';
+        }
+
+        if ($entity->hasAttribute('createdById')) {
+            return 'createdById';
+        }
+    }
+}

application/Espo/Core/Acl/GlobalRestricton.php

@@ -0,0 +1,175 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Acl;
+
+class GlobalRestricton
+{
+    protected $fieldTypeList = [
+        'forbidden', // totally forbidden
+        'internal', // reading forbidden, writing allowed
+        'onlyAdmin', // forbidden for non admin users
+        'readOnly', // read-only for all users
+        'nonAdminReadOnly' // read-only for non-admin users
+    ];
+
+    protected $linkTypeList = [
+        'forbidden', // totally forbidden
+        'internal', // reading forbidden, writing allowed
+        'onlyAdmin', // forbidden for non admin users
+        'readOnly', // read-only for all users
+        'nonAdminReadOnly' // read-only for non-admin users
+    ];
+
+    protected $cacheFilePath = 'data/cache/application/entityAcl.php';
+
+    private $metadata;
+
+    private $fileManager;
+
+    private $fieldManagerUtil;
+
+    private $data;
+
+    public function __construct(
+        \Espo\Core\Utils\Metadata $metadata,
+        \Espo\Core\Utils\File\Manager $fileManager,
+        \Espo\Core\Utils\FieldManagerUtil $fieldManagerUtil
+    )
+    {
+        $this->metadata = $metadata;
+        $this->fileManager = $fileManager;
+        $this->fieldManagerUtil = $fieldManagerUtil;
+
+        if (!file_exists($this->cacheFilePath)) {
+            $this->buildCacheFile();
+        }
+
+        $this->data = include($this->cacheFilePath);
+    }
+
+    protected function buildCacheFile()
+    {
+        $scopeList = array_keys($this->getMetadata()->get(['entityDefs'], []));
+
+        $data = (object) [];
+
+        foreach ($scopeList as $scope) {
+            $fieldList = array_keys($this->getMetadata()->get(['entityDefs', $scope, 'fields'], []));
+            $linkList = array_keys($this->getMetadata()->get(['entityDefs', $scope, 'links'], []));
+
+            $isNotEmpty = false;
+
+            $scopeData = (object) [
+                'fields' => (object) [],
+                'attributes' => (object) [],
+                'links' => (object) []
+            ];
+
+            foreach ($this->fieldTypeList as $type) {
+                $resultFieldList = [];
+                $resultAttributeList = [];
+
+                foreach ($fieldList as $field) {
+                    if ($this->getMetadata()->get(['entityAcl', $scope, 'fields', $field, $type])) {
+                        $isNotEmpty = true;
+                        $resultFieldList[] = $field;
+                        $fieldAttributeList = $this->getFieldManagerUtil()->getAttributeList($scope, $field);
+                        foreach ($fieldAttributeList as $attribute) {
+                            $resultAttributeList[] = $attribute;
+                        }
+                    }
+                }
+
+                $scopeData->fields->$type = $resultFieldList;
+                $scopeData->attributes->$type = $resultAttributeList;
+            }
+            foreach ($this->linkTypeList as $type) {
+                $resultLinkList = [];
+                foreach ($linkList as $link) {
+                    if ($this->getMetadata()->get(['entityAcl', $scope, 'links', $link, $type])) {
+                        $isNotEmpty = true;
+                        $resultLinkList[] = $link;
+                    }
+                }
+                $scopeData->links->$type = $resultLinkList;
+            }
+
+            if ($isNotEmpty) {
+                $data->$scope = $scopeData;
+            }
+        }
+
+        $this->data = $data;
+
+        $this->getFileManager()->putPhpContents($this->cacheFilePath, $data, true);
+    }
+
+    protected function getMetadata()
+    {
+        return $this->metadata;
+    }
+
+    protected function getFileManager()
+    {
+        return $this->fileManager;
+    }
+
+    protected function getFieldManagerUtil()
+    {
+        return $this->fieldManagerUtil;
+    }
+
+    public function getScopeRestrictedFieldList($scope, $type)
+    {
+        if (!property_exists($this->data, $scope)) return [];
+        if (!property_exists($this->data->$scope, 'fields')) return [];
+        if (!property_exists($this->data->$scope->fields, $type)) return [];
+
+        return $this->data->$scope->fields->$type;
+    }
+
+    public function getScopeRestrictedAttributeList($scope, $type)
+    {
+        if (!property_exists($this->data, $scope)) return [];
+        if (!property_exists($this->data->$scope, 'attributes')) return [];
+        if (!property_exists($this->data->$scope->attributes, $type)) return [];
+
+        return $this->data->$scope->attributes->$type;
+    }
+
+    public function getScopeRestrictedLinkList($scope, $type)
+    {
+        if (!property_exists($this->data, $scope)) return [];
+        if (!property_exists($this->data->$scope, 'links')) return [];
+        if (!property_exists($this->data->$scope->links, $type)) return [];
+
+        return $this->data->$scope->links->$type;
+    }
+}

application/Espo/Core/Acl/Table.php

@@ -169,7 +169,7 @@ class Table
         if (isset($this->data->$permission)) {
             return $this->data->$permission;
         }
-        return null;
+        return 'no';
     }
 
     public function getLevel($scope, $action)
@@ -182,6 +182,15 @@ class Table
         return 'no';
     }
 
+    public function getHighestLevel($action)
+    {
+        if (in_array($action, $this->booleanActionList)) {
+            return 'yes';
+        } else {
+            return 'all';
+        }
+    }
+
     private function load()
     {
         $valuePermissionLists = (object)[];
@@ -210,6 +219,7 @@ class Table
             $this->applyDisabled($aclTable, $fieldTable);
             $this->applyMandatory($aclTable, $fieldTable);
             $this->applyAdditional($aclTable, $fieldTable, $valuePermissionLists);
+            $this->applyReadOnlyFields($fieldTable);
         } else {
             $aclTable = (object) [];
             foreach ($this->getScopeList() as $scope) {
@@ -553,7 +563,7 @@ class Table
 
     protected function applyAdditional(&$table, &$fieldTable, &$valuePermissionLists)
     {
-        if ($this->getUser()->get('isPortalUser')) {
+        if ($this->getUser()->isPortal()) {
             foreach ($this->getScopeList() as $scope) {
                 $table->$scope = false;
                 unset($fieldTable->$scope);
@@ -714,4 +724,28 @@ class Table
     {
         $this->fileManager->putPhpContents($this->cacheFilePath, $this->data, true);
     }
+
+    protected function applyReadOnlyFields(&$fieldTable)
+    {
+        // TODO Enable in 5.4.0
+        return;
+        $scopeList = $this->getScopeWithAclList();
+        foreach ($scopeList as $scope) {
+            if (!property_exists($fieldTable, $scope)) continue;
+            $fieldList = array_keys($this->getMetadata()->get(['entityDefs', $scope, 'fields'], []));
+            foreach ($fieldList as $field) {
+                if ($this->getMetadata()->get(['entityDefs', $scope, 'fields', $field, 'readOnly'])) {
+                    if (property_exists($fieldTable->$scope, $field)) {
+                        $fieldTable->$scope->$field->edit = 'no';
+                    } else {
+                        $fieldTable->$scope->$field = (object) [];
+                        foreach ($this->fieldActionList as $action) {
+                            $fieldTable->$scope->$field->$action = 'yes';
+                        }
+                        $fieldTable->$scope->$field->edit = 'no';
+                    }
+                }
+            }
+        }
+    }
 }

application/Espo/Core/AclManager.php

@@ -49,10 +49,18 @@ class AclManager
 
     protected $userAclClassName = '\\Espo\\Core\\Acl';
 
+    protected $globalRestricton;
+
     public function __construct(Container $container)
     {
         $this->container = $container;
         $this->metadata = $container->get('metadata');
+
+        $this->globalRestricton = new \Espo\Core\Acl\GlobalRestricton(
+            $container->get('metadata'),
+            $container->get('fileManager'),
+            $container->get('fieldManagerUtil')
+        );
     }
 
     protected function getContainer()
@@ -125,7 +133,7 @@ class AclManager
     public function getLevel(User $user, $scope, $action)
     {
         if ($user->isAdmin()) {
-            return 'all';
+            return $this->getTable($user)->getHighestLevel($action);
         }
         return $this->getTable($user)->getLevel($scope, $action);
     }
@@ -182,9 +190,15 @@ class AclManager
 
         $impl = $this->getImplementation($scope);
 
-        $methodName = 'checkEntity' . ucfirst($action);
-        if (method_exists($impl, $methodName)) {
-            return $impl->$methodName($user, $entity, $data);
+        if (!$action) {
+            $action = 'read';
+        }
+
+        if ($action) {
+            $methodName = 'checkEntity' . ucfirst($action);
+            if (method_exists($impl, $methodName)) {
+                return $impl->$methodName($user, $entity, $data);
+            }
         }
 
         return $impl->checkEntity($user, $entity, $data, $action);
@@ -235,16 +249,64 @@ class AclManager
         return true;
     }
 
+    protected function getGlobalRestrictionTypeList(User $user, $action = 'read')
+    {
+        $typeList = ['forbidden'];
+
+        if ($action === 'read') {
+            $typeList[] = 'internal';
+        }
+
+        if (!$user->isAdmin()) {
+            $typeList[] = 'onlyAdmin';
+        }
+
+        if ($action === 'edit') {
+            $typeList[] = 'readOnly';
+            if (!$user->isAdmin()) {
+                $typeList[] = 'nonAdminReadOnly';
+            }
+        }
+
+        return $typeList;
+    }
+
     public function getScopeForbiddenAttributeList(User $user, $scope, $action = 'read', $thresholdLevel = 'no')
     {
-        if ($user->isAdmin()) return [];
-        return $this->getTable($user)->getScopeForbiddenAttributeList($scope, $action, $thresholdLevel);
+        $list = [];
+
+        if (!$user->isAdmin()) {
+            $list = $this->getTable($user)->getScopeForbiddenAttributeList($scope, $action, $thresholdLevel);
+        }
+
+        if ($thresholdLevel === 'no') {
+            $list = array_merge(
+                $list,
+                $this->getScopeRestrictedAttributeList($scope, $this->getGlobalRestrictionTypeList($user, $action))
+            );
+            $list = array_values($list);
+        }
+
+        return $list;
     }
 
     public function getScopeForbiddenFieldList(User $user, $scope, $action = 'read', $thresholdLevel = 'no')
     {
-        if ($user->isAdmin()) return [];
-        return $this->getTable($user)->getScopeForbiddenFieldList($scope, $action, $thresholdLevel);
+        $list = [];
+
+        if (!$user->isAdmin()) {
+            $list = $this->getTable($user)->getScopeForbiddenFieldList($scope, $action, $thresholdLevel);
+        }
+
+        if ($thresholdLevel === 'no') {
+            $list = array_merge(
+                $list,
+                $this->getScopeRestrictedFieldList($scope, $this->getGlobalRestrictionTypeList($user, $action))
+            );
+            $list = array_values($list);
+        }
+
+        return $list;
     }
 
     public function checkUserPermission(User $user, $target, $permissionType = 'userPermission')
@@ -288,4 +350,46 @@ class AclManager
         $acl = new $className($this, $user);
         return $acl;
     }
+
+    public function getScopeRestrictedFieldList($scope, $type)
+    {
+        if (is_array($type)) {
+            $typeList = $type;
+            $list = [];
+            foreach ($typeList as $type) {
+                $list = array_merge($list, $this->globalRestricton->getScopeRestrictedFieldList($scope, $type));
+            }
+            $list = array_values($list);
+            return $list;
+        }
+        return $this->globalRestricton->getScopeRestrictedFieldList($scope, $type);
+    }
+
+    public function getScopeRestrictedAttributeList($scope, $type)
+    {
+        if (is_array($type)) {
+            $typeList = $type;
+            $list = [];
+            foreach ($typeList as $type) {
+                $list = array_merge($list, $this->globalRestricton->getScopeRestrictedAttributeList($scope, $type));
+            }
+            $list = array_values($list);
+            return $list;
+        }
+        return $this->globalRestricton->getScopeRestrictedAttributeList($scope, $type);
+    }
+
+    public function getScopeRestrictedLinkList($scope, $type)
+    {
+        if (is_array($type)) {
+            $typeList = $type;
+            $list = [];
+            foreach ($typeList as $type) {
+                $list = array_merge($list, $this->globalRestricton->getScopeRestrictedLinkList($scope, $type));
+            }
+            $list = array_values($list);
+            return $list;
+        }
+        return $this->globalRestricton->getScopeRestrictedLinkList($scope, $type);
+    }
 }

application/Espo/Core/Application.php

@@ -81,6 +81,11 @@ class Application
         return $this->container;
     }
 
+    protected function getConfig()
+    {
+        return $this->getContainer()->get('config');
+    }
+
     public function run($name = 'default')
     {
         $this->routeHooks();
@@ -91,6 +96,7 @@ class Application
     public function runClient()
     {
         $this->getContainer()->get('clientManager')->display();
+        exit;
     }
 
     public function runEntryPoint($entryPoint, $data = array(), $final = false)
@@ -127,12 +133,17 @@ class Application
 
             $slim->run();
         } catch (\Exception $e) {
-            $container->get('output')->processError($e->getMessage(), $e->getCode(), true);
+            $container->get('output')->processError($e->getMessage(), $e->getCode(), true, $e);
         }
     }
 
     public function runCron()
     {
+        if ($this->getConfig()->get('cronDisabled')) {
+            $GLOBALS['log']->warning("Cron is not run because it's disabled with 'cronDisabled' param.");
+            return;
+        }
+
         $auth = $this->createAuth();
         $auth->useNoAuth();
 
@@ -140,6 +151,50 @@ class Application
         $cronManager->run();
     }
 
+    public function runDaemon()
+    {
+        $maxProcessNumber = $this->getConfig()->get('daemonMaxProcessNumber');
+        $interval = $this->getConfig()->get('daemonInterval');
+        $timeout = $this->getConfig()->get('daemonProcessTimeout');
+
+        if (!$maxProcessNumber || !$interval) {
+            $GLOBALS['log']->error("Daemon config params are not set.");
+            return;
+        }
+
+        $processList = [];
+        while (true) {
+            $toSkip = false;
+            $runningCount = 0;
+            foreach ($processList as $i => $process) {
+                if ($process->isRunning()) {
+                    $runningCount++;
+                } else if ($process->isRunning()) {
+                    unset($processList[$i]);
+                }
+            }
+            $processList = array_values($processList);
+            if (count($runningCount) >= $maxProcessNumber) {
+                $toSkip = true;
+            }
+            if (!$toSkip) {
+                $process = new \Symfony\Component\Process\Process(['php', 'cron.php']);
+                $process->setTimeout($timeout);
+                $process->run();
+            }
+            sleep($interval);
+        }
+    }
+
+    public function runJob($id)
+    {
+        $auth = $this->createAuth();
+        $auth->useNoAuth();
+
+        $cronManager = new \Espo\Core\CronManager($this->container);
+        $cronManager->runJobById($id);
+    }
+
     public function runRebuild()
     {
         $dataManager = $this->getContainer()->get('dataManager');
@@ -154,7 +209,7 @@ class Application
 
     public function isInstalled()
     {
-        $config = $this->getContainer()->get('config');
+        $config = $this->getConfig();
 
         if (file_exists($config->getConfigPath()) && $config->get('isInstalled')) {
             return true;
@@ -176,7 +231,7 @@ class Application
         try {
             $auth = $this->createAuth();
         } catch (\Exception $e) {
-            $container->get('output')->processError($e->getMessage(), $e->getCode());
+            $container->get('output')->processError($e->getMessage(), $e->getCode(), false, $e);
         }
 
         $apiAuth = $this->createApiAuth($auth);
@@ -223,10 +278,10 @@ class Application
 
             try {
                 $controllerManager = $this->getContainer()->get('controllerManager');
-                $result = $controllerManager->process($controllerName, $actionName, $params, $data, $slim->request());
+                $result = $controllerManager->process($controllerName, $actionName, $params, $data, $slim->request(), $slim->response());
                 $container->get('output')->render($result);
             } catch (\Exception $e) {
-                $container->get('output')->processError($e->getMessage(), $e->getCode());
+                $container->get('output')->processError($e->getMessage(), $e->getCode(), false, $e);
             }
         });
 
@@ -243,7 +298,7 @@ class Application
 
     protected function getRouteList()
     {
-        $routes = new \Espo\Core\Utils\Route($this->getContainer()->get('config'), $this->getMetadata(), $this->getContainer()->get('fileManager'));
+        $routes = new \Espo\Core\Utils\Route($this->getConfig(), $this->getMetadata(), $this->getContainer()->get('fileManager'));
 
 
         return $routes->getAll();
@@ -251,11 +306,11 @@ class Application
 
     protected function initRoutes()
     {
-        $crudList = array_keys($this->getContainer()->get('config')->get('crud'));
+        $crudList = array_keys($this->getConfig()->get('crud'));
 
         foreach ($this->getRouteList() as $route) {
             $method = strtolower($route['method']);
-            if (!in_array($method, $crudList)) {
+            if (!in_array($method, $crudList) && $method !== 'options') {
                 $GLOBALS['log']->error('Route: Method ['.$method.'] does not exist. Please check your route ['.$route['route'].']');
                 continue;
             }
@@ -272,7 +327,7 @@ class Application
 
     protected function initAutoloads()
     {
-        $autoload = new \Espo\Core\Utils\Autoload($this->getContainer()->get('config'), $this->getMetadata(), $this->getContainer()->get('fileManager'));
+        $autoload = new \Espo\Core\Utils\Autoload($this->getConfig(), $this->getMetadata(), $this->getContainer()->get('fileManager'));
 
         try {
             $autoloadList = $autoload->getAll();
@@ -327,9 +382,9 @@ class Application
     public function setupSystemUser()
     {
         $user = $this->getContainer()->get('entityManager')->getEntity('User', 'system');
-        $user->set('isAdmin', true);
+        $user->set('isAdmin', true); // TODO remove in 5.7
+        $user->set('type', 'system');
         $this->getContainer()->setUser($user);
         $this->getContainer()->get('entityManager')->setUser($user);
     }
 }
-

application/Espo/Core/Container.php

@@ -32,7 +32,7 @@ namespace Espo\Core;
 class Container
 {
 
-    private $data = array();
+    private $data = [];
 
 
     /**
@@ -178,7 +178,7 @@ class Container
 
     protected function loadMailSender()
     {
-        $className = $this->getServiceClassName('mailSernder', '\\Espo\\Core\\Mail\\Sender');
+        $className = $this->getServiceClassName('mailSender', '\\Espo\\Core\\Mail\\Sender');
         return new $className(
             $this->get('config'),
             $this->get('entityManager')
@@ -222,6 +222,13 @@ class Container
         );
     }
 
+    protected function loadNotificatorFactory()
+    {
+        return new \Espo\Core\NotificatorFactory(
+            $this
+        );
+    }
+
     protected function loadMetadata()
     {
         return new \Espo\Core\Utils\Metadata(
@@ -247,6 +254,14 @@ class Container
         );
     }
 
+    protected function loadInternalAclManager()
+    {
+        $className = $this->getServiceClassName('acl', '\\Espo\\Core\\AclManager');
+        return new $className(
+            $this->get('container')
+        );
+    }
+
     protected function loadAcl()
     {
         $className = $this->getServiceClassName('acl', '\\Espo\\Core\\Acl');
@@ -273,7 +288,7 @@ class Container
         return new \Espo\Core\Utils\Metadata\OrmMetadata(
             $this->get('metadata'),
             $this->get('fileManager'),
-            $this->get('config')->get('useCache')
+            $this->get('config')
         );
     }
 

application/Espo/Core/ControllerManager.php

@@ -40,12 +40,16 @@ class ControllerManager
 
     private $container;
 
+    private $controllersHash = null;
+
     public function __construct(\Espo\Core\Container $container)
     {
         $this->container = $container;
 
         $this->config = $this->container->get('config');
         $this->metadata = $this->container->get('metadata');
+
+        $this->controllersHash = (object) [];
     }
 
     protected function getConfig()
@@ -58,7 +62,7 @@ class ControllerManager
         return $this->metadata;
     }
 
-    public function process($controllerName, $actionName, $params, $data, $request)
+    protected function getControllerClassName($controllerName)
     {
         $customClassName = '\\Espo\\Custom\\Controllers\\' . Util::normilizeClassName($controllerName);
         if (class_exists($customClassName)) {
@@ -72,27 +76,48 @@ class ControllerManager
             }
         }
 
-        if ($data && stristr($request->getContentType(), 'application/json')) {
-            $data = json_decode($data);
-        }
-
         if (!class_exists($controllerClassName)) {
             throw new NotFound("Controller '$controllerName' is not found");
         }
 
-        $controller = new $controllerClassName($this->container, $request->getMethod());
+        return $controllerClassName;
+    }
+
+    public function createController($name)
+    {
+        $controllerClassName = $this->getControllerClassName($name);
+        $controller = new $controllerClassName($this->container);
+
+        return $controller;
+    }
+
+    public function getController($name)
+    {
+        if (!property_exists($this->controllersHash, $name)) {
+            $this->controllersHash->$name = $this->createController($name);
+        }
+        return $this->controllersHash->$name;
+    }
+
+    public function processRequest(\Espo\Core\Controllers\Base $controller, $actionName, $params, $data, $request, $response = null)
+    {
+        if ($data && stristr($request->getContentType(), 'application/json')) {
+            $data = json_decode($data);
+        }
 
         if ($actionName == 'index') {
-            $actionName = $controllerClassName::$defaultAction;
+            $actionName = $controller::$defaultAction;
         }
 
+        $requestMethod = $request->getMethod();
+
         $actionNameUcfirst = ucfirst($actionName);
 
         $beforeMethodName = 'before' . $actionNameUcfirst;
         $actionMethodName = 'action' . $actionNameUcfirst;
         $afterMethodName = 'after' . $actionNameUcfirst;
 
-        $fullActionMethodName = strtolower($request->getMethod()) . ucfirst($actionMethodName);
+        $fullActionMethodName = strtolower($requestMethod) . ucfirst($actionMethodName);
 
         if (method_exists($controller, $fullActionMethodName)) {
             $primaryActionMethodName = $fullActionMethodName;
@@ -101,24 +126,24 @@ class ControllerManager
         }
 
         if (!method_exists($controller, $primaryActionMethodName)) {
-            throw new NotFound("Action '$actionName' (".$request->getMethod().") does not exist in controller '$controllerName'");
+            throw new NotFound("Action {$requestMethod} '{$actionName}' does not exist in controller '".$controller->getName()."'.");
         }
 
         // TODO Remove in 5.1.0
         if ($data instanceof \stdClass) {
-            if ($this->getMetadata()->get(['app', 'deprecatedControllerActions', $controllerName, $primaryActionMethodName])) {
+            if ($this->getMetadata()->get(['app', 'deprecatedControllerActions', $controller->getName(), $primaryActionMethodName])) {
                 $data = get_object_vars($data);
             }
         }
 
         if (method_exists($controller, $beforeMethodName)) {
-            $controller->$beforeMethodName($params, $data, $request);
+            $controller->$beforeMethodName($params, $data, $request, $response);
         }
 
-        $result = $controller->$primaryActionMethodName($params, $data, $request);
+        $result = $controller->$primaryActionMethodName($params, $data, $request, $response);
 
         if (method_exists($controller, $afterMethodName)) {
-            $controller->$afterMethodName($params, $data, $request);
+            $controller->$afterMethodName($params, $data, $request, $response);
         }
 
         if (is_array($result) || is_bool($result) || $result instanceof \StdClass) {
@@ -127,4 +152,10 @@ class ControllerManager
 
         return $result;
     }
+
+    public function process($controllerName, $actionName, $params, $data, $request, $response = null)
+    {
+        $controller = $this->getController($controllerName);
+        return $this->processRequest($controller, $actionName, $params, $data, $request, $response);
+    }
 }

application/Espo/Core/Controllers/Base.php

@@ -38,18 +38,12 @@ abstract class Base
 
     private $container;
 
-    private $requestMethod;
-
     public static $defaultAction = 'index';
 
-    public function __construct(Container $container, $requestMethod = null)
+    public function __construct(Container $container)
     {
         $this->container = $container;
 
-        if (isset($requestMethod)) {
-            $this->setRequestMethod($requestMethod);
-        }
-
         if (empty($this->name)) {
             $name = get_class($this);
             if (preg_match('@\\\\([\w]+)$@', $name, $matches)) {
@@ -61,6 +55,11 @@ abstract class Base
         $this->checkControllerAccess();
     }
 
+    public function getName()
+    {
+        return $this->name;
+    }
+
     protected function checkControllerAccess()
     {
         return;
@@ -71,21 +70,6 @@ abstract class Base
         return $this->container;
     }
 
-    /**
-     * Get request method name (Uppercase)
-     *
-     * @return string
-     */
-    protected function getRequestMethod()
-    {
-        return $this->requestMethod;
-    }
-
-    protected function setRequestMethod($requestMethod)
-    {
-        $this->requestMethod = strtoupper($requestMethod);
-    }
-
     protected function getUser()
     {
         return $this->container->get('user');

application/Espo/Core/Controllers/Record.php

@@ -83,6 +83,8 @@ class Record extends Base
 
     public function actionCreate($params, $data, $request)
     {
+        if (!is_object($data)) throw new BadRequest();
+
         if (!$request->isPost()) {
             throw new BadRequest();
         }
@@ -102,6 +104,8 @@ class Record extends Base
 
     public function actionUpdate($params, $data, $request)
     {
+        if (!is_object($data)) throw new BadRequest();
+
         if (!$request->isPut() && !$request->isPatch()) {
             throw new BadRequest();
         }
@@ -125,33 +129,17 @@ class Record extends Base
             throw new Forbidden();
         }
 
-        $where = $request->get('where');
-        $offset = $request->get('offset');
-        $maxSize = $request->get('maxSize');
-        $asc = $request->get('asc', 'true') === 'true';
-        $sortBy = $request->get('sortBy');
-        $q = $request->get('q');
-        $textFilter = $request->get('textFilter');
-
-        if (empty($maxSize)) {
-            $maxSize = self::MAX_SIZE_LIMIT;
-        }
-        if (!empty($maxSize) && $maxSize > self::MAX_SIZE_LIMIT) {
-            throw new Forbidden("Max should should not exceed " . self::MAX_SIZE_LIMIT . ". Use pagination (offset, limit).");
-        }
-
-        $params = array(
-            'where' => $where,
-            'offset' => $offset,
-            'maxSize' => $maxSize,
-            'asc' => $asc,
-            'sortBy' => $sortBy,
-            'q' => $q,
-            'textFilter' => $textFilter
-        );
-
+        $params = [];
         $this->fetchListParamsFromRequest($params, $request, $data);
 
+        $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
+        if (empty($params['maxSize'])) {
+            $params['maxSize'] = $maxSizeLimit;
+        }
+        if (!empty($params['maxSize']) && $params['maxSize'] > $maxSizeLimit) {
+            throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
+        }
+
         $result = $this->getRecordService()->findEntities($params);
 
         return array(
@@ -160,17 +148,35 @@ class Record extends Base
         );
     }
 
+    public function getActionListKanban($params, $data, $request)
+    {
+        if (!$this->getAcl()->check($this->name, 'read')) {
+            throw new Forbidden();
+        }
+
+        $params = [];
+        $this->fetchListParamsFromRequest($params, $request, $data);
+
+        $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
+        if (empty($params['maxSize'])) {
+            $params['maxSize'] = $maxSizeLimit;
+        }
+        if (!empty($params['maxSize']) && $params['maxSize'] > $maxSizeLimit) {
+            throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
+        }
+
+        $result = $this->getRecordService()->getListKanban($params);
+
+        return (object) [
+            'total' => $result->total,
+            'list' => $result->collection->getValueMapList(),
+            'additionalData' => $result->additionalData
+        ];
+    }
+
     protected function fetchListParamsFromRequest(&$params, $request, $data)
     {
-        if ($request->get('primaryFilter')) {
-            $params['primaryFilter'] = $request->get('primaryFilter');
-        }
-        if ($request->get('boolFilterList')) {
-            $params['boolFilterList'] = $request->get('boolFilterList');
-        }
-        if ($request->get('filterList')) {
-            $params['filterList'] = $request->get('filterList');
-        }
+        \Espo\Core\Utils\ControllerUtil::fetchListParamsFromRequest($params, $request, $data);
     }
 
     public function actionListLinked($params, $data, $request)
@@ -178,33 +184,17 @@ class Record extends Base
         $id = $params['id'];
         $link = $params['link'];
 
-        $where = $request->get('where');
-        $offset = $request->get('offset');
-        $maxSize = $request->get('maxSize');
-        $asc = $request->get('asc', 'true') === 'true';
-        $sortBy = $request->get('sortBy');
-        $q = $request->get('q');
-        $textFilter = $request->get('textFilter');
-
-        if (empty($maxSize)) {
-            $maxSize = self::MAX_SIZE_LIMIT;
-        }
-        if (!empty($maxSize) && $maxSize > self::MAX_SIZE_LIMIT) {
-            throw new Forbidden();
-        }
-
-        $params = array(
-            'where' => $where,
-            'offset' => $offset,
-            'maxSize' => $maxSize,
-            'asc' => $asc,
-            'sortBy' => $sortBy,
-            'q' => $q,
-            'textFilter' => $textFilter
-        );
-
+        $params = [];
         $this->fetchListParamsFromRequest($params, $request, $data);
 
+        $maxSizeLimit = $this->getConfig()->get('recordListMaxSizeLimit', self::MAX_SIZE_LIMIT);
+        if (empty($params['maxSize'])) {
+            $params['maxSize'] = $maxSizeLimit;
+        }
+        if (!empty($params['maxSize']) && $params['maxSize'] > $maxSizeLimit) {
+            throw new Forbidden("Max size should should not exceed " . $maxSizeLimit . ". Use offset and limit.");
+        }
+
         $result = $this->getRecordService()->findLinkedEntities($id, $link, $params);
 
         return array(
@@ -229,6 +219,8 @@ class Record extends Base
 
     public function actionExport($params, $data, $request)
     {
+        if (!is_object($data)) throw new BadRequest();
+
         if (!$request->isPost()) {
             throw new BadRequest();
         }
@@ -288,6 +280,10 @@ class Record extends Base
             throw new BadRequest();
         }
 
+        if ($this->getAcl()->get('massUpdatePermission') !== 'yes') {
+            throw new Forbidden();
+        }
+
         $params = array();
         if (property_exists($data, 'where') && !empty($data->byWhere)) {
             $params['where'] = json_decode(json_encode($data->where), true);
@@ -326,7 +322,7 @@ class Record extends Base
             $params['ids'] = $data->ids;
         }
 
-        return $this->getRecordService()->massRemove($params);
+        return $this->getRecordService()->massDelete($params);
     }
 
     public function actionCreateLink($params, $data, $request)
@@ -353,7 +349,7 @@ class Record extends Base
                 $selectData = json_decode(json_encode($data->selectData), true);
             }
 
-            return $this->getRecordService()->linkEntityMass($id, $link, $where, $selectData);
+            return $this->getRecordService()->linkMass($id, $link, $where, $selectData);
         } else {
             $foreignIdList = array();
             if (isset($data->id)) {

application/Espo/Core/CronManager.php

@@ -28,9 +28,12 @@
  ************************************************************************/
 
 namespace Espo\Core;
+
 use \PDO;
 use Espo\Core\Utils\Json;
+
 use Espo\Core\Exceptions\NotFound;
+use Espo\Core\Exceptions\Error;
 
 class CronManager
 {
@@ -48,8 +51,21 @@ class CronManager
 
     private $cronScheduledJobUtil;
 
+    private $useProcessPool = false;
+
+    private $asSoonAsPossibleSchedulingList = [
+        '*',
+        '* *',
+        '* * *',
+        '* * * *',
+        '* * * * *',
+        '* * * * * *'
+    ];
+
     const PENDING = 'Pending';
 
+    const READY = 'Ready';
+
     const RUNNING = 'Running';
 
     const SUCCESS = 'Success';
@@ -70,6 +86,14 @@ class CronManager
         $this->scheduledJobUtil = $this->container->get('scheduledJob');
         $this->cronJobUtil = new \Espo\Core\Utils\Cron\Job($this->config, $this->entityManager);
         $this->cronScheduledJobUtil = new \Espo\Core\Utils\Cron\ScheduledJob($this->config, $this->entityManager);
+
+        if ($this->getConfig()->get('jobRunInParallel')) {
+            if (\Spatie\Async\Pool::isSupported()) {
+                $this->useProcessPool = true;
+            } else {
+                $GLOBALS['log']->warning("CronManager: useProcessPool requires pcntl and posix extensions.");
+            }
+        }
     }
 
     protected function getContainer()
@@ -146,6 +170,16 @@ class CronManager
         return false;
     }
 
+    protected function useProcessPool()
+    {
+        return $this->useProcessPool;
+    }
+
+    public function setUseProcessPool($useProcessPool)
+    {
+        $this->useProcessPool = $useProcessPool;
+    }
+
     /**
      * Run Cron
      *
@@ -160,17 +194,39 @@ class CronManager
 
         $this->setLastRunTime(time());
 
-        $this->getCronJobUtil()->markFailedJobs();
+        $this->getCronJobUtil()->markJobsFailed();
         $this->getCronJobUtil()->updateFailedJobAttempts();
         $this->createJobsFromScheduledJobs();
         $this->getCronJobUtil()->removePendingJobDuplicates();
 
-        $pendingJobList = $this->getCronJobUtil()->getPendingJobList();
+        $this->processPendingJobs();
+    }
+
+    public function processPendingJobs($queue = null, $limit = null, $poolDisabled = false, $noLock = false)
+    {
+        if (is_null($limit)) {
+            $limit = intval($this->getConfig()->get('jobMaxPortion', 0));
+        }
+
+        $pendingJobList = $this->getCronJobUtil()->getPendingJobList($queue, $limit);
+
+        $useProcessPool = $this->useProcessPool();
+
+        if ($poolDisabled) {
+            $useProcessPool = false;
+        }
+
+        if ($useProcessPool) {
+            $pool = \Spatie\Async\Pool::create()
+                ->autoload(getcwd() . '/vendor/autoload.php')
+                ->concurrency($this->getConfig()->get('jobPoolConcurrencyNumber'))
+                ->timeout($this->getConfig()->get('jobPeriodForActiveProcess'));
+        }
 
         foreach ($pendingJobList as $job) {
             $skip = false;
-            $this->getEntityManager()->getPdo()->query('LOCK TABLES `job` WRITE');
-            if ($this->getCronJobUtil()->isJobPending($job->id)) {
+            if (!$noLock) $this->lockJobTable();
+            if ($noLock || $this->getCronJobUtil()->isJobPending($job->id)) {
                 if ($job->get('scheduledJobId')) {
                     if ($this->getCronJobUtil()->isScheduledJobRunning($job->get('scheduledJobId'), $job->get('targetId'), $job->get('targetType'))) {
                         $skip = true;
@@ -181,43 +237,102 @@ class CronManager
             }
 
             if ($skip) {
-                $this->getEntityManager()->getPdo()->query('UNLOCK TABLES');
+                if (!$noLock) $this->unlockTables();
                 continue;
             }
 
-            $job->set('status', self::RUNNING);
-            $job->set('pid', $this->getCronJobUtil()->getPid());
-            $this->getEntityManager()->saveEntity($job);
-            $this->getEntityManager()->getPdo()->query('UNLOCK TABLES');
+            $job->set('startedAt', date('Y-m-d H:i:s'));
 
-            $isSuccess = true;
-            $skipLog = false;
-
-            try {
-                if ($job->get('scheduledJobId')) {
-                    $this->runScheduledJob($job);
-                } else {
-                    $this->runService($job);
-                }
-            } catch (\Exception $e) {
-                $isSuccess = false;
-                if ($e->getCode() === -1) {
-                    $job->set('attempts', 0);
-                    $skipLog = true;
-                } else {
-                    $GLOBALS['log']->error('CronManager: Failed job running, job ['.$job->id.']. Error Details: '.$e->getMessage());
-                }
+            if ($useProcessPool) {
+                $job->set('status', self::READY);
+            } else {
+                $job->set('status', self::RUNNING);
+                $job->set('pid', \Espo\Core\Utils\System::getPid());
             }
 
-            $status = $isSuccess ? self::SUCCESS : self::FAILED;
-
-            $job->set('status', $status);
             $this->getEntityManager()->saveEntity($job);
+            if (!$noLock) $this->unlockTables();
 
-            if ($job->get('scheduledJobId') && !$skipLog) {
-                $this->getCronScheduledJobUtil()->addLogRecord($job->get('scheduledJobId'), $status, null, $job->get('targetId'), $job->get('targetType'));
+            if ($useProcessPool) {
+                $task = new \Espo\Core\Utils\Cron\JobTask($job->id);
+                $pool->add($task);
+            } else {
+                $this->runJob($job);
             }
         }
+
+        if ($useProcessPool) {
+            $pool->wait();
+        }
+    }
+
+    protected function lockJobTable()
+    {
+        $this->getEntityManager()->getPdo()->query('LOCK TABLES `job` WRITE');
+    }
+
+    protected function unlockTables()
+    {
+        $this->getEntityManager()->getPdo()->query('UNLOCK TABLES');
+    }
+
+    public function runJobById($id)
+    {
+        if (empty($id)) throw new Error();
+
+        $job = $this->getEntityManager()->getEntity('Job', $id);
+
+        if (!$job) throw new Error("Job {$id} not found.");
+
+        if ($job->get('status') !== self::READY) {
+            throw new Error("Can't run job {$id} with no status Ready.");
+        }
+
+        if (!$job->get('startedAt')) {
+            $job->set('startedAt', date('Y-m-d H:i:s'));
+        }
+
+        $job->set('status', self::RUNNING);
+        $job->set('pid', \Espo\Core\Utils\System::getPid());
+        $this->getEntityManager()->saveEntity($job);
+
+        $this->runJob($job);
+    }
+
+    public function runJob($job)
+    {
+        $isSuccess = true;
+        $skipLog = false;
+
+        try {
+            if ($job->get('scheduledJobId')) {
+                $this->runScheduledJob($job);
+            } else {
+                $this->runService($job);
+            }
+        } catch (\Exception $e) {
+            $isSuccess = false;
+            if ($e->getCode() === -1) {
+                $job->set('attempts', 0);
+                $skipLog = true;
+            } else {
+                $GLOBALS['log']->error('CronManager: Failed job running, job ['.$job->id.']. Error Details: '.$e->getMessage());
+            }
+        }
+
+        $status = $isSuccess ? self::SUCCESS : self::FAILED;
+
+        $job->set('status', $status);
+
+        if ($isSuccess) {
+            $job->set('executedAt', date('Y-m-d H:i:s'));
+        }
+
+        $this->getEntityManager()->saveEntity($job);
+
+        if ($job->get('scheduledJobId') && !$skipLog) {
+            $this->getCronScheduledJobUtil()->addLogRecord($job->get('scheduledJobId'), $status, null, $job->get('targetId'), $job->get('targetType'));
+        }
     }
 
     protected function runScheduledJob($job)
@@ -268,12 +383,6 @@ class CronManager
         $methodNameDeprecated = $job->get('method');
         $methodName = $job->get('methodName');
 
-        $isDeprecated = false;
-        if (!$methodName) {
-            $isDeprecated = true;
-            $methodName = $methodNameDeprecated;
-        }
-
         if (!$methodName) {
             throw new Error('Job with empty methodName.');
         }
@@ -284,40 +393,40 @@ class CronManager
 
         $data = $job->get('data');
 
-        if ($isDeprecated) {
-            $data = Json::decode(Json::encode($data), true);
-        }
-
         $service->$methodName($data, $job->get('targetId'), $job->get('targetType'));
     }
 
     protected function createJobsFromScheduledJobs()
     {
         $activeScheduledJobList = $this->getCronScheduledJobUtil()->getActiveScheduledJobList();
-
         $runningScheduledJobIdList = $this->getCronJobUtil()->getRunningScheduledJobIdList();
 
-        $createdJobIdList = array();
+        $createdJobIdList = [];
         foreach ($activeScheduledJobList as $scheduledJob) {
             $scheduling = $scheduledJob->get('scheduling');
+            $asSoonAsPossible = in_array($scheduling, $this->asSoonAsPossibleSchedulingList);
 
-            try {
-                $cronExpression = \Cron\CronExpression::factory($scheduling);
-            } catch (\Exception $e) {
-                $GLOBALS['log']->error('CronManager (ScheduledJob ['.$scheduledJob->id.']): Scheduling string error - '. $e->getMessage() . '.');
-                continue;
+            if ($asSoonAsPossible) {
+                $nextDate = date('Y-m-d H:i:s');
+            } else {
+                try {
+                    $cronExpression = \Cron\CronExpression::factory($scheduling);
+                } catch (\Exception $e) {
+                    $GLOBALS['log']->error('CronManager (ScheduledJob ['.$scheduledJob->id.']): Scheduling string error - '. $e->getMessage() . '.');
+                    continue;
+                }
+
+                try {
+                    $nextDate = $cronExpression->getNextRunDate()->format('Y-m-d H:i:s');
+                } catch (\Exception $e) {
+                    $GLOBALS['log']->error('CronManager (ScheduledJob ['.$scheduledJob->id.']): Unsupported CRON expression ['.$scheduling.']');
+                    continue;
+                }
+
+                $existingJob = $this->getCronJobUtil()->getJobByScheduledJobIdOnMinute($scheduledJob->id, $nextDate);
+                if ($existingJob) continue;
             }
 
-            try {
-                $nextDate = $cronExpression->getNextRunDate()->format('Y-m-d H:i:s');
-            } catch (\Exception $e) {
-                $GLOBALS['log']->error('CronManager (ScheduledJob ['.$scheduledJob->id.']): Unsupported CRON expression ['.$scheduling.']');
-                continue;
-            }
-
-            $existingJob = $this->getCronJobUtil()->getJobByScheduledJob($scheduledJob->id, $nextDate);
-            if ($existingJob) continue;
-
             $className = $this->getScheduledJobUtil()->get($scheduledJob->get('job'));
             if ($className) {
                 if (method_exists($className, 'prepare')) {
@@ -331,13 +440,25 @@ class CronManager
                 continue;
             }
 
+            $pendingCount = $this->getCronJobUtil()->getPendingCountByScheduledJobId($scheduledJob->id);
+
+            if ($asSoonAsPossible) {
+                if ($pendingCount > 0) {
+                    continue;
+                }
+            } else {
+                if ($pendingCount > 1) {
+                    continue;
+                }
+            }
+
             $jobEntity = $this->getEntityManager()->getEntity('Job');
-            $jobEntity->set(array(
+            $jobEntity->set([
                 'name' => $scheduledJob->get('name'),
                 'status' => self::PENDING,
                 'scheduledJobId' => $scheduledJob->id,
                 'executeTime' => $nextDate
-            ));
+            ]);
             $this->getEntityManager()->saveEntity($jobEntity);
         }
     }

application/Espo/Core/DataManager.php

@@ -53,6 +53,8 @@ class DataManager
      */
     public function rebuild($entityList = null)
     {
+        $this->populateConfigParameters();
+
         $result = $this->clearCache();
 
         $result &= $this->rebuildMetadata();
@@ -128,18 +130,21 @@ class DataManager
         $metadata = $this->getContainer()->get('metadata');
         $entityManager = $this->getContainer()->get('entityManager');
 
-        $jobs = $metadata->get(['entityDefs', 'ScheduledJob', 'jobs'], array());
+        $jobs = $metadata->get(['entityDefs', 'ScheduledJob', 'jobs'], []);
+
+        $systemJobNameList = [];
 
         foreach ($jobs as $jobName => $defs) {
             if ($jobName && !empty($defs['isSystem']) && !empty($defs['scheduling'])) {
+                $systemJobNameList[] = $jobName;
                 if (!$entityManager->getRepository('ScheduledJob')->where(array(
                     'job' => $jobName,
                     'status' => 'Active',
                     'scheduling' => $defs['scheduling']
                 ))->findOne()) {
-                    $job = $entityManager->getRepository('ScheduledJob')->where(array(
+                    $job = $entityManager->getRepository('ScheduledJob')->where([
                         'job' => $jobName
-                    ))->findOne();
+                    ])->findOne();
                     if ($job) {
                         $entityManager->removeEntity($job);
                     }
@@ -148,29 +153,61 @@ class DataManager
                         $name = $defs['name'];
                     }
                     $job = $entityManager->getEntity('ScheduledJob');
-                    $job->set(array(
+                    $job->set([
                         'job' => $jobName,
                         'status' => 'Active',
                         'scheduling' => $defs['scheduling'],
                         'isInternal' => true,
                         'name' => $name
-                    ));
+                    ]);
                     $entityManager->saveEntity($job);
                 }
             }
         }
+
+        $internalScheduledJobList = $entityManager->getRepository('ScheduledJob')->where([
+            'isInternal' => true
+        ])->find();
+        foreach ($internalScheduledJobList as $scheduledJob) {
+            $jobName = $scheduledJob->get('job');
+            if (!in_array($jobName, $systemJobNameList)) {
+                $entityManager->getRepository('ScheduledJob')->deleteFromDb($scheduledJob->id);
+            }
+        }
     }
 
-    /**
-     * Update cache timestamp
-     *
-     * @return bool
-     */
     public function updateCacheTimestamp()
     {
         $this->getContainer()->get('config')->updateCacheTimestamp();
         $this->getContainer()->get('config')->save();
+
         return true;
     }
-}
 
+    protected function populateConfigParameters()
+    {
+        $config = $this->getContainer()->get('config');
+
+        $pdo = $this->getContainer()->get('entityManager')->getPDO();
+        $query = "SHOW VARIABLES LIKE 'ft_min_word_len'";
+        $sth = $pdo->prepare($query);
+        $sth->execute();
+
+        $fullTextSearchMinLength = null;
+        if ($row = $sth->fetch(\PDO::FETCH_ASSOC)) {
+            if (isset($row['Value'])) {
+                $fullTextSearchMinLength = intval($row['Value']);
+            }
+        }
+
+        $config->set('fullTextSearchMinLength', $fullTextSearchMinLength);
+
+        $cryptKey = $config->get('cryptKey');
+        if (!$cryptKey) {
+            $cryptKey = \Espo\Core\Utils\Util::generateKey();
+            $config->set('cryptKey', $cryptKey);
+        }
+
+        $config->save();
+    }
+}

application/Espo/Core/Exceptions/ServiceUnavailable.php

@@ -0,0 +1,36 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Exceptions;
+
+class ServiceUnavailable extends \Exception
+{
+    protected $code = 503;
+
+}

application/Espo/Core/Export/Xlsx.php

@@ -62,18 +62,26 @@ class Xlsx extends \Espo\Core\Injectable
     public function loadAdditionalFields(Entity $entity, $fieldList)
     {
         foreach ($entity->getRelationList() as $link) {
-            if ($entity->getRelationType($link) === 'belongsToParent') {
-                if (in_array($link, $fieldList)) {
-                    $parent = $entity->get($link);
-                    if ($parent instanceof Entity) {
-                        $entity->set($link . 'Name', $parent->get('name'));
+            if (in_array($link, $fieldList)) {
+                if ($entity->getRelationType($link) === 'belongsToParent') {
+                    if (!$entity->get($link . 'Name')) {
+                        $entity->loadParentNameField($link);
                     }
-                }
-            } else if ($entity->getRelationType($link) === 'belongsTo' && $entity->getRelationParam($link, 'noJoin') && $entity->hasField($link . 'Name')) {
-                if (in_array($link, $fieldList)) {
-                    $related = $entity->get($link);
-                    if ($related instanceof Entity) {
-                        $entity->set($link . 'Name', $related->get('name'));
+                } else if (
+                    (
+                        (
+                            $entity->getRelationType($link) === 'belongsTo'
+                            &&
+                            $entity->getRelationParam($link, 'noJoin')
+                        )
+                        ||
+                        $entity->getRelationType($link) === 'hasOne'
+                    )
+                    &&
+                    $entity->hasAttribute($link . 'Name')
+                ) {
+                    if (!$entity->get($link . 'Name') || !$entity->get($link . 'Id')) {
+                        $entity->loadLinkField($link);
                     }
                 }
             }
@@ -292,6 +300,8 @@ class Xlsx extends \Espo\Core\Injectable
                     }
                 } else if ($type == 'int') {
                     $sheet->setCellValue("$col$rowNumber", $row[$name] ?: 0);
+                } else if ($type == 'float') {
+                    $sheet->setCellValue("$col$rowNumber", $row[$name] ?: 0);
                 } else if ($type == 'currency') {
                     if (array_key_exists($name.'Currency', $row) && array_key_exists($name, $row)) {
                         $sheet->setCellValue("$col$rowNumber", $row[$name] ? $row[$name] : '');
@@ -467,7 +477,7 @@ class Xlsx extends \Espo\Core\Injectable
 
                 } else {
                     if (array_key_exists($name, $row)) {
-                        $sheet->setCellValue("$col$rowNumber", $row[$name]);
+                        $sheet->setCellValueExplicit("$col$rowNumber", $row[$name], \PhpOffice\PhpSpreadsheet\Cell\DataType::TYPE_STRING);
                     }
                 }
 
@@ -534,6 +544,9 @@ class Xlsx extends \Espo\Core\Injectable
 
         foreach ($fieldList as $i => $name) {
             $col = $azRange[$i];
+            if (!array_key_exists($name, $typesCache)) {
+                break;
+            }
             $type = $typesCache[$name];
 
             switch ($type) {
@@ -546,6 +559,11 @@ class Xlsx extends \Espo\Core\Injectable
                         ->getNumberFormat()
                         ->setFormatCode('0');
                 } break;
+                case 'float': {
+                    $sheet->getStyle($col.$startingRowNumber.':'.$col.$rowNumber)
+                        ->getNumberFormat()
+                        ->setFormatCode(\PhpOffice\PhpSpreadsheet\Style\NumberFormat::FORMAT_NUMBER_COMMA_SEPARATED1);
+                } break;
                 case 'date': {
                     $sheet->getStyle($col.$startingRowNumber.':'.$col.$rowNumber)
                         ->getNumberFormat()

application/Espo/Core/Formula/Functions/EntityGroup/CountRelatedType.php

@@ -0,0 +1,89 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\EntityGroup;
+
+use \Espo\ORM\Entity;
+use \Espo\Core\Exceptions\Error;
+
+class CountRelatedType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+        $this->addDependency('selectManagerFactory');
+    }
+
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            throw new Error();
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 1) {
+            throw new Error();
+        }
+
+        $link = $this->evaluate($item->value[0]);
+
+        if (empty($link)) {
+            throw new Error("No link passed to countRelated function.");
+        }
+
+        $filter = null;
+        if (count($item->value) > 1) {
+            $filter = $this->evaluate($item->value[1]);
+        }
+
+        $entity = $this->getEntity();
+
+        $entityManager = $this->getInjection('entityManager');
+
+        $foreignEntityType = $entity->getRelationParam($link, 'entity');
+
+        if (empty($foreignEntityType)) {
+            throw new Error();
+        }
+
+        $foreignSelectManager = $this->getInjection('selectManagerFactory')->create($foreignEntityType);
+
+        $selectParams = $foreignSelectManager->getEmptySelectParams();
+
+        if ($filter) {
+            $foreignSelectManager->applyFilter($filter, $selectParams);
+        }
+
+        return $entityManager->getRepository($entity->getEntityType())->countRelated($entity, $link, $selectParams);
+    }
+
+}

application/Espo/Core/Formula/Functions/EntityGroup/SumRelatedType.php

@@ -0,0 +1,119 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\EntityGroup;
+
+use \Espo\ORM\Entity;
+use \Espo\Core\Exceptions\Error;
+
+class SumRelatedType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+        $this->addDependency('selectManagerFactory');
+    }
+
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            throw new Error();
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 2) {
+            throw new Error();
+        }
+
+        $link = $this->evaluate($item->value[0]);
+
+        if (empty($link)) {
+            throw new Error("No link passed to sumRelated function.");
+        }
+
+        $field = $this->evaluate($item->value[1]);
+
+        if (empty($field)) {
+            throw new Error("No field passed to sumRelated function.");
+        }
+
+        $filter = null;
+        if (count($item->value) > 2) {
+            $filter = $this->evaluate($item->value[2]);
+        }
+
+        $entity = $this->getEntity();
+
+        $entityManager = $this->getInjection('entityManager');
+
+        $foreignEntityType = $entity->getRelationParam($link, 'entity');
+
+        if (empty($foreignEntityType)) {
+            throw new Error();
+        }
+
+        $foreignSelectManager = $this->getInjection('selectManagerFactory')->create($foreignEntityType);
+
+        $foreignLink = $entity->getRelationParam($link, 'foreign');
+
+        if (empty($foreignLink)) {
+            throw new Error("No foreign link for link {$link}.");
+        }
+
+        $selectParams = $foreignSelectManager->getEmptySelectParams();
+
+        if ($filter) {
+            $foreignSelectManager->applyFilter($filter, $selectParams);
+        }
+
+        $selectParams['select'] = [[$foreignLink . '.id', 'foreignId'], 'SUM:' . $field];
+
+        $foreignSelectManager->addJoin($foreignLink, $selectParams);
+
+        $selectParams['groupBy'] = [$foreignLink . '.id'];
+
+        $entityManager->getRepository($foreignEntityType)->handleSelectParams($selectParams);
+
+        $sql = $entityManager->getQuery()->createSelectQuery($foreignEntityType, $selectParams);
+
+        $pdo = $entityManager->getPDO();
+        $sth = $pdo->prepare($sql);
+        $sth->execute();
+        $rowList = $sth->fetchAll(\PDO::FETCH_ASSOC);
+
+        if (empty($rowList)) {
+            return 0;
+        }
+
+        return $rowList[0]['SUM:' . $field];
+    }
+}

application/Espo/Core/Formula/Functions/StringGroup/ContainsType.php

@@ -0,0 +1,53 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\StringGroup;
+
+use \Espo\Core\Exceptions\Error;
+
+class ContainsType extends \Espo\Core\Formula\Functions\Base
+{
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value') || !is_array($item->value)) {
+            throw new Error('Value for \'String\\Contains\' item is not an array.');
+        }
+        if (count($item->value) < 2) {
+            throw new Error('Bad arguments passed to \'String\\Contains\'.');
+        }
+        $string = $this->evaluate($item->value[0]);
+        $needle = $this->evaluate($item->value[1]);
+
+        if (!is_string($string)) {
+            return false;
+        }
+
+        return mb_strpos($string, $needle) !== false;
+    }
+}

application/Espo/Core/Formula/Functions/StringGroup/LengthType.php

@@ -0,0 +1,58 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\StringGroup;
+
+use \Espo\Core\Exceptions\Error;
+
+class LengthType extends \Espo\Core\Formula\Functions\Base
+{
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            return '';
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 1) {
+            throw new Error();
+        }
+
+        $value = $this->evaluate($item->value[0]);
+
+        if (!is_string($value)) {
+            $value = strval($value);
+        }
+
+        return mb_strlen($value);
+    }
+}

application/Espo/Core/Formula/Functions/StringGroup/LowerCaseType.php

@@ -53,6 +53,6 @@ class LowerCaseType extends \Espo\Core\Formula\Functions\Base
             $value = strval($value);
         }
 
-        return strtolower($value);
+        return mb_strtolower($value);
     }
 }

application/Espo/Core/Formula/Functions/StringGroup/SubstringType.php

@@ -1,4 +1,4 @@
-<?php
+<?php
 /************************************************************************
  * This file is part of EspoCRM.
  *
@@ -52,9 +52,9 @@ class SubstringType extends \Espo\Core\Formula\Functions\Base
 
         if (count($item->value) > 2) {
             $length = $this->evaluate($item->value[2]);
-            return substr($string, $start, $length);
+            return mb_substr($string, $start, $length);
         } else {
-            return substr($string, $start);
+            return mb_substr($string, $start);
         }
     }
 }

application/Espo/Core/Formula/Functions/StringGroup/TestType.php

@@ -0,0 +1,56 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\StringGroup;
+
+use \Espo\Core\Exceptions\Error;
+
+class TestType extends \Espo\Core\Formula\Functions\Base
+{
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value') || !is_array($item->value)) {
+            throw new Error('Value for \'String\\Test\' item is not an array.');
+        }
+        if (count($item->value) < 2) {
+            throw new Error('Bad arguments passed to \'String\\Test\'.');
+        }
+        $string = $this->evaluate($item->value[0]);
+        $regexp = $this->evaluate($item->value[1]);
+
+        if (!is_string($string)) {
+            return false;
+        }
+        if (!is_string($regexp)) {
+            return false;
+        }
+
+        return !!preg_match($regexp, $string);
+    }
+}

application/Espo/Core/Formula/Functions/StringGroup/UpperCaseType.php

@@ -53,6 +53,6 @@ class UpperCaseType extends \Espo\Core\Formula\Functions\Base
             $value = strval($value);
         }
 
-        return strtoupper($value);
+        return mb_strtoupper($value);
     }
 }

application/Espo/Core/Formula/Parser.php

@@ -176,6 +176,8 @@ class Parser
 
         $this->processStrings($expression, $modifiedExpression, $splitterIndexList, true);
 
+        $expressionOutOfBraceList = [];
+
         for ($i = 0; $i < strlen($modifiedExpression); $i++) {
             if ($modifiedExpression[$i] === '(') {
                 $braceCounter++;
@@ -186,6 +188,11 @@ class Parser
             if ($braceCounter === 0 && $i < strlen($modifiedExpression) - 1) {
                 $hasExcessBraces = false;
             }
+            if ($braceCounter === 0) {
+                $expressionOutOfBraceList[] = true;
+            } else {
+                $expressionOutOfBraceList[] = false;
+            }
         }
         if ($braceCounter !== 0) {
             throw new Error('Incorrect round brackets in expression ' . $expression . '.');
@@ -226,7 +233,13 @@ class Parser
 
         foreach ($this->priorityList as $operationList) {
             foreach ($operationList as $operator) {
-                $index = strpos($expression, $operator, 1);
+                $startFrom = 1;
+                while (true) {
+                    $index = strpos($expression, $operator, $startFrom);
+                    if ($index === false) break;
+                    if ($expressionOutOfBraceList[$index]) break;
+                    $startFrom = $index + 1;
+                }
                 if ($index !== false) {
                     $possibleRightOperator = null;
                     if (strlen($operator) === 1) {

application/Espo/Core/Htmlizer/Htmlizer.php

@@ -75,6 +75,11 @@ class Htmlizer
         return $this->entityManager;
     }
 
+    protected function getMetadata()
+    {
+        return $this->metadata;
+    }
+
     protected function format($value)
     {
         if (is_float($value)) {
@@ -87,41 +92,79 @@ class Htmlizer
         return $value;
     }
 
-    protected function getDataFromEntity(Entity $entity, $skipLinks = false)
+    protected function getDataFromEntity(Entity $entity, $skipLinks = false, $level = 0)
     {
         $data = $entity->toArray();
 
-        $fieldDefs = $entity->getFields();
-        $fieldList = array_keys($fieldDefs);
+        $attributeDefs = $entity->getAttributes();
+        $attributeList = array_keys($attributeDefs);
 
-        $forbidenAttributeList = [];
+        $forbiddenAttributeList = [];
+        $skipAttributeList = [];
+        $forbiddenLinkList = [];
 
         if ($this->getAcl()) {
-            $forbidenAttributeList = $this->getAcl()->getScopeForbiddenAttributeList($entity->getEntityType(), 'read');
+            $forbiddenAttributeList = $this->getAcl()->getScopeForbiddenAttributeList($entity->getEntityType(), 'read');
+
+            $forbiddenAttributeList = array_merge(
+                $forbiddenAttributeList,
+                $this->getAcl()->getScopeRestrictedAttributeList($entity->getEntityType(), ['forbidden', 'internal', 'onlyAdmin'])
+            );
+
+            $forbiddenLinkList = $this->getAcl()->getScopeRestrictedLinkList($entity->getEntityType(), ['forbidden', 'internal', 'onlyAdmin']);
         }
 
-        foreach ($fieldList as $field) {
-            if (in_array($field, $forbidenAttributeList)) continue;
+        $relationList = $entity->getRelationList();
 
+        if (!$skipLinks && $level === 0) {
+            foreach ($relationList as $relation) {
+                if (!$entity->hasLinkMultipleField($relation)) continue;
 
-            $type = $entity->getAttributeType($field);
+                $collection = $entity->getLinkMultipleCollection($relation);
+                $data[$relation] = $collection;
+            }
+        }
+
+        foreach ($data as $key => $value) {
+            if ($value instanceof \Espo\ORM\EntityCollection) {
+                $skipAttributeList[] = $key;
+                $collection = $value;
+                $list = [];
+                foreach ($collection as $item) {
+                    $list[] = $this->getDataFromEntity($item, $skipLinks, $level + 1);
+                }
+                $data[$key] = $list;
+            }
+        }
+
+        foreach ($attributeList as $attribute) {
+            if (in_array($attribute, $forbiddenAttributeList)) {
+                unset($data[$attribute]);
+                continue;
+            }
+            if (in_array($attribute, $skipAttributeList)) {
+                continue;
+            }
+
+            $type = $entity->getAttributeType($attribute);
 
             if ($type == Entity::DATETIME) {
-                if (!empty($data[$field])) {
-                    $data[$field] = $this->dateTime->convertSystemDateTime($data[$field]);
+                if (!empty($data[$attribute])) {
+                    $data[$attribute] = $this->dateTime->convertSystemDateTime($data[$attribute]);
                 }
             } else if ($type == Entity::DATE) {
-                if (!empty($data[$field])) {
-                    $data[$field] = $this->dateTime->convertSystemDate($data[$field]);
+                if (!empty($data[$attribute])) {
+                    $data[$attribute] = $this->dateTime->convertSystemDate($data[$attribute]);
                 }
             } else if ($type == Entity::JSON_ARRAY) {
-                if (!empty($data[$field])) {
-                    $list = $data[$field];
+                if (!empty($data[$attribute])) {
+                    $list = $data[$attribute];
+
                     $newList = [];
                     foreach ($list as $item) {
                         $v = $item;
                         if ($item instanceof \StdClass) {
-                            $v = json_decode(json_encode($v), true);
+                            $v = json_decode(json_encode($v, \JSON_PRESERVE_ZERO_FRACTION), true);
                         }
                         if (is_array($v)) {
                             foreach ($v as $k => $w) {
@@ -133,42 +176,43 @@ class Htmlizer
 
                         $newList[] = $v;
                     }
-                    $data[$field] = $newList;
+                    $data[$attribute] = $newList;
                 }
             } else if ($type == Entity::JSON_OBJECT) {
-                if (!empty($data[$field])) {
-                    $value = $data[$field];
+                if (!empty($data[$attribute])) {
+                    $value = $data[$attribute];
                     if ($value instanceof \StdClass) {
-                        $data[$field] = json_decode(json_encode($value), true);
+                        $data[$attribute] = json_decode(json_encode($value, \JSON_PRESERVE_ZERO_FRACTION), true);
                     }
-                    foreach ($data[$field] as $k => $w) {
+                    foreach ($data[$attribute] as $k => $w) {
                         $keyRaw = $k . '_RAW';
-                        $data[$field][$keyRaw] = $data[$field][$k];
-                        $data[$field][$k] = $this->format($data[$field][$k]);
+                        $data[$attribute][$keyRaw] = $data[$attribute][$k];
+                        $data[$attribute][$k] = $this->format($data[$attribute][$k]);
                     }
                 }
             } else if ($type === Entity::PASSWORD) {
-                unset($data[$field]);
+                unset($data[$attribute]);
             }
 
-            if (array_key_exists($field, $data)) {
-                $keyRaw = $field . '_RAW';
-                $data[$keyRaw] = $data[$field];
+            if (array_key_exists($attribute, $data)) {
+                $keyRaw = $attribute . '_RAW';
+                $data[$keyRaw] = $data[$attribute];
 
-                $fieldType = $this->getFieldType($entity->getEntityType(), $field);
+                $fieldType = $this->getFieldType($entity->getEntityType(), $attribute);
                 if ($fieldType === 'enum') {
                     if ($this->language) {
-                        $data[$field] = $this->language->translateOption($data[$field], $field, $entity->getEntityType());
+                        $data[$attribute] = $this->language->translateOption($data[$attribute], $attribute, $entity->getEntityType());
                     }
                 }
 
-                $data[$field] = $this->format($data[$field]);
+                $data[$attribute] = $this->format($data[$attribute]);
             }
         }
 
         if (!$skipLinks) {
             $relationDefs = $entity->getRelations();
             foreach ($entity->getRelationList() as $relation) {
+                if (in_array($relation, $forbiddenLinkList)) continue;
                 if (
                     !empty($relationDefs[$relation]['type'])
                     &&
@@ -180,7 +224,7 @@ class Htmlizer
                         if (!$this->getAcl()->check($relatedEntity, 'read')) continue;
                     }
 
-                    $data[$relation] = $this->getDataFromEntity($relatedEntity, true);
+                    $data[$relation] = $this->getDataFromEntity($relatedEntity, true, $level + 1);
                 }
             }
         }
@@ -188,7 +232,7 @@ class Htmlizer
         return $data;
     }
 
-    public function render(Entity $entity, $template, $id = null, $additionalData = array(), $skipLinks = false)
+    public function render(Entity $entity, $template, $id = null, $additionalData = [], $skipLinks = false)
     {
         $code = \LightnCandy::compile($template, [
             'flags' => \LightnCandy::FLAG_HANDLEBARSJS,
@@ -219,6 +263,14 @@ class Htmlizer
                         return number_format($number, $decimals, $decimalPoint, $thousandsSeparator);
                     }
                     return '';
+                },
+                'var' => function ($context, $options) {
+                    if ($context && isset($context[0]) && isset($context[1])) {
+                        if (isset($context[1][$context[0]])) {
+                            return $context[1][$context[0]];
+                        }
+                    }
+                    return;
                 }
             ],
             'hbhelpers' => [
@@ -260,13 +312,20 @@ class Htmlizer
 
         $data = $this->getDataFromEntity($entity, $skipLinks);
 
+        if (!array_key_exists('today', $data)) {
+            $data['today'] = $this->dateTime->getTodayString();
+        }
+
+        if (!array_key_exists('now', $data)) {
+            $data['now'] = $this->dateTime->getNowString();
+        }
+
         foreach ($additionalData as $k => $value) {
             $data[$k] = $value;
         }
 
         $html = $renderer($data);
 
-
         $html = str_replace('?entryPoint=attachment&', '?entryPoint=attachment&', $html);
 
         if ($this->getEntityManager()) {
@@ -288,4 +347,4 @@ class Htmlizer
         if (!$this->metadata) return;
         return $this->metadata->get(['entityDefs', $entityType, 'fields', $field, 'type']);
     }
-}
+}

application/Espo/Core/Injectable.php

@@ -31,9 +31,9 @@ namespace Espo\Core;
 
 abstract class Injectable implements \Espo\Core\Interfaces\Injectable
 {
-    protected $dependencyList = array();
+    protected $dependencyList = [];
 
-    protected $injections = array();
+    protected $injections = [];
 
     public function inject($name, $object)
     {

application/Espo/Core/InjectableFactory.php

@@ -51,8 +51,21 @@ class InjectableFactory
             foreach ($dependencyList as $name) {
                 $service->inject($name, $this->container->get($name));
             }
+            if (method_exists($service, 'prepare')) {
+                $service->prepare();
+            }
             return $service;
         }
         throw new Error("Class '$className' does not exist");
     }
+
+    protected function getMetadata()
+    {
+        return $this->getContainer()->get('metadata');
+    }
+
+    protected function getContainer()
+    {
+        return $this->container;
+    }
 }

application/Espo/Core/Loaders/TemplateFileManager.php

@@ -35,7 +35,8 @@ class TemplateFileManager extends Base
     {
         $templateFileManager = new \Espo\Core\Utils\TemplateFileManager(
             $this->getContainer()->get('config'),
-            $this->getContainer()->get('metadata')
+            $this->getContainer()->get('metadata'),
+            $this->getContainer()->get('fileManager')
         );
 
         return $templateFileManager;

application/Espo/Core/Mail/Importer.php

@@ -42,11 +42,14 @@ class Importer
 
     private $filtersMatcher;
 
-    public function __construct($entityManager, $config)
+    private $notificator = null;
+
+    public function __construct($entityManager, $config, $notificator = null)
     {
         $this->entityManager = $entityManager;
         $this->config = $config;
         $this->filtersMatcher = new FiltersMatcher();
+        $this->notificator = $notificator;
     }
 
     protected function getEntityManager()
@@ -64,6 +67,11 @@ class Importer
         return $this->filtersMatcher;
     }
 
+    protected function getNotificator()
+    {
+        return $this->notificator;
+    }
+
     public function importMessage($parserType = 'ZendMail', $message, $assignedUserId = null, $teamsIdList = [], $userIdList = [], $filterList = [], $fetchOnlyHeader = false, $folderData = null)
     {
         $parser = $message->getParser();
@@ -153,10 +161,14 @@ class Importer
             }
         }
 
+        $duplicate = null;
+
         if ($duplicate = $this->findDuplicate($email)) {
-            $duplicate = $this->getEntityManager()->getEntity('Email', $duplicate->id);
-            $this->processDuplicate($duplicate, $assignedUserId, $userIdList, $folderData, $teamsIdList);
-            return $duplicate;
+            if ($duplicate->get('status') != 'Being Imported') {
+                $duplicate = $this->getEntityManager()->getEntity('Email', $duplicate->id);
+                $this->processDuplicate($duplicate, $assignedUserId, $userIdList, $folderData, $teamsIdList);
+                return $duplicate;
+            }
         }
 
         if ($parser->checkMessageAttribute($message, 'date')) {
@@ -205,6 +217,10 @@ class Importer
             ))->findOne();
             if ($replied) {
                 $email->set('repliedId', $replied->id);
+                $repliedTeamIdList = $replied->getLinkMultipleIdList('teams');
+                foreach ($repliedTeamIdList as $repliedTeamId) {
+                    $email->addLinkMultipleId('teams', $repliedTeamId);
+                }
             }
         }
 
@@ -276,11 +292,38 @@ class Importer
             }
         }
 
-        $this->getEntityManager()->getPdo()->query('LOCK TABLES `email` WRITE');
+        if (!$duplicate) {
+            $this->lockEmailTable();
+            if ($duplicate = $this->findDuplicate($email)) {
+                $this->unlockTables();
+                if ($duplicate->get('status') != 'Being Imported') {
+                    $duplicate = $this->getEntityManager()->getEntity('Email', $duplicate->id);
+                    $this->processDuplicate($duplicate, $assignedUserId, $userIdList, $folderData, $teamsIdList);
+                    return $duplicate;
+                }
+            }
+        }
+
+        if ($duplicate) {
+            $duplicate->set([
+                'from' => $email->get('from'),
+                'to' => $email->get('to'),
+                'cc' => $email->get('cc'),
+                'bcc' => $email->get('bcc'),
+                'replyTo' => $email->get('replyTo'),
+                'name' => $email->get('name'),
+                'dateSent' => $email->get('dateSent'),
+                'body' => $email->get('body'),
+                'bodyPlain' => $email->get('bodyPlain'),
+                'parentType' => $email->get('parentType'),
+                'parentId' => $email->get('parentId'),
+                'isHtml' => $email->get('isHtml'),
+                'messageId' => $email->get('messageId'),
+                'fromString' => $email->get('fromString'),
+                'replyToString' => $email->get('replyToString'),
+            ]);
+            $this->getEntityManager()->getRepository('Email')->fillAccount($duplicate);
 
-        if ($duplicate = $this->findDuplicate($email)) {
-            $this->getEntityManager()->getPdo()->query('UNLOCK TABLES');
-            $duplicate = $this->getEntityManager()->getEntity('Email', $duplicate->id);
             $this->processDuplicate($duplicate, $assignedUserId, $userIdList, $folderData, $teamsIdList);
             return $duplicate;
         }
@@ -288,27 +331,60 @@ class Importer
         if (!$email->get('messageId')) {
             $email->setDummyMessageId();
         }
+        $email->set('status', 'Being Imported');
 
         $this->getEntityManager()->saveEntity($email, [
             'skipAll' => true,
             'keepNew' => true
         ]);
 
-        $this->getEntityManager()->getPdo()->query('UNLOCK TABLES');
+        $this->unlockTables();
 
-        $this->getEntityManager()->saveEntity($email);
+        if ($parentFound) {
+            $parentType = $email->get('parentType');
+            $parentId = $email->get('parentId');
+            $emailKeepParentTeamsEntityList = $this->getConfig()->get('emailKeepParentTeamsEntityList', []);
+            if ($parentId && in_array($parentType, $emailKeepParentTeamsEntityList)) {
+                if ($this->getEntityManager()->hasRepository($parentType)) {
+                    $parent = $this->getEntityManager()->getEntity($parentType, $parentId);
+                    if ($parent) {
+                        $parentTeamIdList = $parent->getLinkMultipleIdList('teams');
+                        foreach ($parentTeamIdList as $parentTeamId) {
+                            $email->addLinkMultipleId('teams', $parentTeamId);
+                        }
+                    }
+                }
+            }
+        }
+
+        $email->set('status', 'Archived');
+
+        $this->getEntityManager()->saveEntity($email, [
+            'isBeingImported' => true
+        ]);
 
         foreach ($inlineAttachmentList as $attachment) {
-            $attachment->set(array(
+            $attachment->set([
                 'relatedId' => $email->id,
-                'relatedType' => 'Email'
-            ));
+                'relatedType' => 'Email',
+                'field' => 'body'
+            ]);
             $this->getEntityManager()->saveEntity($attachment);
         }
 
         return $email;
     }
 
+    protected function lockEmailTable()
+    {
+        $this->getEntityManager()->getPdo()->query('LOCK TABLES `email` WRITE');
+    }
+
+    protected function unlockTables()
+    {
+        $this->getEntityManager()->getPdo()->query('UNLOCK TABLES');
+    }
+
     protected function findParent(Entity $email, $emailAddress)
     {
         $contact = $this->getEntityManager()->getRepository('Contact')->where(array(
@@ -349,9 +425,9 @@ class Importer
     protected function findDuplicate(Entity $email)
     {
         if ($email->get('messageId')) {
-            $duplicate = $this->getEntityManager()->getRepository('Email')->select(['id'])->where(array(
+            $duplicate = $this->getEntityManager()->getRepository('Email')->select(['id', 'status'])->where([
                 'messageId' => $email->get('messageId')
-            ))->findOne(['skipAdditionalSelectParams' => true]);
+            ])->findOne(['skipAdditionalSelectParams' => true]);
             if ($duplicate) {
                 return $duplicate;
             }
@@ -360,30 +436,94 @@ class Importer
 
     protected function processDuplicate(Entity $duplicate, $assignedUserId, $userIdList, $folderData, $teamsIdList)
     {
+        if ($duplicate->get('status') == 'Archived') {
+            $this->getEntityManager()->getRepository('Email')->loadFromField($duplicate);
+            $this->getEntityManager()->getRepository('Email')->loadToField($duplicate);
+        }
+
+        $duplicate->loadLinkMultipleField('users');
+        $fetchedUserIdList = $duplicate->getLinkMultipleIdList('users');
+        $duplicate->setLinkMultipleIdList('users', []);
+
+        $processNoteAcl = false;
+
         if ($assignedUserId) {
-            $duplicate->addLinkMultipleId('users', $assignedUserId);
+            if (!in_array($assignedUserId, $fetchedUserIdList)) {
+                $processNoteAcl = true;
+                $duplicate->addLinkMultipleId('users', $assignedUserId);
+            }
             $duplicate->addLinkMultipleId('assignedUsers', $assignedUserId);
         }
+
         if (!empty($userIdList)) {
             foreach ($userIdList as $uId) {
-                $duplicate->addLinkMultipleId('users', $uId);
+                if (!in_array($uId, $fetchedUserIdList)) {
+                    $processNoteAcl = true;
+                    $duplicate->addLinkMultipleId('users', $uId);
+                }
             }
         }
 
         if ($folderData) {
             foreach ($folderData as $uId => $folderId) {
-                $duplicate->setLinkMultipleColumn('users', 'folderId', $uId, $folderId);
+                if (!in_array($uId, $fetchedUserIdList)) {
+                    $duplicate->setLinkMultipleColumn('users', 'folderId', $uId, $folderId);
+                } else {
+                    $this->getEntityManager()->getRepository('Email')->updateRelation($duplicate, 'users', $uId, [
+                        'folderId' => $folderId
+                    ]);
+                }
             }
         }
 
         $duplicate->set('isBeingImported', true);
 
-        $this->getEntityManager()->saveEntity($duplicate);
+        $this->getEntityManager()->getRepository('Email')->applyUsersFilters($duplicate);
+
+        $this->getEntityManager()->getRepository('Email')->processLinkMultipleFieldSave($duplicate, 'users', [
+            'skipLinkMultipleRemove' => true,
+            'skipLinkMultipleUpdate' => true
+        ]);
+
+        $this->getEntityManager()->getRepository('Email')->processLinkMultipleFieldSave($duplicate, 'assignedUsers', [
+            'skipLinkMultipleRemove' => true,
+            'skipLinkMultipleUpdate' => true
+        ]);
+
+        if ($notificator = $this->getNotificator()) {
+            $notificator->process($duplicate, [
+                'isBeingImported' => true
+            ]);
+        }
+
+        $fetchedTeamIdList = $duplicate->getLinkMultipleIdList('teams');
 
         if (!empty($teamsIdList)) {
             foreach ($teamsIdList as $teamId) {
-                $this->getEntityManager()->getRepository('Email')->relate($duplicate, 'teams', $teamId);
+                if (!in_array($teamId, $fetchedTeamIdList)) {
+                    $processNoteAcl = true;
+                    $this->getEntityManager()->getRepository('Email')->relate($duplicate, 'teams', $teamId);
+                }
             }
         }
+
+        if ($duplicate->get('parentType') && $processNoteAcl) {
+            $dt = new \DateTime();
+            $dt->modify('+5 seconds');
+            $executeAt = $dt->format('Y-m-d H:i:s');
+
+            $job = $this->getEntityManager()->getEntity('Job');
+            $job->set([
+                'serviceName' => 'Note',
+                'methodName' => 'processNoteAclJob',
+                'data' => [
+                    'targetType' => 'Email',
+                    'targetId' => $duplicate->id
+                ],
+                'executeAt' => $executeAt,
+                'queue' => 'q1'
+            ]);
+            $this->getEntityManager()->saveEntity($job);
+        }
     }
 }

application/Espo/Core/Mail/Mail/Header/XQueueItemId.php

@@ -1,4 +1,4 @@
-<?php
+<?php
 /************************************************************************
  * This file is part of EspoCRM.
  *
@@ -47,7 +47,7 @@ use Zend\Mime\Mime;
 
 class XQueueItemId implements Header\HeaderInterface
 {
-    protected $fieldName = 'X-QueueItemId';
+    protected $fieldName = 'X-Queue-Item-Id';
 
     protected $id = null;
 
@@ -57,7 +57,7 @@ class XQueueItemId implements Header\HeaderInterface
         $value = Header\HeaderWrap::mimeDecodeValue($value);
 
         if (strtolower($name) !== 'x-queue-item-id') {
-            throw new Header\Exception\InvalidArgumentException('Invalid header line for Message-ID string');
+            throw new Header\Exception\InvalidArgumentException('Invalid header line for x-queue-item-id string');
         }
 
         $header = new static();

application/Espo/Core/Mail/Parsers/MailMimeParser.php

@@ -179,9 +179,10 @@ class MailMimeParser
         } else {
             $email->set('isHtml', false);
             $email->set('body', $bodyPlain);
+            $email->set('bodyPlain', $bodyPlain);
         }
 
-        if (!$email->get('body') && $email->get('bodyPlain')) {
+        if (!$email->get('body') && $email->hasBodyPlain()) {
             $email->set('body', $email->get('bodyPlain'));
         }
 

application/Espo/Core/Mail/Parsers/PhpMimeMailParser.php

@@ -165,9 +165,10 @@ class PhpMimeMailParser
         } else {
             $email->set('isHtml', false);
             $email->set('body', $bodyPlain);
+            $email->set('bodyPlain', $bodyPlain);
         }
 
-        if (!$email->get('body') && $email->get('bodyPlain')) {
+        if (!$email->get('body') && $email->hasBodyPlain()) {
             $email->set('body', $email->get('bodyPlain'));
         }
 

application/Espo/Core/Mail/Parsers/ZendMail.php

@@ -139,7 +139,7 @@ class ZendMail
             $this->importPartDataToEmail($email, $zendMessage, $inlineIds, 'text/plain', $inlineAttachmentList);
         }
 
-        if (!$email->get('body') && $email->get('bodyPlain')) {
+        if (!$email->get('body') && $email->hasBodyPlain()) {
             $email->set('body', $email->get('bodyPlain'));
         }
 
@@ -192,7 +192,7 @@ class ZendMail
                     $content = $this->getContentFromPart($part);
                     if ($type == 'text/plain') {
                         $bodyPlain = '';
-                        if ($email->get('bodyPlain')) {
+                        if ($email->hasBodyPlain()) {
                             $bodyPlain .= $email->get('bodyPlain') . "\n";
                         }
                         $bodyPlain .= $content;

application/Espo/Core/Mail/Sender.php

@@ -89,8 +89,12 @@ class Sender
 
         $this->transport = new SmtpTransport();
 
+        $config = $this->config;
+
+        $localHostName = $config->get('smtpLocalHostName', gethostname());
+
         $opts = array(
-            'name' => 'admin',
+            'name' => $localHostName,
             'host' => $params['server'],
             'port' => $params['port'],
             'connection_config' => array()
@@ -132,8 +136,10 @@ class Sender
 
         $config = $this->config;
 
+        $localHostName = $config->get('smtpLocalHostName', gethostname());
+
         $opts = array(
-            'name' => 'admin',
+            'name' => $localHostName,
             'host' => $config->get('smtpServer'),
             'port' => $config->get('smtpPort'),
             'connection_config' => array()
@@ -170,7 +176,10 @@ class Sender
             } else {
                 $fromName = $config->get('outboundEmailFromName');
             }
+
             $message->addFrom(trim($email->get('from')), $fromName);
+
+            $fromAddress = trim($email->get('from'));
         } else {
             if (!empty($params['fromAddress'])) {
                 $fromAddress = $params['fromAddress'];
@@ -188,12 +197,16 @@ class Sender
             }
 
             $message->addFrom($fromAddress, $fromName);
-        }
 
-        if (!$email->get('from')) {
             $email->set('from', $fromAddress);
         }
 
+        $fromString = '<' . $fromAddress . '>';
+        if ($fromName) {
+            $fromString = $fromName . ' ' . $fromString;
+        }
+        $email->set('fromString', $fromString);
+
         $sender = new \Zend\Mail\Header\Sender();
         $sender->setAddress($email->get('from'));
         $message->getHeaders()->addHeader($sender);
@@ -260,7 +273,7 @@ class Sender
                 $attachment = new MimePart(file_get_contents($fileName));
                 $attachment->disposition = Mime::DISPOSITION_ATTACHMENT;
                 $attachment->encoding = Mime::ENCODING_BASE64;
-                $attachment->filename = $a->get('name');
+                $attachment->filename ='=?utf-8?B?' . base64_encode($a->get('name')) . '?=';
                 if ($a->get('type')) {
                     $attachment->type = $a->get('type');
                 }

application/Espo/Core/NotificatorFactory.php

@@ -0,0 +1,58 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2018 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: http://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core;
+
+use \Espo\Core\Exceptions\Error;
+
+use \Espo\Core\Utils\Util;
+use \Espo\Core\InjectableFactory;
+
+class NotificatorFactory extends InjectableFactory
+{
+    public function create($entityType)
+    {
+        $normalizedName = Util::normilizeClassName($entityType);
+
+        $className = '\\Espo\\Custom\\Notificators\\' . $normalizedName;
+        if (!class_exists($className)) {
+            $moduleName = $this->getMetadata()->getScopeModuleName($entityType);
+            if ($moduleName) {
+                $className = '\\Espo\\Modules\\' . $moduleName . '\\Notificators\\' . $normalizedName;
+            } else {
+                $className = '\\Espo\\Notificators\\' . $normalizedName;
+            }
+            if (!class_exists($className)) {
+                $className = '\\Espo\\Core\\Notificators\\Base';
+            }
+        }
+
+        return $this->createByClassName($className);
+    }
+}

application/Espo/Core/Notificators/Base.php

@@ -90,13 +90,29 @@ class Base implements Injectable
         return $this->injections['user'];
     }
 
-    public function process(Entity $entity)
+    public function process(Entity $entity, array $options = [])
     {
-        if (!$entity->get('assignedUserId')) return;
-        if (!$entity->isAttributeChanged('assignedUserId')) return;
+        if ($entity->hasLinkMultipleField('assignedUsers')) {
+            $userIdList = $entity->getLinkMultipleIdList('assignedUsers');
+            $fetchedAssignedUserIdList = $entity->getFetched('assignedUsersIds');
+            if (!is_array($fetchedAssignedUserIdList)) {
+                $fetchedAssignedUserIdList = [];
+            }
 
-        $assignedUserId = $entity->get('assignedUserId');
+            foreach ($userIdList as $userId) {
+                if (in_array($userId, $fetchedAssignedUserIdList)) continue;
+                $this->processForUser($entity, $userId);
+            }
+        } else {
+            if (!$entity->get('assignedUserId')) return;
+            if (!$entity->isAttributeChanged('assignedUserId')) return;
+            $assignedUserId = $entity->get('assignedUserId');
+            $this->processForUser($entity, $assignedUserId);
+        }
+    }
 
+    protected function processForUser(Entity $entity, $assignedUserId)
+    {
         if ($entity->hasAttribute('createdById') && $entity->hasAttribute('modifiedById')) {
             if ($entity->isNew()) {
                 $isNotSelfAssignment = $assignedUserId !== $entity->get('createdById');

application/Espo/Core/ORM/Entity.php

@@ -33,12 +33,22 @@ class Entity extends \Espo\ORM\Entity
 {
     public function hasLinkMultipleField($field)
     {
-        return $this->hasAttribute($field . 'Ids');
+        return
+            $this->hasRelation($field) &&
+            $this->getAttributeParam($field . 'Ids', 'isLinkMultipleIdList');
     }
 
     public function hasLinkField($field)
     {
-        return $this->hasAttribute($field . 'Id');
+        return $this->hasAttribute($field . 'Id') && $this->hasRelation($field);
+    }
+
+    public function hasLinkParentField($field)
+    {
+        return
+            $this->hasAttributeType($field . 'Type') == 'foreignType' &&
+            $this->hasAttribute($field . 'Id') &&
+            $this->hasRelation($field);
     }
 
     public function loadParentNameField($field)
@@ -53,27 +63,39 @@ class Entity extends \Espo\ORM\Entity
             $repository = $this->entityManager->getRepository($parentType);
 
             $select = ['id', 'name'];
-            if ($parentType === 'Lead') {
-                $select[] = 'accountName';
-                $select[] = 'emailAddress';
-                $select[] = 'phoneNumber';
-            }
             $foreignEntity = $repository->select($select)->where(['id' => $parentId])->findOne();
             if ($foreignEntity) {
                 $this->set($field . 'Name', $foreignEntity->get('name'));
+            } else {
+                $this->set($field . 'Name', null);
             }
+        } else {
+            $this->set($field . 'Name', null);
         }
     }
 
-    public function loadLinkMultipleField($field, $columns = null)
+    public function getLinkMultipleCollection($field)
     {
-        if (!$this->hasRelation($field) || !$this->hasAttribute($field . 'Ids')) return;
+        if (!$this->hasLinkMultipleField($field)) return;
 
-        $defs = array();
-        if (!empty($columns)) {
-            $defs['additionalColumns'] = $columns;
+        $defs = $this->getRelationSelectParams($field);
+
+        $columnAttribute = $field . 'Columns';
+        if ($this->hasAttribute($columnAttribute) && $this->getAttributeParam($columnAttribute, 'columns')) {
+            $defs['additionalColumns'] = $this->getAttributeParam($columnAttribute, 'columns');
         }
 
+        $collection = $this->get($field, $defs);
+
+        return $collection;
+    }
+
+    protected function getRelationSelectParams($link)
+    {
+        $field = $link;
+
+        $defs = [];
+
         $idsAttribute = $field . 'Ids';
 
         $foreignEntityType = $this->getRelationParam($field, 'entity');
@@ -104,13 +126,21 @@ class Entity extends \Espo\ORM\Entity
             }
         }
 
-        $defs['select'] = ['id', 'name'];
-        if ($foreignEntityType === 'Lead') {
-            $defs['select'][] = 'accountName';
-            $defs['select'][] = 'emailAddress';
-            $defs['select'][] = 'phoneNumber';
+        return $defs;
+    }
+
+    public function loadLinkMultipleField($field, $columns = null)
+    {
+        if (!$this->hasRelation($field) || !$this->hasAttribute($field . 'Ids')) return;
+
+        $defs = $this->getRelationSelectParams($field);
+
+        if (!empty($columns)) {
+            $defs['additionalColumns'] = $columns;
         }
 
+        $defs['select'] = ['id', 'name'];
+
         $hasType = false;
         if ($this->hasField($field . 'Types')) {
             $hasType = true;
@@ -142,7 +172,13 @@ class Entity extends \Espo\ORM\Entity
             }
         }
 
+        $idsAttribute = $field . 'Ids';
+
         $this->set($idsAttribute, $ids);
+        if (!$this->isNew() && !$this->hasFetched($idsAttribute)) {
+            $this->setFetched($idsAttribute, $ids);
+        }
+
         $this->set($field . 'Names', $names);
         if ($hasType) {
             $this->set($field . 'Types', $types);
@@ -157,7 +193,13 @@ class Entity extends \Espo\ORM\Entity
         if (!$this->hasRelation($field) || !$this->hasAttribute($field . 'Id')) return;
         if ($this->getRelationType($field) !== 'hasOne' && $this->getRelationType($field) !== 'belongsTo') return;
 
-        $entity = $this->get($field);
+        $relatedEntityType = $this->getRelationParam($field, 'entity');
+
+        $select = ['id', 'name'];
+
+        $entity = $this->get($field, [
+            'select' => $select
+        ]);
 
         $entityId = null;
         $entityName = null;
@@ -166,7 +208,13 @@ class Entity extends \Espo\ORM\Entity
             $entityName = $entity->get('name');
         }
 
-        $this->set($field . 'Id', $entityId);
+        $idAttribute = $field . 'Id';
+
+        if (!$this->isNew() && !$this->hasFetched($idAttribute)) {
+            $this->setFetched($idAttribute, $entityId);
+        }
+
+        $this->set($idAttribute, $entityId);
         $this->set($field . 'Name', $entityName);
     }
 
@@ -291,4 +339,3 @@ class Entity extends \Espo\ORM\Entity
         return false;
     }
 }
-

application/Espo/Core/ORM/Repositories/RDB.php

@@ -55,6 +55,8 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
 
     protected $processFieldsBeforeSaveDisabled = false;
 
+    protected $processFieldsAfterRemoveDisabled = false;
+
     protected function addDependency($name)
     {
         $this->dependencies[] = $name;
@@ -124,20 +126,17 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
             return;
         }
 
-        $defs = $metadata->get('entityDefs.' . $entityType);
+        $defs = $metadata->get(['entityDefs', $entityType]);
 
         foreach ($defs['fields'] as $field => $d) {
             if (isset($d['type']) && $d['type'] == 'currency') {
-                if (!empty($d['notStorable'])) {
-                    continue;
-                }
-                if (empty($params['customJoin'])) {
-                    $params['customJoin'] = '';
-                }
-                $alias = Util::toUnderScore($field) . "_currency_alias";
-                $params['customJoin'] .= "
-                    LEFT JOIN currency AS `{$alias}` ON {$alias}.id = ".Util::toUnderScore($entityType).".".Util::toUnderScore($field)."_currency
-                ";
+                if (!empty($d['notStorable'])) continue;
+                if (empty($params['leftJoins'])) $params['leftJoins'] = [];
+                $alias = $field . 'CurrencyRate';
+
+                $params['leftJoins'][] = ['Currency', $alias, [
+                    $alias . '.id:' => $field . 'Currency'
+                ]];
             }
         }
 
@@ -145,45 +144,23 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
 
     protected function handleEmailAddressParams(&$params)
     {
-        $entityType = $this->entityType;
-
-        $defs = $this->getEntityManager()->getMetadata()->get($entityType);
+        $defs = $this->getEntityManager()->getMetadata()->get($this->entityType);
         if (!empty($defs['relations']) && array_key_exists('emailAddresses', $defs['relations'])) {
-            if (empty($params['leftJoins'])) {
-                $params['leftJoins'] = array();
-            }
-            if (empty($params['whereClause'])) {
-                $params['whereClause'] = array();
-            }
-            if (empty($params['joinConditions'])) {
-                $params['joinConditions'] = array();
-            }
-            $params['leftJoins'][] = 'emailAddresses';
-            $params['joinConditions']['emailAddresses'] = array(
+            if (empty($params['leftJoins'])) $params['leftJoins'] = [];
+            $params['leftJoins'][] = ['emailAddresses', null, [
                 'primary' => 1
-            );
+            ]];
         }
     }
 
     protected function handlePhoneNumberParams(&$params)
     {
-        $entityType = $this->entityType;
-
-        $defs = $this->getEntityManager()->getMetadata()->get($entityType);
+        $defs = $this->getEntityManager()->getMetadata()->get($this->entityType);
         if (!empty($defs['relations']) && array_key_exists('phoneNumbers', $defs['relations'])) {
-            if (empty($params['leftJoins'])) {
-                $params['leftJoins'] = array();
-            }
-            if (empty($params['whereClause'])) {
-                $params['whereClause'] = array();
-            }
-            if (empty($params['joinConditions'])) {
-                $params['joinConditions'] = array();
-            }
-            $params['leftJoins'][] = 'phoneNumbers';
-            $params['joinConditions']['phoneNumbers'] = array(
+            if (empty($params['leftJoins'])) $params['leftJoins'] = [];
+            $params['leftJoins'][] = ['phoneNumbers', null, [
                 'primary' => 1
-            );
+            ]];
         }
     }
 
@@ -206,6 +183,11 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
     protected function afterRemove(Entity $entity, array $options = array())
     {
         parent::afterRemove($entity, $options);
+
+        if (!$this->processFieldsAfterRemoveDisabled) {
+            $this->processArrayFieldsRemove($entity);
+        }
+
         if (!$this->hooksDisabled && empty($options['skipHooks'])) {
             $this->getEntityManager()->getHookManager()->process($this->entityType, 'afterRemove', $entity, $options);
         }
@@ -274,7 +256,7 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
         }
     }
 
-    protected function afterSave(Entity $entity, array $options = array())
+    protected function afterSave(Entity $entity, array $options = [])
     {
         if (!empty($this->restoreData)) {
             $entity->set($this->restoreData);
@@ -285,8 +267,10 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
         if (!$this->processFieldsAfterSaveDisabled) {
             $this->processEmailAddressSave($entity);
             $this->processPhoneNumberSave($entity);
-            $this->processSpecifiedRelationsSave($entity);
+            $this->processSpecifiedRelationsSave($entity, $options);
             $this->processFileFieldsSave($entity);
+            $this->processArrayFieldsSave($entity);
+            $this->processWysiwygFieldsSave($entity);
         }
 
         if (!$this->hooksDisabled && empty($options['skipHooks'])) {
@@ -405,6 +389,57 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
         }
     }
 
+    protected function processArrayFieldsSave(Entity $entity)
+    {
+        foreach ($entity->getAttributes() as $attribute => $defs) {
+            if (!isset($defs['type']) || $defs['type'] !== Entity::JSON_ARRAY) continue;
+            if (!$entity->has($attribute)) continue;
+            if (!$entity->isAttributeChanged($attribute)) continue;
+            if (!$entity->getAttributeParam($attribute, 'storeArrayValues')) continue;
+            if ($entity->getAttributeParam($attribute, 'notStorable')) continue;
+            $this->getEntityManager()->getRepository('ArrayValue')->storeEntityAttribute($entity, $attribute);
+        }
+    }
+
+    protected function processWysiwygFieldsSave(Entity $entity)
+    {
+        if (!$entity->isNew()) return;
+
+        $fieldsDefs = $this->getMetadata()->get(['entityDefs', $entity->getEntityType(), 'fields'], []);
+        foreach ($fieldsDefs as $field => $defs) {
+            if (!empty($defs['type']) && $defs['type'] === 'wysiwyg') {
+                $content = $entity->get($field);
+                if (!$content) continue;
+                if (preg_match_all("/\?entryPoint=attachment&id=([^&=\"']+)/", $content, $matches)) {
+                    if (!empty($matches[1]) && is_array($matches[1])) {
+                        foreach ($matches[1] as $id) {
+                            $attachment = $this->getEntityManager()->getEntity('Attachment', $id);
+                            if ($attachment) {
+                                if (!$attachment->get('relatedId') && !$attachment->get('sourceId')) {
+                                    $attachment->set([
+                                        'relatedId' => $entity->id,
+                                        'relatedType' => $entity->getEntityType()
+                                    ]);
+                                    $this->getEntityManager()->saveEntity($attachment);
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    protected function processArrayFieldsRemove(Entity $entity)
+    {
+        foreach ($entity->getAttributes() as $attribute => $defs) {
+            if (!isset($defs['type']) || $defs['type'] !== Entity::JSON_ARRAY) continue;
+            if (!$entity->getAttributeParam($attribute, 'storeArrayValues')) continue;
+            if ($entity->getAttributeParam($attribute, 'notStorable')) continue;
+            $this->getEntityManager()->getRepository('ArrayValue')->deleteEntityAttribute($entity, $attribute);
+        }
+    }
+
     protected function processEmailAddressSave(Entity $entity)
     {
         if ($entity->hasRelation('emailAddresses') && $entity->hasAttribute('emailAddress')) {
@@ -419,108 +454,146 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
         }
     }
 
-    protected function processSpecifiedRelationsSave(Entity $entity)
+    public function processLinkMultipleFieldSave(Entity $entity, $link, array $options = [])
+    {
+        $name = $link;
+
+        $idListAttribute = $link . 'Ids';
+        $columnsAttribute = $link . 'Columns';
+
+        if ($this->getMetadata()->get("entityDefs." . $entity->getEntityType() . ".fields.{$name}.noSave")) {
+            return;
+        }
+
+        $skipCreate = false;
+        $skipRemove = false;
+        $skipUpdate = false;
+        if (!empty($options['skipLinkMultipleCreate'])) $skipCreate = true;
+        if (!empty($options['skipLinkMultipleRemove'])) $skipRemove = true;
+        if (!empty($options['skipLinkMultipleUpdate'])) $skipUpdate = true;
+
+        if ($entity->isNew()) {
+            $skipRemove = true;
+            $skipUpdate = true;
+        }
+
+        if ($entity->has($idListAttribute)) {
+            $specifiedIdList = $entity->get($idListAttribute);
+        } else if ($entity->has($columnsAttribute)) {
+            $skipRemove = true;
+            $specifiedIdList = [];
+            foreach ($entity->get($columnsAttribute) as $id => $d) {
+                $specifiedIdList[] = $id;
+            }
+        } else {
+            return;
+        }
+
+        if (!is_array($specifiedIdList)) return;
+
+        $toRemoveIdList = [];
+        $existingIdList = [];
+        $toUpdateIdList = [];
+        $toCreateIdList = [];
+        $existingColumnsData = (object)[];
+
+        $defs = [];
+        $columns = $this->getMetadata()->get("entityDefs." . $entity->getEntityType() . ".fields.{$name}.columns");
+        if (!empty($columns)) {
+            $columnData = $entity->get($columnsAttribute);
+            $defs['additionalColumns'] = $columns;
+        }
+
+        if (!$skipRemove && !$skipUpdate) {
+            $foreignEntityList = $entity->get($name, $defs);
+            if ($foreignEntityList) {
+                foreach ($foreignEntityList as $foreignEntity) {
+                    $existingIdList[] = $foreignEntity->id;
+                    if (!empty($columns)) {
+                        $data = (object)[];
+                        foreach ($columns as $columnName => $columnField) {
+                            $foreignId = $foreignEntity->id;
+                            $data->$columnName = $foreignEntity->get($columnField);
+                        }
+                        $existingColumnsData->$foreignId = $data;
+                        if (!$entity->isNew()) {
+                            $entity->setFetched($columnsAttribute, $existingColumnsData);
+                        }
+                    }
+                }
+            }
+        }
+
+        if (!$entity->isNew()) {
+            if ($entity->has($idListAttribute) && !$entity->hasFetched($idListAttribute)) {
+                $entity->setFetched($idListAttribute, $existingIdList);
+            }
+            if ($entity->has($columnsAttribute) && !empty($columns)) {
+                $entity->setFetched($columnsAttribute, $existingColumnsData);
+            }
+        }
+
+        foreach ($existingIdList as $id) {
+            if (!in_array($id, $specifiedIdList)) {
+                if (!$skipRemove) {
+                    $toRemoveIdList[] = $id;
+                }
+            } else {
+                if (!$skipUpdate && !empty($columns)) {
+                    foreach ($columns as $columnName => $columnField) {
+                        if (isset($columnData->$id) && is_object($columnData->$id)) {
+                            if (
+                                property_exists($columnData->$id, $columnName)
+                                &&
+                                (
+                                    !property_exists($existingColumnsData->$id, $columnName)
+                                    ||
+                                    $columnData->$id->$columnName !== $existingColumnsData->$id->$columnName
+                                )
+                            ) {
+                                $toUpdateIdList[] = $id;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        if (!$skipCreate) {
+            foreach ($specifiedIdList as $id) {
+                if (!in_array($id, $existingIdList)) {
+                    $toCreateIdList[] = $id;
+                }
+            }
+        }
+
+        foreach ($toCreateIdList as $id) {
+            $data = null;
+            if (!empty($columns) && isset($columnData->$id)) {
+                $data = $columnData->$id;
+            }
+            $this->relate($entity, $name, $id, $data);
+        }
+
+        foreach ($toRemoveIdList as $id) {
+            $this->unrelate($entity, $name, $id);
+        }
+
+        foreach ($toUpdateIdList as $id) {
+            $data = $columnData->$id;
+            $this->updateRelation($entity, $name, $id, $data);
+        }
+    }
+
+    protected function processSpecifiedRelationsSave(Entity $entity, array $options = [])
     {
         $relationTypeList = [$entity::HAS_MANY, $entity::MANY_MANY, $entity::HAS_CHILDREN];
         foreach ($entity->getRelations() as $name => $defs) {
             if (in_array($defs['type'], $relationTypeList)) {
-                $fieldName = $name . 'Ids';
-                $columnsFieldsName = $name . 'Columns';
-
-
-                if ($entity->has($fieldName) || $entity->has($columnsFieldsName)) {
-                    if ($this->getMetadata()->get("entityDefs." . $entity->getEntityType() . ".fields.{$name}.noSave")) {
-                        continue;
-                    }
-
-                    if ($entity->has($fieldName)) {
-                        $specifiedIds = $entity->get($fieldName);
-                    } else {
-                        $specifiedIds = array();
-                        foreach ($entity->get($columnsFieldsName) as $id => $d) {
-                            $specifiedIds[] = $id;
-                        }
-                    }
-                    if (is_array($specifiedIds)) {
-                        $toRemoveIds = array();
-                        $existingIds = array();
-                        $toUpdateIds = array();
-                        $existingColumnsData = new \stdClass();
-
-                        $defs = array();
-                        $columns = $this->getMetadata()->get("entityDefs." . $entity->getEntityType() . ".fields.{$name}.columns");
-                        if (!empty($columns)) {
-                            $columnData = $entity->get($columnsFieldsName);
-                            $defs['additionalColumns'] = $columns;
-                        }
-
-                        $foreignCollection = $entity->get($name, $defs);
-                        if ($foreignCollection) {
-                            foreach ($foreignCollection as $foreignEntity) {
-                                $existingIds[] = $foreignEntity->id;
-                                if (!empty($columns)) {
-                                    $data = new \stdClass();
-                                    foreach ($columns as $columnName => $columnField) {
-                                        $foreignId = $foreignEntity->id;
-                                        $data->$columnName = $foreignEntity->get($columnField);
-                                    }
-                                    $existingColumnsData->$foreignId = $data;
-                                    $entity->setFetched($columnsFieldsName, $existingColumnsData);
-                                }
-
-                            }
-                        }
-
-                        if ($entity->has($fieldName)) {
-                            $entity->setFetched($fieldName, $existingIds);
-                        }
-                        if ($entity->has($columnsFieldsName) && !empty($columns)) {
-                            $entity->setFetched($columnsFieldsName, $existingColumnsData);
-                        }
-
-                        foreach ($existingIds as $id) {
-                            if (!in_array($id, $specifiedIds)) {
-                                $toRemoveIds[] = $id;
-                            } else {
-                                if (!empty($columns)) {
-                                    foreach ($columns as $columnName => $columnField) {
-                                        if (isset($columnData->$id) && is_object($columnData->$id)) {
-                                            if (
-                                                property_exists($columnData->$id, $columnName)
-                                                &&
-                                                (
-                                                    !property_exists($existingColumnsData->$id, $columnName)
-                                                    ||
-                                                    $columnData->$id->$columnName !== $existingColumnsData->$id->$columnName
-                                                )
-                                            ) {
-                                                $toUpdateIds[] = $id;
-                                            }
-                                        }
-                                    }
-                                }
-                            }
-                        }
-
-                        foreach ($specifiedIds as $id) {
-                            if (!in_array($id, $existingIds)) {
-                                $data = null;
-                                if (!empty($columns) && isset($columnData->$id)) {
-                                    $data = $columnData->$id;
-                                }
-                                $this->relate($entity, $name, $id, $data);
-                            }
-                        }
-                        foreach ($toRemoveIds as $id) {
-                            $this->unrelate($entity, $name, $id);
-                        }
-                        if (!empty($columns)) {
-                            foreach ($toUpdateIds as $id) {
-                                $data = $columnData->$id;
-                                $this->updateRelation($entity, $name, $id, $data);
-                            }
-                        }
-                    }
+                $idListAttribute = $name . 'Ids';
+                $columnsAttribute = $name . 'Columns';
+                if ($entity->has($idListAttribute) || $entity->has($columnsAttribute)) {
+                    $this->processLinkMultipleFieldSave($entity, $name, $options);
                 }
             } else if ($defs['type'] === $entity::HAS_ONE) {
                 if (empty($defs['entity']) || empty($defs['foreignKey'])) continue;
@@ -531,35 +604,37 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
 
                 $foreignEntityType = $defs['entity'];
                 $foreignKey = $defs['foreignKey'];
-                $idFieldName = $name . 'Id';
-                $nameFieldName = $name . 'Name';
+                $idAttribute = $name . 'Id';
 
-                if (!$entity->has($idFieldName)) continue;
+                if (!$entity->has($idAttribute)) continue;
 
-                $where = array();
+                $where = [];
                 $where[$foreignKey] = $entity->id;
                 $previousForeignEntity = $this->getEntityManager()->getRepository($foreignEntityType)->where($where)->findOne();
                 if ($previousForeignEntity) {
-                    $entity->setFetched($idFieldName, $previousForeignEntity->id);
-                    if ($previousForeignEntity->id !== $entity->get($idFieldName)) {
+                    if (!$entity->isNew()) {
+                        $entity->setFetched($idAttribute, $previousForeignEntity->id);
+                    }
+                    if ($previousForeignEntity->id !== $entity->get($idAttribute)) {
                         $previousForeignEntity->set($foreignKey, null);
                         $this->getEntityManager()->saveEntity($previousForeignEntity);
                     }
                 } else {
-                    $entity->setFetched($idFieldName, null);
+                    if (!$entity->isNew()) {
+                        $entity->setFetched($idAttribute, null);
+                    }
                 }
 
-                if ($entity->get($idFieldName)) {
-                    $newForeignEntity = $this->getEntityManager()->getEntity($foreignEntityType, $entity->get($idFieldName));
+                if ($entity->get($idAttribute)) {
+                    $newForeignEntity = $this->getEntityManager()->getEntity($foreignEntityType, $entity->get($idAttribute));
                     if ($newForeignEntity) {
                         $newForeignEntity->set($foreignKey, $entity->id);
                         $this->getEntityManager()->saveEntity($newForeignEntity);
                     } else {
-                        $entity->set($idFieldName, null);
+                        $entity->set($idAttribute, null);
                     }
                 }
             }
         }
     }
 }
-

application/Espo/Core/Pdf/Tcpdf.php

@@ -40,6 +40,13 @@ class Tcpdf extends \TCPDF
 
     protected $footerPosition = 15;
 
+    protected $useGroupNumbers = false;
+
+    public function setUseGroupNumbers($value)
+    {
+        $this->useGroupNumbers = $value;
+    }
+
     public function setFooterHtml($html)
     {
         $this->footerHtml = $html;
@@ -58,7 +65,16 @@ class Tcpdf extends \TCPDF
 
         $this->SetY((-1) * $this->footerPosition);
 
-        $html = str_replace('{pageNumber}', '{:pnp:}', $this->footerHtml);
+        $html = $this->footerHtml;
+
+        if ($this->useGroupNumbers) {
+            $html = str_replace('{pageNumber}', '{:png:}', $html);
+            $html = str_replace('{pageAbsoluteNumber}', '{:pnp:}', $html);
+        } else {
+            $html = str_replace('{pageNumber}', '{:pnp:}', $html);
+            $html = str_replace('{pageAbsoluteNumber}', '{:pnp:}', $html);
+        }
+
         $this->writeHTMLCell(0, 0, '', '', $html, 0, 1, 0, '', 0, false, 'T');
 
         $this->SetAutoPageBreak($autoPageBreak, $breakMargin);
@@ -98,6 +114,9 @@ class Tcpdf extends \TCPDF
                 ++$pagegroupnum;
                 $pnga = TCPDF_STATIC::formatPageNumber($pagegroupnum);
                 $pngu = TCPDF_FONTS::UTF8ToUTF16BE($pnga, false, $this->isunicode, $this->CurrentFont);
+
+                $pnga = $pngu;
+
                 $png_num_chars = $this->GetNumChars($pnga);
                 // replace page numbers
                 $replace = array();

application/Espo/Core/Portal/AclManager.php

@@ -264,8 +264,7 @@ class AclManager extends \Espo\Core\AclManager
 
     protected function checkUserIsNotPortal($user)
     {
-        return !$user->get('isPortalUser');
+        return !$user->isPortal();
     }
 
 }
-

application/Espo/Core/Portal/Application.php

@@ -96,9 +96,12 @@ class Application extends \Espo\Core\Application
 
     public function runClient()
     {
-        $this->getContainer()->get('clientManager')->display(null, 'html/portal.html', array(
-            'portalId' => $this->getPortal()->id
-        ));
+        $this->getContainer()->get('clientManager')->display(null, null, [
+            'portalId' => $this->getPortal()->id,
+            'applicationId' => $this->getPortal()->id,
+            'apiUrl' => 'api/v1/portal-access/' . $this->getPortal()->id,
+            'appClientClassName' => 'app-portal'
+        ]);
+        exit;
     }
 }
-

application/Espo/Core/Repositories/Event.php

@@ -61,10 +61,15 @@ class Event extends \Espo\Core\ORM\Repositories\RDB
         $pdo->query($sql);
     }
 
-    protected function afterSave(Entity $entity, array $options = array())
+    protected function afterSave(Entity $entity, array $options = [])
     {
-        parent::afterSave($entity, $options);
+        $this->processReminderAfterSave($entity, $options);
 
+        parent::afterSave($entity, $options);
+    }
+
+    protected function processReminderAfterSave(Entity $entity, array $options = [])
+    {
         if (
             $entity->isNew() ||
             $entity->isAttributeChanged('assignedUserId') ||

application/Espo/Core/ServiceFactory.php

@@ -108,9 +108,11 @@ class ServiceFactory
             foreach ($dependencies as $name) {
                 $service->inject($name, $this->container->get($name));
             }
+            if (method_exists($service, 'prepare')) {
+                $service->prepare();
+            }
             return $service;
         }
         throw new Error("Class '$className' does not exist.");
     }
 }
-

application/Espo/Core/Services/Base.php

@@ -37,6 +37,7 @@ abstract class Base implements Injectable
         'config',
         'entityManager',
         'user',
+        'serviceFactory'
     );
 
     protected $injections = array();
@@ -55,6 +56,10 @@ abstract class Base implements Injectable
     {
     }
 
+    public function prepare()
+    {
+    }
+
     protected function getInjection($name)
     {
         return $this->injections[$name];
@@ -91,5 +96,9 @@ abstract class Base implements Injectable
     {
         return $this->getInjection('user');
     }
-}
 
+    protected function getServiceFactory()
+    {
+        return $this->getInjection('serviceFactory');
+    }
+}

application/Espo/Core/Templates/Metadata/Base/entityDefs.json

@@ -57,8 +57,8 @@
         }
     },
     "collection": {
-        "sortBy": "createdAt",
-        "asc": false
+        "orderBy": "createdAt",
+        "order": "desc"
     },
     "indexes": {
         "name": {

application/Espo/Core/Templates/Metadata/BasePlus/entityDefs.json

@@ -75,8 +75,8 @@
         }
     },
     "collection": {
-        "sortBy": "createdAt",
-        "asc": false
+        "orderBy": "createdAt",
+        "order": "desc"
     },
     "indexes": {
         "name": {

application/Espo/Core/Templates/Metadata/CategoryTree/entityDefs.json

@@ -72,8 +72,8 @@
         }
     },
     "collection": {
-        "sortBy": "parent",
-        "asc": true
+        "orderBy": "parent",
+        "order": "asc"
     },
     "indexes": {
         "name": {

application/Espo/Core/Templates/Metadata/Company/entityDefs.json

@@ -9,7 +9,8 @@
             "type": "text"
         },
         "website": {
-            "type": "url"
+            "type": "url",
+            "strip": true
         },
         "emailAddress": {
             "type": "email"
@@ -135,8 +136,8 @@
         }
     },
     "collection": {
-        "sortBy": "createdAt",
-        "asc": false
+        "orderBy": "createdAt",
+        "order": "desc"
     },
     "indexes": {
         "name": {

application/Espo/Core/Templates/Metadata/Event/entityDefs.json

@@ -9,7 +9,6 @@
             "type": "enum",
             "options": ["Planned", "Held", "Not Held"],
             "default": "Planned",
-            "view": "views/fields/enum-styled",
             "style": {
                 "Held": "success"
             },
@@ -101,8 +100,8 @@
         }
     },
     "collection": {
-        "sortBy": "dateStart",
-        "asc": false
+        "orderBy": "dateStart",
+        "order": "desc"
     },
     "indexes": {
         "dateStartStatus": {

application/Espo/Core/Templates/Metadata/Person/entityDefs.json

@@ -1,7 +1,8 @@
 {
     "fields": {
         "name": {
-            "type": "personName"
+            "type": "personName",
+            "isPersonalData": true
         },
         "salutationName": {
             "type": "enum",
@@ -24,15 +25,18 @@
             "type": "text"
         },
         "emailAddress": {
-            "type": "email"
+            "type": "email",
+            "isPersonalData": true
         },
         "phoneNumber": {
             "type": "phone",
             "typeList": ["Mobile", "Office", "Home", "Fax", "Other"],
-            "defaultType": "Mobile"
+            "defaultType": "Mobile",
+            "isPersonalData": true
         },
         "address": {
-            "type": "address"
+            "type": "address",
+            "isPersonalData": true
         },
         "addressStreet": {
             "type": "text",
@@ -122,8 +126,8 @@
         }
     },
     "collection": {
-        "sortBy": "createdAt",
-        "asc": false
+        "orderBy": "createdAt",
+        "order": "desc"
     },
     "indexes": {
         "firstName": {

application/Espo/Core/Templates/Metadata/Person/scopes.json

@@ -7,5 +7,6 @@
     "aclPortalLevelList": ["all", "account", "contact", "own", "no"],
     "customizable": true,
     "importable": true,
-    "notifications": true
+    "notifications": true,
+    "hasPersonalData": true
 }

application/Espo/Core/Templates/i18n/de_DE/BasePlus.json

@@ -1,6 +1,5 @@
 {
   "links": {
-    "meetings": "Meetings",
     "calls": "Anrufe",
     "tasks": "Aufgaben"
   },

application/Espo/Core/Templates/i18n/de_DE/Company.json

@@ -5,7 +5,6 @@
     "website": "Webseite"
   },
   "links": {
-    "meetings": "Meetings",
     "calls": "Anrufe",
     "tasks": "Aufgaben"
   },

application/Espo/Core/Templates/i18n/de_DE/Event.json

@@ -4,7 +4,6 @@
     "dateStart": "Startdatum",
     "dateEnd": "Enddatum",
     "duration": "Dauer",
-    "status": "Status",
     "reminders": "Erinnerungen"
   },
   "links": {
@@ -20,7 +19,6 @@
   "labels": {
     "Create {entityType}": "{entityTypeTranslated} erstellen",
     "Schedule {entityType}": "{entityTypeTranslated} planen",
-    "Log {entityType}": "Log {entityTypeTranslated}",
     "Set Held": "Auf durchgeführt setzen",
     "Set Not Held": "Auf nicht durchgeführt setzen"
   },

application/Espo/Core/Templates/i18n/de_DE/Person.json

@@ -3,7 +3,6 @@
     "address": "Adresse"
   },
   "links": {
-    "meetings": "Meetings",
     "calls": "Anrufe",
     "tasks": "Aufgaben"
   },

application/Espo/Core/Templates/i18n/es_MX/BasePlus.json

@@ -1,6 +1,6 @@
 {
   "links": {
-    "meetings": "Juntas",
+    "meetings": "Presentaciones",
     "calls": "Llamadas",
     "tasks": "Tareas"
   },

application/Espo/Core/Templates/i18n/es_MX/Company.json

@@ -5,7 +5,7 @@
     "website": "Sitio Web"
   },
   "links": {
-    "meetings": "Juntas",
+    "meetings": "Presentaciones",
     "calls": "Llamadas",
     "tasks": "Tareas"
   },

application/Espo/Core/Templates/i18n/es_MX/Person.json

@@ -3,7 +3,7 @@
     "address": "Dirección"
   },
   "links": {
-    "meetings": "Juntas",
+    "meetings": "Presentaciones",
     "calls": "Llamadas",
     "tasks": "Tareas"
   },

application/Espo/Core/Templates/i18n/fa_IR/Base.json

@@ -0,0 +1,5 @@
+{
+  "labels": {
+    "Create {entityType}": "ایجاد {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/fa_IR/BasePlus.json

@@ -0,0 +1,10 @@
+{
+  "links": {
+    "meetings": "جلسات",
+    "calls": "تماس ها",
+    "tasks": "وظایف"
+  },
+  "labels": {
+    "Create {entityType}": "ایجاد {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/fa_IR/Company.json

@@ -0,0 +1,15 @@
+{
+  "fields": {
+    "billingAddress": "آدرس صورتحساب",
+    "shippingAddress": "آدرس حمل و نقل",
+    "website": "وب سایت"
+  },
+  "links": {
+    "meetings": "جلسات",
+    "calls": "تماس ها",
+    "tasks": "وظایف"
+  },
+  "labels": {
+    "Create {entityType}": "ایجاد {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/fa_IR/Event.json

@@ -0,0 +1,34 @@
+{
+  "fields": {
+    "parent": "پدر",
+    "dateStart": "تاریخ شروع",
+    "dateEnd": "تاریخ پایان",
+    "duration": "مدت زمان",
+    "status": "وضعیت",
+    "reminders": "یادآوری ها"
+  },
+  "links": {
+    "parent": "پدر"
+  },
+  "options": {
+    "status": {
+      "Planned": "برنامه ریزی شده",
+      "Held": "برگزار شد",
+      "Not Held": "برگزار نشد"
+    }
+  },
+  "labels": {
+    "Create {entityType}": "ایجاد {entityTypeTranslated}",
+    "Set Held": "تنظیم برگذاری",
+    "Set Not Held": "تنظیم عدم برگذاری"
+  },
+  "massActions": {
+    "setHeld": "تنظیم برگذاری",
+    "setNotHeld": "تنظیم عدم برگذاری"
+  },
+  "presetFilters": {
+    "planned": "برنامه ریزی شده",
+    "held": "برگزار شد",
+    "todays": "امروزه"
+  }
+}

application/Espo/Core/Templates/i18n/fa_IR/Person.json

@@ -0,0 +1,13 @@
+{
+  "fields": {
+    "address": "آدرس"
+  },
+  "links": {
+    "meetings": "جلسات",
+    "calls": "تماس ها",
+    "tasks": "وظایف"
+  },
+  "labels": {
+    "Create {entityType}": "ایجاد {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/Base.json

@@ -0,0 +1,5 @@
+{
+  "labels": {
+    "Create {entityType}": "Napravi {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/BasePlus.json

@@ -0,0 +1,10 @@
+{
+  "links": {
+    "meetings": "Sastanci",
+    "calls": "Pozivi",
+    "tasks": "Zadaci"
+  },
+  "labels": {
+    "Create {entityType}": "Kreiraj {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/Company.json

@@ -0,0 +1,15 @@
+{
+  "fields": {
+    "billingAddress": "Adresa za naplatu",
+    "shippingAddress": "Adresa za dostavu",
+    "website": "Sajt"
+  },
+  "links": {
+    "meetings": "Sastanci",
+    "calls": "Pozivi",
+    "tasks": "Zadaci"
+  },
+  "labels": {
+    "Create {entityType}": "Kreiraj {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/Event.json

@@ -0,0 +1,35 @@
+{
+  "fields": {
+    "parent": "Nadređen",
+    "dateStart": "Početni datum",
+    "dateEnd": "Završni datum",
+    "duration": "Trajanje",
+    "reminders": "Podsjetnici"
+  },
+  "links": {
+    "parent": "Nadređen"
+  },
+  "options": {
+    "status": {
+      "Planned": "Planiran",
+      "Held": "Održan",
+      "Not Held": "Nije održan"
+    }
+  },
+  "labels": {
+    "Create {entityType}": "Kreiraj {entityTypeTranslated}",
+    "Schedule {entityType}": "Zakaži {entityTypeTranslated}",
+    "Log {entityType}": "Zabilježi {entitiTipeTranslated}",
+    "Set Held": "Postavi kao održano",
+    "Set Not Held": "Postavi kao nije održano"
+  },
+  "massActions": {
+    "setHeld": "Postavi kao održano",
+    "setNotHeld": "Postavi kao nije održano"
+  },
+  "presetFilters": {
+    "planned": "Planiran",
+    "held": "Održan",
+    "todays": "Današnji"
+  }
+}

application/Espo/Core/Templates/i18n/hr_HR/Person.json

@@ -0,0 +1,13 @@
+{
+  "fields": {
+    "address": "Adresa"
+  },
+  "links": {
+    "meetings": "Sastanci",
+    "calls": "Pozivi",
+    "tasks": "Zadaci"
+  },
+  "labels": {
+    "Create {entityType}": "Kreiraj {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/hu_HU/Base.json

@@ -0,0 +1,5 @@
+{
+  "labels": {
+    "Create {entityType}": "{EntityTypeTranslated} létrehozása"
+  }
+}