fix

.gitignore

@@ -15,4 +15,5 @@ npm-debug.log
 /tests/integration/config.php
 composer.phar
 vendor/
-/custom/Espo/Custom/*
+/custom/Espo/Custom/*
+/install/config.php

.htaccess

@@ -9,13 +9,9 @@ DirectoryIndex index.php index.html
 
   # PROTECTED DIRECTORIES
   RewriteCond %{REQUEST_FILENAME} -d
-  RewriteRule ^/?(data|api|client)/ - [F]
+  RewriteRule ^/?(api|client)/ - [F]
 
-  RewriteRule ^/?data/config\.php$ - [F]
-  RewriteRule ^/?data/logs/ - [F]
-  RewriteRule ^/?data/cache/ - [F]
-  RewriteRule ^/?data/upload/ - [F]
-  RewriteRule ^/?data/\.backup/ - [F]
+  RewriteRule ^/?data/ - [F]
   RewriteRule ^/?application/ - [F]
   RewriteRule ^/?custom/ - [F]
   RewriteRule ^/?vendor/ - [F]

Gruntfile.js

@@ -126,7 +126,7 @@ module.exports = function (grunt) {
             start: ['build/EspoCRM-*'],
             final: ['build/tmp'],
             beforeFinal: {
-                src: ['build/tmp/custom/Espo/Custom/*', '!build/tmp/custom/Espo/Custom/.htaccess']
+                src: ['build/tmp/custom/Espo/Custom/*', '!build/tmp/custom/Espo/Custom/.htaccess', 'build/tmp/install/config.php']
             }
         },
         less: lessData,
@@ -190,6 +190,7 @@ module.exports = function (grunt) {
                     'extension.php',
                     'websocket.php',
                     'command.php',
+                    'oauth-callback.php',
                     'index.php',
                     'LICENSE.txt',
                     '.htaccess',

README.md

@@ -9,7 +9,7 @@ Download the latest release from our [website](http://www.espocrm.com).
 ### Requirements
 
 * PHP 7.1 or above (with pdo, json, gd, openssl, zip, imap, mbstring, curl extensions);
-* MySQL 5.5.3 or above, or MariaDB.
+* MySQL 5.6.0 or above, or MariaDB.
 
 For more information about server configuration see [this article](https://www.espocrm.com/documentation/administration/server-configuration/).
 

application/Espo/Acl/Note.php

@@ -46,6 +46,21 @@ class Note extends \Espo\Core\Acl\Base
         return false;
     }
 
+    public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
+    {
+        if ($entity->get('parentId') && $entity->get('parentType')) {
+            $parent = $this->getEntityManager()->getEntity($entity->get('parentType'), $entity->get('parentId'));
+            if ($parent) {
+                if ($this->getAclManager()->checkEntity($user, $parent, 'stream')) {
+                    return true;
+                }
+            }
+            return false;
+        }
+
+        return true;
+    }
+
     public function checkEntityEdit(EntityUser $user, Entity $entity, $data)
     {
         if ($user->isAdmin()) {

application/Espo/Acl/Webhook.php

@@ -0,0 +1,73 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Webhook extends \Espo\Core\Acl\Base
+{
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        return $user->id === $entity->get('userId') && $user->isApi();
+    }
+
+    public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if (!$data) return false;
+        if ($user->isApi() && $user->id === $entity->get('userId')) return true;
+        return false;
+    }
+
+    public function checkEntityRead(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if (!$data) return false;
+        if ($user->isApi() && $user->id === $entity->get('userId')) return true;
+        return false;
+    }
+
+    public function checkEntityDelete(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if (!$data) return false;
+        if ($user->isApi() && $user->id === $entity->get('userId')) return true;
+        return false;
+    }
+
+    public function checkEntityEdit(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if (!$data) return false;
+        if ($user->isApi() && $user->id === $entity->get('userId')) return true;
+        return false;
+    }
+}

application/Espo/AclPortal/Note.php

@@ -41,5 +41,26 @@ class Note extends \Espo\Core\AclPortal\Base
         }
         return false;
     }
-}
 
+    public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
+    {
+        if ($entity->get('type') !== 'Post') return false;
+
+        if ($entity->get('type') === 'Post' && $entity->get('targetType')) {
+            return false;
+        }
+
+        if (!$entity->get('parentId') || !$entity->get('parentType')) {
+            return false;
+        }
+
+        $parent = $this->getEntityManager()->getEntity($entity->get('parentType'), $entity->get('parentId'));
+        if ($parent) {
+            if ($this->getAclManager()->checkEntity($user, $parent, 'stream')) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}

application/Espo/Controllers/ActionHistoryRecord.php

@@ -67,4 +67,9 @@ class ActionHistoryRecord extends \Espo\Core\Controllers\Record
     {
         throw new Forbidden();
     }
+
+    public function beforeMassConvertCurrency()
+    {
+        throw new Forbidden();
+    }
 }

application/Espo/Controllers/AuthLogRecord.php

@@ -64,4 +64,9 @@ class AuthLogRecord extends \Espo\Core\Controllers\Record
     {
         throw new Forbidden();
     }
+
+    public function beforeMassConvertCurrency()
+    {
+        throw new Forbidden();
+    }
 }

application/Espo/Controllers/AuthToken.php

@@ -94,4 +94,9 @@ class AuthToken extends \Espo\Core\Controllers\Record
     {
         throw new Forbidden();
     }
+
+    public function beforeMassConvertCurrency()
+    {
+        throw new Forbidden();
+    }
 }

application/Espo/Controllers/DashboardTemplate.php

@@ -0,0 +1,67 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
+
+class DashboardTemplate extends \Espo\Core\Controllers\Record
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function postActionDeployToUsers($params, $data)
+    {
+        if (empty($data->id)) throw new BadRequest();
+        if (empty($data->userIdList)) throw new BadRequest();
+
+        return $this->getServiceFactory()->create('DashboardTemplate')->deployToUsers(
+            $data->id,
+            $data->userIdList,
+            !empty($data->append)
+        );
+    }
+
+    public function postActionDeployToTeam($params, $data)
+    {
+        if (empty($data->id)) throw new BadRequest();
+        if (empty($data->teamId)) throw new BadRequest();
+
+        return $this->getServiceFactory()->create('DashboardTemplate')->deployToTeam(
+            $data->id,
+            $data->teamId,
+            !empty($data->append)
+        );
+    }
+}

application/Espo/Controllers/EntityManager.php

@@ -92,6 +92,9 @@ class EntityManager extends \Espo\Core\Controllers\Base
         if (isset($data['fullTextSearch'])) {
             $params['fullTextSearch'] = $data['fullTextSearch'];
         }
+        if (isset($data['countDisabled'])) {
+            $params['countDisabled'] = $data['countDisabled'];
+        }
 
         $params['kanbanViewMode'] = !empty($data['kanbanViewMode']);
         if (!empty($data['kanbanStatusIgnoreList'])) {

application/Espo/Controllers/ExternalAccount.php

@@ -47,17 +47,27 @@ class ExternalAccount extends \Espo\Core\Controllers\Record
     public function actionList($params, $data, $request)
     {
         $integrations = $this->getEntityManager()->getRepository('Integration')->find();
-        $arr = array();
+
+        $list = [];
         foreach ($integrations as $entity) {
             if ($entity->get('enabled') && $this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts')) {
-                $arr[] = array(
+
+                $userAccountAclScope = $this->getMetadata()->get(['integrations', $entity->id, 'userAccountAclScope']);
+
+                if ($userAccountAclScope) {
+                    if (!$this->getAcl()->checkScope($userAccountAclScope)) {
+                        continue;
+                    }
+                }
+
+                $list[] = [
                     'id' => $entity->id
-                );
+                ];
             }
         }
-        return array(
-            'list' => $arr
-        );
+        return [
+            'list' => $list
+        ];
     }
 
     public function actionGetOAuth2Info($params, $data, $request)

application/Espo/Controllers/FieldManager.php

@@ -121,6 +121,8 @@ class FieldManager extends \Espo\Core\Controllers\Base
 
         $this->getContainer()->get('fieldManager')->resetToDefault($data->scope, $data->name);
 
+        $this->getContainer()->get('dataManager')->clearCache();
+
         $this->getContainer()->get('dataManager')->rebuildMetadata();
 
         return true;

application/Espo/Controllers/I18n.php

@@ -33,9 +33,13 @@ class I18n extends \Espo\Core\Controllers\Base
 {
     public function actionRead($params, $data, $request)
     {
-        if ($request->get('default')) {
+        $default = $request->get('default') === 'true';
+
+        return $this->getServiceFactory()->create('Language')->getDataForFrontend($default);
+
+        /*if ($request->get('default')) {
             return $this->getContainer()->get('defaultLanguage')->getAll();
         }
-        return $this->getContainer()->get('language')->getAll();
+        return $this->getContainer()->get('language')->getAll();*/
     }
 }

application/Espo/Controllers/Layout.php

@@ -39,11 +39,7 @@ class Layout extends \Espo\Core\Controllers\Base
 {
     public function actionRead($params, $data)
     {
-        $data = $this->getContainer()->get('layout')->get($params['scope'], $params['name']);
-        if (empty($data)) {
-            throw new NotFound("Layout " . $params['scope'] . ":" . $params['name'] . ' is not found.');
-        }
-        return $data;
+        return $this->getServiceFactory()->create('Layout')->getForFrontend($params['scope'], $params['name']);
     }
 
     public function actionUpdate($params, $data, $request)

application/Espo/Controllers/LeadCapture.php

@@ -69,4 +69,11 @@ class LeadCapture extends \Espo\Core\Controllers\Record
 
         return $this->getRecordService()->generateNewApiKeyForEntity($data->id)->getValueMap();
     }
+
+    public function getActionSmtpAccountDataList()
+    {
+        if (!$this->getUser()->isAdmin()) throw new Forbidden();
+
+        return $this->getServiceFactory()->create('LeadCapture')->getSmtpAccountDataList();
+    }
 }

application/Espo/Controllers/Metadata.php

@@ -36,7 +36,7 @@ class Metadata extends \Espo\Core\Controllers\Base
 
     public function actionRead($params, $data)
     {
-        return $this->getMetadata()->getAllForFrontend();
+        return $this->getServiceFactory()->create('Metadata')->getDataForFrontend();
     }
 
     public function getActionGet($params, $data, $request)

application/Espo/Controllers/ScheduledJob.php

@@ -25,10 +25,12 @@
  *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
- ************************************************************************/ 
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
+use Espo\Core\Exceptions\Forbidden;
+
 class ScheduledJob extends \Espo\Core\Controllers\Record
 {
     protected function checkControllerAccess()

application/Espo/Controllers/ScheduledJobLogRecord.php

@@ -25,10 +25,12 @@
  *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
- ************************************************************************/ 
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
+use Espo\Core\Exceptions\Forbidden;
+
 class ScheduledJobLogRecord extends \Espo\Core\Controllers\Record
 {
     protected function checkControllerAccess()
@@ -38,4 +40,3 @@ class ScheduledJobLogRecord extends \Espo\Core\Controllers\Record
         }
     }
 }
-

application/Espo/Controllers/Settings.php

@@ -29,18 +29,22 @@
 
 namespace Espo\Controllers;
 
-use \Espo\Core\Exceptions\Error;
-use \Espo\Core\Exceptions\Forbidden;
-use \Espo\Core\Exceptions\BadRequest;
+use Espo\Core\Exceptions\Forbidden;
+use Espo\Core\Exceptions\BadRequest;
 
 class Settings extends \Espo\Core\Controllers\Base
 {
-
     protected function getConfigData()
     {
         $data = $this->getServiceFactory()->create('Settings')->getConfigData();
 
-        $data->jsLibs = $this->getMetadata()->get('app.jsLibs');
+        $data->jsLibs = $this->getMetadata()->get(['app', 'jsLibs']);
+
+        unset($data->loginView);
+        $loginView = $this->getMetadata()->get(['clientDefs', 'App', 'loginView']);
+        if ($loginView) {
+            $data->loginView = $loginView;
+        }
 
         return $data;
     }

application/Espo/Controllers/Stream.php

@@ -46,6 +46,7 @@ class Stream extends \Espo\Core\Controllers\Base
         $maxSize = intval($request->get('maxSize'));
         $after = $request->get('after');
         $filter = $request->get('filter');
+        $skipOwn = $request->get('skipOwn') === 'true';
 
         $service = $this->getService('Stream');
 
@@ -61,7 +62,8 @@ class Stream extends \Espo\Core\Controllers\Base
             'offset' => $offset,
             'maxSize' => $maxSize,
             'after' => $after,
-            'filter' => $filter
+            'filter' => $filter,
+            'skipOwn' => $skipOwn,
         ]);
 
         return (object) [
@@ -96,7 +98,7 @@ class Stream extends \Espo\Core\Controllers\Base
             'maxSize' => $maxSize,
             'after' => $after,
             'filter' => 'posts',
-            'where' => $where
+            'where' => $where,
         ]);
 
         return (object) [

application/Espo/Controllers/User.php

@@ -69,24 +69,28 @@ class User extends \Espo\Core\Controllers\Record
             throw new BadRequest();
         }
 
-        $p = $this->getEntityManager()->getRepository('PasswordChangeRequest')->where(array(
-            'requestId' => $data->requestId
-        ))->findOne();
+        if ($this->getConfig()->get('passwordRecoveryDisabled')) {
+            throw new Forbidden("Password recovery disabled");
+        }
 
-        if (!$p) {
+        $request = $this->getEntityManager()->getRepository('PasswordChangeRequest')->where([
+            'requestId' => $data->requestId
+        ])->findOne();
+
+        if (!$request) {
             throw new Forbidden();
         }
-        $userId = $p->get('userId');
+
+        $userId = $request->get('userId');
         if (!$userId) {
             throw new Error();
         }
 
-        $this->getEntityManager()->removeEntity($p);
-
         if ($this->getService('User')->changePassword($userId, $data->password)) {
-            return array(
-                'url' => $p->get('url')
-            );
+            $this->getEntityManager()->removeEntity($request);
+            return [
+                'url' => $request->get('url')
+            ];
         }
     }
 
@@ -113,6 +117,14 @@ class User extends \Espo\Core\Controllers\Record
         return $this->getRecordService()->generateNewApiKeyForEntity($data->id)->getValueMap();
     }
 
+    public function postActionGenerateNewPassword($params, $data, $request)
+    {
+        if (empty($data->id)) throw new BadRequest();
+        if (!$this->getUser()->isAdmin()) throw new Forbidden();
+        $this->getRecordService()->generateNewPasswordForUser($data->id);
+        return true;
+    }
+
     public function beforeCreateLink()
     {
         if (!$this->getUser()->isAdmin()) throw new Forbidden();

application/Espo/Controllers/UserSecurity.php

@@ -0,0 +1,77 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\NotFound;
+use \Espo\Core\Exceptions\BadRequest;
+
+class UserSecurity extends \Espo\Core\Controllers\Base
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin() && !$this->getUser()->isRegular()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function getActionRead($params, $data, $request)
+    {
+        $id = $params['id'] ?? null;
+
+        if (!$id) throw new BadRequest();
+        if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
+
+        return $this->getService('UserSecurity')->read($id);
+    }
+
+    public function postActionGenerate2FAData($params, $data)
+    {
+        $data = $data ?? (object) [];
+        $id = $data->id;
+
+        if (!$id) throw new BadRequest();
+        if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
+
+        return $this->getService('UserSecurity')->generate2FAData($id, $data);
+    }
+
+    public function putActionUpdate($params, $data)
+    {
+        $id = $params['id'] ?? null;
+        $data = $data ?? (object) [];
+
+        if (!$id) throw new BadRequest();
+        if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
+
+        return $this->getService('UserSecurity')->update($id, $data);
+    }
+}

application/Espo/Controllers/Webhook.php

@@ -0,0 +1,50 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\Forbidden;
+
+class Webhook extends \Espo\Core\Controllers\Record
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin() && !$this->getUser()->isApi()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function actionCreate($params, $data, $request, $response = null)
+    {
+        $result = parent::actionCreate($params, $data, $request, $response);
+        if ($response) $response->setStatus(201);
+        return $result;
+    }
+}

application/Espo/Core/Acl/GlobalRestricton.php

@@ -60,21 +60,45 @@ class GlobalRestricton
     public function __construct(
         \Espo\Core\Utils\Metadata $metadata,
         \Espo\Core\Utils\File\Manager $fileManager,
-        \Espo\Core\Utils\FieldManagerUtil $fieldManagerUtil
+        \Espo\Core\Utils\FieldManagerUtil $fieldManagerUtil,
+        bool $useCache = true
     )
     {
         $this->metadata = $metadata;
         $this->fileManager = $fileManager;
         $this->fieldManagerUtil = $fieldManagerUtil;
 
-        if (!file_exists($this->cacheFilePath)) {
-            $this->buildCacheFile();
+        $isFromCache = false;
+
+        if ($useCache) {
+            if (file_exists($this->cacheFilePath)) {
+                $this->data = include($this->cacheFilePath);
+                $isFromCache = true;
+
+                if (!($this->data instanceof \StdClass)) {
+                    $GLOBALS['log']->error("ACL GlobalRestricton: Bad data fetched from cache.");
+                    $this->data = null;
+                }
+            }
         }
 
-        $this->data = include($this->cacheFilePath);
+        if (!$this->data) {
+            $this->buildData();
+        }
+
+        if ($useCache) {
+            if (!$isFromCache) {
+                $this->storeCacheFile();
+            }
+        }
     }
 
-    protected function buildCacheFile()
+    protected function storeCacheFile()
+    {
+        $this->getFileManager()->putPhpContents($this->cacheFilePath, $this->data, true);
+    }
+
+    protected function buildData()
     {
         $scopeList = array_keys($this->getMetadata()->get(['entityDefs'], []));
 
@@ -127,8 +151,6 @@ class GlobalRestricton
         }
 
         $this->data = $data;
-
-        $this->getFileManager()->putPhpContents($this->cacheFilePath, $data, true);
     }
 
     protected function getMetadata()

application/Espo/Core/Acl/Table.php

@@ -88,7 +88,7 @@ class Table
         if ($this->isStrictModeForced) {
             $this->isStrictMode = true;
         } else {
-            $this->isStrictMode = $config->get('aclStrictMode', false);
+            $this->isStrictMode = $config->get('aclStrictMode', true);
         }
 
         $this->user = $user;

application/Espo/Core/AclManager.php

@@ -59,7 +59,8 @@ class AclManager
         $this->globalRestricton = new \Espo\Core\Acl\GlobalRestricton(
             $container->get('metadata'),
             $container->get('fileManager'),
-            $container->get('fieldManagerUtil')
+            $container->get('fieldManagerUtil'),
+            $container->get('config')->get('useCache')
         );
     }
 

application/Espo/Core/AclPortal/Base.php

@@ -104,6 +104,13 @@ class Base extends \Espo\Core\Acl\Base
             }
             if ($inAccount) {
                 return true;
+            } else {
+                if (is_null($isOwnContact) && $entity) {
+                    $isOwnContact = $this->checkIsOwnContact($user, $entity);
+                }
+                if ($isOwnContact) {
+                    return true;
+                }
             }
         }
 
@@ -117,7 +124,6 @@ class Base extends \Espo\Core\Acl\Base
         }
 
         return false;
-
     }
 
     public function checkReadOnlyAccount(User $user, $data)
@@ -152,13 +158,13 @@ class Base extends \Espo\Core\Acl\Base
     {
         $accountIdList = $user->getLinkMultipleIdList('accounts');
         if (count($accountIdList)) {
-            if ($entity->hasAttribute('accountId')) {
+            if ($entity->hasAttribute('accountId') && $entity->getRelationParam('account', 'entity') === 'Account') {
                 if (in_array($entity->get('accountId'), $accountIdList)) {
                     return true;
                 }
             }
 
-            if ($entity->hasRelation('accounts')) {
+            if ($entity->hasRelation('accounts') && $entity->getRelationParam('accounts', 'entity') === 'Account') {
                 $repository = $this->getEntityManager()->getRepository($entity->getEntityType());
                 foreach ($accountIdList as $accountId) {
                     if ($repository->isRelated($entity, 'accounts', $accountId)) {
@@ -183,13 +189,13 @@ class Base extends \Espo\Core\Acl\Base
     {
         $contactId = $user->get('contactId');
         if ($contactId) {
-            if ($entity->hasAttribute('contactId')) {
+            if ($entity->hasAttribute('contactId') && $entity->getRelationParam('contact', 'entity') === 'Contact') {
                 if ($entity->get('contactId') === $contactId) {
                     return true;
                 }
             }
 
-            if ($entity->hasRelation('contacts')) {
+            if ($entity->hasRelation('contacts') && $entity->getRelationParam('contacts', 'entity') === 'Contact') {
                 $repository = $this->getEntityManager()->getRepository($entity->getEntityType());
                 if ($repository->isRelated($entity, 'contacts', $contactId)) {
                     return true;
@@ -207,6 +213,4 @@ class Base extends \Espo\Core\Acl\Base
 
         return false;
     }
-
 }
-

application/Espo/Core/Application.php

@@ -133,7 +133,9 @@ class Application
 
             $slim->run();
         } catch (\Exception $e) {
-            $container->get('output')->processError($e->getMessage(), $e->getCode(), true, $e);
+            try {
+                $container->get('output')->processError($e->getMessage(), $e->getCode(), true, $e);
+            } catch (\Slim\Exception\Stop $e) {}
         }
     }
 
@@ -179,7 +181,7 @@ class Application
                 }
             }
             $processList = array_values($processList);
-            if (count($runningCount) >= $maxProcessNumber) {
+            if ($runningCount >= $maxProcessNumber) {
                 $toSkip = true;
             }
             if (!$toSkip) {

application/Espo/Core/Console/Commands/Upgrade.php

@@ -29,9 +29,137 @@
 
 namespace Espo\Core\Console\Commands;
 
+use Espo\Core\Exceptions\Error;
+
 class Upgrade extends Base
 {
-    public function run()
+    protected $upgradeManager;
+
+    protected $upgradeStepList = [
+        'copyBefore',
+        'rebuild',
+        'beforeUpgradeScript',
+        'rebuild',
+        'copy',
+        'rebuild',
+        'copyAfter',
+        'rebuild',
+        'afterUpgradeScript',
+        'rebuild',
+    ];
+
+    public function run($options, $flagList, $argumentList)
+    {
+        $params = $this->normalizeParams($options, $flagList, $argumentList);
+
+        switch ($params['mode']) {
+            case 'local':
+                $this->runLocalUpgrade($params);
+                break;
+
+            default:
+            case 'remote':
+                $this->runRemoteUpgrade($params);
+                break;
+        }
+    }
+
+    /**
+     * Normalize params. Permitted options and flags and $arguments:
+     * -y - without confirmation
+     * -s - single process
+     * --file="EspoCRM-upgrade.zip"
+     * --step="beforeUpgradeScript"
+     * @param  array $options
+     * @param  array $flagList
+     * @param  array $argumentList
+     * @return array
+     */
+    protected function normalizeParams($options, $flagList, $argumentList)
+    {
+        $params = [
+            'mode' => 'remote',
+            'skipConfirmation' => false,
+            'singleProcess' => false,
+        ];
+
+        if (!empty($options['file'])) {
+            $params['mode'] = 'local';
+            $params['file'] = $options['file'];
+        }
+
+        if (in_array('y', $flagList)) {
+            $params['skipConfirmation'] = true;
+        }
+
+        if (in_array('s', $flagList)) {
+            $params['singleProcess'] = true;
+        }
+
+        if (!empty($options['step'])) {
+            $params['step'] = $options['step'];
+        }
+
+        return $params;
+    }
+
+    protected function runLocalUpgrade(array $params)
+    {
+        if (empty($params['file']) || !file_exists($params['file'])) {
+            echo "Upgrade package is not found.\n";
+            return;
+        }
+
+        $packageFile = $params['file'];
+        $fromVersion = $this->getConfig()->get('version');
+
+        fwrite(\STDOUT, "Current version is {$fromVersion}.\n");
+
+        $upgradeId = $this->upload($packageFile);
+        $manifest = $this->getUpgradeManager()->getManifestById($upgradeId);
+        $nextVersion = $manifest['version'];
+
+        if (!$params['skipConfirmation']) {
+            fwrite(\STDOUT, "EspoCRM will be upgraded to version {$nextVersion} now. Enter [Y] to continue.\n");
+
+            if (!$this->confirm()) {
+                echo "Upgrade canceled.\n";
+                return;
+            }
+        }
+
+        fwrite(\STDOUT, "Upgrading... This may take a while...");
+
+        try {
+            $this->runUpgradeProcess($upgradeId, $params);
+        } catch (\Exception $e) {
+            fwrite(\STDOUT, "\n");
+            fwrite(\STDOUT, $e->getMessage() . "\n");
+            return;
+        }
+
+        fwrite(\STDOUT, "\n");
+
+        $app = new \Espo\Core\Application();
+        $currentVerison = $app->getContainer()->get('config')->get('version');
+
+        fwrite(\STDOUT, "Upgrade is complete. Current version is {$currentVerison}.\n");
+
+        $infoData = $this->getVersionInfo();
+        $lastVersion = $infoData->lastVersion ?? null;
+
+        if ($lastVersion && $lastVersion !== $currentVerison && $fromVersion !== $currentVerison) {
+            fwrite(\STDOUT, "Newer version is available.\n");
+            return;
+        }
+
+        if ($lastVersion && $lastVersion === $currentVerison) {
+            fwrite(\STDOUT, "You have the latest version.\n");
+            return;
+        }
+    }
+
+    protected function runRemoteUpgrade(array $params)
     {
         $infoData = $this->getVersionInfo();
         if (!$infoData) return;
@@ -48,11 +176,13 @@ class Upgrade extends Base
             return;
         }
 
-        fwrite(\STDOUT, "EspoCRM will be upgaded to version {$nextVersion} now. Type 'Y' to continue.\n");
+        if (!$params['skipConfirmation']) {
+            fwrite(\STDOUT, "EspoCRM will be upgraded to version {$nextVersion} now. Enter [Y] to continue.\n");
 
-        if (!$this->confirm()) {
-            echo "Upgrade canceled.\n";
-            return;
+            if (!$this->confirm()) {
+                echo "Upgrade canceled.\n";
+                return;
+            }
         }
 
         fwrite(\STDOUT, "Downloading...");
@@ -64,13 +194,22 @@ class Upgrade extends Base
 
         fwrite(\STDOUT, "Upgrading... This may take a while...");
 
-        $this->upgrade($upgradePackageFilePath);
+        $upgradeId = $this->upload($upgradePackageFilePath);
+
+        try {
+            $this->runUpgradeProcess($upgradeId, $params);
+        } catch (\Exception $e) {
+            $error = $e->getMessage();
+        }
+
+        $this->getFileManager()->unlink($upgradePackageFilePath);
 
         fwrite(\STDOUT, "\n");
 
-        fwrite(\STDOUT, $resultText);
-
-        $this->getFileManager()->unlink($upgradePackageFilePath);
+        if (!empty($error)) {
+            echo $error;
+            return;
+        }
 
         $app = new \Espo\Core\Application();
         $currentVerison = $app->getContainer()->get('config')->get('version');
@@ -88,22 +227,66 @@ class Upgrade extends Base
         }
     }
 
-    protected function upgrade($filePath)
+    protected function upload($filePath)
     {
-        $app = new \Espo\Core\Application();
-        $app->setupSystemUser();
-
-        $upgradeManager = new \Espo\Core\UpgradeManager($app->getContainer());
-
         try {
             $fileData = file_get_contents($filePath);
             $fileData = 'data:application/zip;base64,' . base64_encode($fileData);
-
-            $upgradeId = $upgradeManager->upload($fileData);
-            $upgradeManager->install(['id' => $upgradeId]);
+            $upgradeId = $this->getUpgradeManager()->upload($fileData);
         } catch (\Exception $e) {
             die("Error: " . $e->getMessage() . "\n");
         }
+
+        return $upgradeId;
+    }
+
+    protected function runUpgradeProcess($upgradeId, array $params = [])
+    {
+        $useSingleProcess = array_key_exists('singleProcess', $params) ? $params['singleProcess'] : false;
+
+        $stepList = !empty($params['step']) ? [$params['step']] : $this->upgradeStepList;
+        array_unshift($stepList, 'init');
+        array_push($stepList, 'finalize');
+
+        if (!$useSingleProcess && $this->isShellEnabled()) {
+            return $this->runSteps($upgradeId, $stepList);
+        }
+
+        return $this->runStepsInSingleProcess($upgradeId, $stepList);
+    }
+
+    protected function runStepsInSingleProcess($upgradeId, array $stepList)
+    {
+        $GLOBALS['log']->debug('Installation process ['.$upgradeId.']: Single process mode.');
+
+        try {
+            foreach ($stepList as $stepName) {
+                $upgradeManager = $this->getUpgradeManager(true);
+                $upgradeManager->runInstallStep($stepName, ['id' => $upgradeId]);
+            }
+        } catch (\Exception $e) {
+            $GLOBALS['log']->error('Upgrade Error: ' . $e->getMessage());
+            throw new Error($e->getMessage());
+        }
+
+        return true;
+    }
+
+    protected function runSteps($upgradeId, array $stepList)
+    {
+        $phpExecutablePath = $this->getPhpExecutablePath();
+
+        foreach ($stepList as $stepName) {
+            $command = $phpExecutablePath . " command.php upgrade-step --step=". ucfirst($stepName) ." --id=". $upgradeId;
+
+            $shellResult = shell_exec($command);
+            if ($shellResult !== 'true') {
+                $GLOBALS['log']->error('Upgrade Error: ' . $shellResult);
+                throw new Error($shellResult);
+            }
+        }
+
+        return true;
     }
 
     protected function confirm()
@@ -127,6 +310,29 @@ class Upgrade extends Base
         return $this->getContainer()->get('fileManager');
     }
 
+    protected function getUpgradeManager($reload = false)
+    {
+        if (!$this->upgradeManager || $reload) {
+            $app = new \Espo\Core\Application();
+            $app->setupSystemUser();
+
+            $this->upgradeManager = new \Espo\Core\UpgradeManager($app->getContainer());
+        }
+
+        return $this->upgradeManager;
+    }
+
+    protected function getPhpExecutablePath()
+    {
+        $phpExecutablePath = $this->getConfig()->get('phpExecutablePath');
+
+        if (!$phpExecutablePath) {
+            $phpExecutablePath = (new \Symfony\Component\Process\PhpExecutableFinder)->find();
+        }
+
+        return $phpExecutablePath;
+    }
+
     protected function getVersionInfo()
     {
         $url = 'https://s.espocrm.com/upgrade/next/';
@@ -183,4 +389,18 @@ class Upgrade extends Base
 
         return realpath($localFilePath);
     }
+
+    protected function isShellEnabled()
+    {
+        if (!function_exists('exec') || !is_callable('shell_exec')) {
+            return false;
+        }
+
+        $result = shell_exec("echo test");
+        if (empty($result)) {
+            return false;
+        }
+
+        return true;
+    }
 }

application/Espo/Core/Console/Commands/UpgradeStep.php

@@ -0,0 +1,71 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Console\Commands;
+
+class UpgradeStep extends Base
+{
+    public function run($options, $flagList, $argumentList)
+    {
+        if (empty($options['step'])) {
+            echo "Step is not specified.\n";
+            return;
+        }
+
+        if (empty($options['id'])) {
+            echo "Upgrade ID is not specified.\n";
+            return;
+        }
+
+        $stepName = $options['step'];
+        $upgradeId = $options['id'];
+
+        return $this->runUpgradeStep($stepName, ['id' => $upgradeId]);
+    }
+
+    protected function runUpgradeStep($stepName, array $params)
+    {
+        $app = new \Espo\Core\Application();
+        $app->setupSystemUser();
+
+        $upgradeManager = new \Espo\Core\UpgradeManager($app->getContainer());
+
+        try {
+            $result = $upgradeManager->runInstallStep($stepName, $params); // throw Exception on error
+        } catch (\Exception $e) {
+            die("Error: " . $e->getMessage() . "\n");
+        }
+
+        if (is_bool($result)) {
+            $result = $result ? "true" : "false";
+        }
+
+        return $result;
+    }
+}

application/Espo/Core/Container.php

@@ -291,7 +291,7 @@ class Container
             'en_US',
             $this->get('fileManager'),
             $this->get('metadata'),
-            $this->get('useCache')
+            $this->get('config')->get('useCache')
         );
     }
 
@@ -301,7 +301,7 @@ class Container
             \Espo\Core\Utils\Language::detectLanguage($this->get('config')),
             $this->get('fileManager'),
             $this->get('metadata'),
-            $this->get('useCache')
+            $this->get('config')->get('useCache')
         );
     }
 

application/Espo/Core/Controllers/Record.php

@@ -536,4 +536,50 @@ class Record extends Base
 
         return $this->getRecordService()->restoreDeleted($id);
     }
+
+    public function postActionMassConvertCurrency($params, $data, $request)
+    {
+        if (!$this->getAcl()->checkScope($this->name, 'edit')) throw new Forbidden();
+        if ($this->getAcl()->get('massUpdatePermission') !== 'yes') throw new Forbidden();
+
+        $fieldList = $data->fieldList ?? null;
+        if (!empty($data->field)) {
+            if (!is_array($fieldList)) $fieldList = [];
+            $fieldList[] = $data->field;
+        }
+
+        $params = [];
+        if (property_exists($data, 'where') && !empty($data->byWhere)) {
+            $params['where'] = json_decode(json_encode($data->where), true);
+            if (property_exists($data, 'selectData')) {
+                $params['selectData'] = json_decode(json_encode($data->selectData), true);
+            }
+        } else if (property_exists($data, 'ids')) {
+            $params['ids'] = $data->ids;
+        }
+
+        if (empty($data->currencyRates)) throw new BadRequest();
+        if (empty($data->targetCurrency)) throw new BadRequest();
+        if (empty($data->baseCurrency)) throw new BadRequest();
+
+        return $this->getRecordService()->massConvertCurrency($params, $data->targetCurrency, $data->baseCurrency, $data->currencyRates, $fieldList);
+    }
+
+    public function postActionConvertCurrency($params, $data, $request)
+    {
+        if (!$this->getAcl()->checkScope($this->name, 'edit')) throw new Forbidden();
+
+        $fieldList = $data->fieldList ?? null;
+        if (!empty($data->field)) {
+            if (!is_array($fieldList)) $fieldList = [];
+            $fieldList[] = $data->field;
+        }
+
+        if (empty($data->id)) throw new BadRequest();
+        if (empty($data->currencyRates)) throw new BadRequest();
+        if (empty($data->targetCurrency)) throw new BadRequest();
+        if (empty($data->baseCurrency)) throw new BadRequest();
+
+        return $this->getRecordService()->convertCurrency($data->id, $data->targetCurrency, $data->baseCurrency, $data->currencyRates, $fieldList);
+    }
 }

application/Espo/Core/Exceptions/ConflictSilent.php

@@ -0,0 +1,35 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Exceptions;
+
+class ConflictSilent extends Conflict
+{
+    public $logLevel = 'notice';
+}

application/Espo/Core/Export/Xlsx.php

@@ -491,7 +491,14 @@ class Xlsx extends \Espo\Core\Injectable
 
                         $sheet->setCellValue("$col$rowNumber", $value);
                     }
-
+                } else if ($type == 'multiEnum' || $type == 'array') {
+                    if (!empty($row[$name])) {
+                        $array = json_decode($row[$name]);
+                        if (is_array($array)) {
+                            $value = implode(', ', $array);
+                            $sheet->setCellValue("$col$rowNumber", $value, \PhpOffice\PhpSpreadsheet\Cell\DataType::TYPE_STRING);
+                        }
+                    }
                 } else {
                     if (array_key_exists($name, $row)) {
                         $sheet->setCellValueExplicit("$col$rowNumber", $row[$name], \PhpOffice\PhpSpreadsheet\Cell\DataType::TYPE_STRING);

application/Espo/Core/ExternalAccount/ClientManager.php

@@ -69,7 +69,13 @@ class ClientManager
             $externalAccountEntity = $this->clientMap[$hash]['externalAccountEntity'];
             $externalAccountEntity->set('accessToken', $data['accessToken']);
             $externalAccountEntity->set('tokenType', $data['tokenType']);
-            $this->getEntityManager()->saveEntity($externalAccountEntity);
+
+            $copy = $this->getEntityManager()->getEntity('ExternalAccount', $externalAccountEntity->id);
+            if ($copy) {
+                $copy->set('accessToken', $data['accessToken']);
+                $copy->set('tokenType', $data['tokenType']);
+                $this->getEntityManager()->saveEntity($copy, ['isTokenRenewal' => true]);
+            }
         }
     }
 
@@ -87,7 +93,12 @@ class ClientManager
 
         $className = $this->getMetadata()->get("integrations.{$integration}.clientClassName");
 
-        $redirectUri = $this->getConfig()->get('siteUrl') . '?entryPoint=oauthCallback'; // TODO move to client class
+        $redirectUri = $this->getConfig()->get('siteUrl') . '?entryPoint=oauthCallback';
+
+        $redirectUriPath = $this->getMetadata()->get(['integrations', $integration, 'params', 'redirectUriPath']);
+        if ($redirectUriPath) {
+            $redirectUri = rtrim($this->getConfig()->get('siteUrl'), '/') . '/' . $redirectUriPath;
+        }
 
         if (!$externalAccountEntity) {
             throw new Error("External Account {$integration} not found for {$userId}");

application/Espo/Core/ExternalAccount/OAuth2/Client.php

@@ -187,7 +187,11 @@ class Client
 
         $curlOptHttpHeader = array();
         foreach ($httpHeaders as $key => $value) {
-             $curlOptHttpHeader[] = "{$key}: {$value}";
+            if (is_int($key) && !is_string($key)) {
+                $curlOptHttpHeader[] = $value;
+                continue;
+            }
+            $curlOptHttpHeader[] = "{$key}: {$value}";
         }
         $curlOptions[CURLOPT_HTTPHEADER] = $curlOptHttpHeader;
 

application/Espo/Core/FieldValidators/ChecklistType.php

@@ -0,0 +1,35 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\FieldValidators;
+
+class ChecklistType extends ArrayType
+{
+
+}

application/Espo/Core/Formula/Functions/EntityGroup/AddLinkMultipleIdType.php

@@ -65,7 +65,7 @@ class AddLinkMultipleIdType extends \Espo\Core\Formula\Functions\Base
             }
         } else {
             if (!is_string($id)) {
-                throw new Error();
+                return;
             }
             $this->getEntity()->addLinkMultipleId($link, $id);
         }

application/Espo/Core/Formula/Functions/EntityGroup/GetLinkColumnType.php

@@ -0,0 +1,58 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\EntityGroup;
+
+use \Espo\ORM\Entity;
+use \Espo\Core\Exceptions\Error;
+
+class GetLinkColumnType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+    }
+
+    public function process(\StdClass $item)
+    {
+        $args = $item->value ?? [];
+
+        if (!is_array($args)) throw new Error();
+        if (count($args) < 3) throw new Error("Formula: entity\\isRelated: no argument.");
+
+        $link = $this->evaluate($args[0]);
+        $id = $this->evaluate($args[1]);
+        $column = $this->evaluate($args[2]);
+
+        $entityType = $this->getEntity()->getEntityType($entityType);
+        $repository = $this->getInjection('entityManager')->getRepository($entityType);
+
+        return $repository->getRelationColumn($this->getEntity(), $link, $id, $column);
+    }
+}

application/Espo/Core/Formula/Functions/EntityGroup/SumRelatedType.php

@@ -97,7 +97,21 @@ class SumRelatedType extends \Espo\Core\Formula\Functions\Base
 
         $selectParams['select'] = [[$foreignLink . '.id', 'foreignId'], 'SUM:' . $field];
 
-        $foreignSelectManager->addJoin($foreignLink, $selectParams);
+        if ($entity->getRelationType($link) === 'hasChildren') {
+            $foreignSelectManager->addJoin([
+                $entity->getEntityType(),
+                $foreignLink,
+                [
+                     $foreignLink . '.id:' => $foreignLink . 'Id',
+                    'deleted' => false,
+                    $foreignLink . '.id!=' => null,
+                ]
+            ], $selectParams);
+            $selectParams['whereClause'][] = [$foreignLink . 'Type'  => $entity->getEntityType()];
+
+        } else {
+            $foreignSelectManager->addJoin($foreignLink, $selectParams);
+        }
 
         $selectParams['groupBy'] = [$foreignLink . '.id'];
 

application/Espo/Core/Formula/Functions/PasswordGroup/GenerateType.php

@@ -0,0 +1,54 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\PasswordGroup;
+
+use \Espo\ORM\Entity;
+use \Espo\Core\Exceptions\Error;
+
+class GenerateType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('config');
+    }
+
+    public function process(\StdClass $item)
+    {
+        $config = $this->getInjection('config');
+
+        $length = $config->get('passwordGenerateLength', 10);
+        $letterCount = $config->get('passwordGenerateLetterCount', 4);
+        $numberCount = $config->get('passwordGenerateNumberCount', 2);
+
+        $password = \Espo\Core\Utils\Util::generatePassword($length, $letterCount, $numberCount, true);
+
+        return $password;
+    }
+}

application/Espo/Core/Formula/Functions/PasswordGroup/HashType.php

@@ -0,0 +1,60 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\PasswordGroup;
+
+use \Espo\ORM\Entity;
+use \Espo\Core\Exceptions\Error;
+
+class HashType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('config');
+    }
+
+    public function process(\StdClass $item)
+    {
+        $args = $item->value ?? [];
+
+        if (!is_array($args)) throw new Error();
+        if (count($args) < 1)
+             throw new Error("Formula: password\\hash: no argument.");
+
+        $password = $this->evaluate($args[0]);
+
+        if (!is_string($password))
+             throw new Error("Formula: password\\hash: bad argument.");
+
+        $passwordHash = new \Espo\Core\Utils\PasswordHash($this->getInjection('config'));
+        $hash = $passwordHash->hash($password);
+
+        return $hash;
+    }
+}

application/Espo/Core/Formula/Functions/RecordGroup/AttributeType.php

@@ -0,0 +1,69 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\RecordGroup;
+
+use Espo\Core\Exceptions\Error;
+
+class AttributeType extends \Espo\Core\Formula\Functions\AttributeType
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+    }
+
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            throw new Error();
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 3) {
+            throw new Error();
+        }
+
+        $entityType = $this->evaluate($item->value[0]);
+        $id = $this->evaluate($item->value[1]);
+        $attribute = $this->evaluate($item->value[2]);
+
+        if (!$entityType) throw new Error("Formula record\\attribute: Empty entityType.");
+        if (!$id) return null;
+        if (!$attribute) throw new Error("Formula record\\attribute: Empty attribute.");
+
+        $entity = $this->getInjection('entityManager')->getEntity($entityType, $id);
+
+        if (!$entity) return null;
+
+        return $this->attributeFetcher->fetch($entity, $attribute);
+    }
+}

application/Espo/Core/Formula/Functions/RecordGroup/CountType.php

@@ -64,8 +64,13 @@ class CountType extends \Espo\Core\Formula\Functions\Base
 
             $selectManager = $this->getInjection('selectManagerFactory')->create($entityType);
             $selectParams = $selectManager->getEmptySelectParams();
+
             if ($filter) {
-                $selectManager->applyFilter($filter, $selectParams);
+                if (is_string($filter)) {
+                    $selectManager->applyFilter($filter, $selectParams);
+                } else {
+                    throw new Error("Formula record\\count: Bad filter.");
+                }
             }
 
             return $this->getInjection('entityManager')->getRepository($entityType)->count($selectParams);

application/Espo/Core/Formula/Functions/RecordGroup/FindOneType.php

@@ -0,0 +1,94 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\RecordGroup;
+
+use Espo\Core\Exceptions\Error;
+
+class FindOneType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+        $this->addDependency('selectManagerFactory');
+    }
+
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            throw new Error();
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 3) {
+            throw new Error();
+        }
+
+        $entityType = $this->evaluate($item->value[0]);
+        $orderBy = $this->evaluate($item->value[1]);
+        $order = $this->evaluate($item->value[2]) ?? 'asc';
+
+        $selectManager = $this->getInjection('selectManagerFactory')->create($entityType);
+        $selectParams = $selectManager->getEmptySelectParams();
+
+        if (count($item->value) <= 4) {
+            $filter = null;
+            if (count($item->value) == 4) {
+                $filter = $this->evaluate($item->value[3]);
+            }
+            if ($filter) {
+                if (!is_string($filter)) throw new Error("Formula record\\findOne: Bad filter.");
+                $selectManager->applyFilter($filter, $selectParams);
+            }
+        } else {
+            $whereClause = [];
+            $i = 3;
+            while ($i < count($item->value) - 1) {
+                $key = $this->evaluate($item->value[$i]);
+                $value = $this->evaluate($item->value[$i + 1]);
+                $whereClause[] = [$key => $value];
+                $i = $i + 2;
+            }
+            $selectParams['whereClause'] = $whereClause;
+        }
+
+        if ($orderBy) {
+            $selectManager->applyOrder($orderBy, $order, $selectParams);
+        }
+
+        $e = $this->getInjection('entityManager')->getRepository($entityType)->select(['id'])->findOne($selectParams);
+
+        if ($e) return $e->id;
+
+        return null;
+    }
+}

application/Espo/Core/Formula/Functions/RecordGroup/FindRelatedOneType.php

@@ -0,0 +1,121 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\RecordGroup;
+
+use Espo\Core\Exceptions\Error;
+
+class FindRelatedOneType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+        $this->addDependency('selectManagerFactory');
+    }
+
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            throw new Error();
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 5) {
+            throw new Error();
+        }
+
+        $entityManager = $this->getInjection('entityManager');
+
+        $entityType = $this->evaluate($item->value[0]);
+        $id = $this->evaluate($item->value[1]);
+        $link = $this->evaluate($item->value[2]);
+        $orderBy = $this->evaluate($item->value[3]);
+        $order = $this->evaluate($item->value[4]) ?? 'asc';
+
+        if (!$entityType) throw new Error("Formula record\\findRelatedOne: Empty entityType.");
+        if (!$id) return null;
+        if (!$link) throw new Error("Formula record\\findRelatedOne: Empty link.");
+
+        $entity = $entityManager->getEntity($entityType, $id);
+
+        if (!$entity) return null;
+
+        $relationType = $entity->getRelationParam($link, 'type');
+
+        $foreignEntityType = $entity->getRelationParam($link, 'entity');
+        if (!$foreignEntityType) throw new Error("Formula record\\findRelatedOne: Bad or not supported link '{$link}'.");
+
+        $foreignLink = $entity->getRelationParam($link, 'foreign');
+        if (!$foreignLink) throw new Error("Formula record\\findRelatedOne: Not supported link '{$link}'.");
+
+        $selectManager = $this->getInjection('selectManagerFactory')->create($foreignEntityType);
+        $selectParams = $selectManager->getEmptySelectParams();
+
+
+        if ($relationType === 'hasChildren') {
+            $selectParams['whereClause'][] = [$foreignLink . 'Id' => $entity->id];
+            $selectParams['whereClause'][] = [$foreignLink . 'Type' => $entity->getEntityType()];
+        } else {
+            $selectManager->addJoin($foreignLink, $selectParams);
+            $selectParams['whereClause'][] = [$foreignLink . '.id' => $entity->id];
+        }
+
+        if (count($item->value) <= 6) {
+            $filter = null;
+            if (count($item->value) == 6) {
+                $filter = $this->evaluate($item->value[3]);
+            }
+            if ($filter) {
+                if (!is_string($filter)) throw new Error("Formula record\\findRelatedOne: Bad filter.");
+                $selectManager->applyFilter($filter, $selectParams);
+            }
+        } else {
+            $i = 5;
+            while ($i < count($item->value) - 1) {
+                $key = $this->evaluate($item->value[$i]);
+                $value = $this->evaluate($item->value[$i + 1]);
+                $selectParams['whereClause'][] = [$key => $value];
+                $i = $i + 2;
+            }
+        }
+
+        if ($orderBy) {
+            $selectManager->applyOrder($orderBy, $order, $selectParams);
+        }
+
+        $e = $entityManager->getRepository($foreignEntityType)->select(['id'])->findOne($selectParams);
+
+        if ($e) return $e->id;
+
+        return null;
+    }
+}

application/Espo/Core/Formula/Functions/StringGroup/PosType.php

@@ -0,0 +1,51 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\StringGroup;
+
+use \Espo\Core\Exceptions\Error;
+
+class PosType extends \Espo\Core\Formula\Functions\Base
+{
+    public function process(\StdClass $item)
+    {
+        $args = $item->value ?? [];
+
+        if (count($args) < 2) throw new Error("Bad arguments passed to function string\\pos.");
+
+        $string = $this->evaluate($args[0]);
+        $needle = $this->evaluate($args[1]);
+
+        if (!is_string($string)) {
+            return false;
+        }
+
+        return mb_strpos($string, $needle);
+    }
+}

application/Espo/Core/Hooks/Base.php

@@ -44,6 +44,7 @@ abstract class Base implements Injectable
         'metadata',
         'aclManager',
         'user',
+        'serviceFactory',
     ];
 
     protected $dependencies = []; // for backward compatibility
@@ -118,4 +119,9 @@ abstract class Base implements Injectable
     {
         return $this->getInjection('metadata');
     }
+
+    protected function getServiceFactory()
+    {
+        return $this->getInjection('serviceFactory');
+    }
 }

application/Espo/Core/Htmlizer/Htmlizer.php

@@ -147,6 +147,7 @@ class Htmlizer
             }
 
             $type = $entity->getAttributeType($attribute);
+            $fieldType = $entity->getAttributeParam($attribute, 'fieldType');
 
             if ($type == Entity::DATETIME) {
                 if (!empty($data[$attribute])) {
@@ -194,6 +195,14 @@ class Htmlizer
                 unset($data[$attribute]);
             }
 
+            if ($fieldType === 'currency' && $this->metadata) {
+                if ($entity->getAttributeParam($attribute, 'attributeRole') === 'currency') {
+                    if ($currencyValue = $data[$attribute]) {
+                        $data[$attribute . 'Symbol'] = $this->metadata->get(['app', 'currency', 'symbolMap', $currencyValue]);
+                    }
+                }
+            }
+
             if (array_key_exists($attribute, $data)) {
                 $keyRaw = $attribute . '_RAW';
                 $data[$keyRaw] = $data[$attribute];
@@ -291,7 +300,19 @@ class Htmlizer
                     } else {
                         return $context['inverse'] ? $context['inverse']() : '';
                     }
-                }
+                },
+                'ifInArray' => function () {
+                    $args = func_get_args();
+                    $context = $args[count($args) - 1];
+
+                    $array = $args[1] ?? [];
+
+                    if (in_array($args[0], $array)) {
+                        return $context['fn']();
+                    } else {
+                        return $context['inverse'] ? $context['inverse']() : '';
+                    }
+                },
             ]
         ]);
 

application/Espo/Core/Loaders/Hasher.php

@@ -0,0 +1,40 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Loaders;
+
+class Hasher extends Base
+{
+    public function load()
+    {
+        return new \Espo\Core\Utils\Hasher(
+            $this->getContainer()->get('config')
+        );
+    }
+}

application/Espo/Core/Loaders/Totp.php

@@ -0,0 +1,40 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Loaders;
+
+class Totp extends Base
+{
+    public function load()
+    {
+        return new \Espo\Core\Utils\Authentication\TwoFA\Utils\Totp(
+            $this->getContainer()->get('config')
+        );
+    }
+}

application/Espo/Core/Loaders/WebhookManager.php

@@ -0,0 +1,43 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Loaders;
+
+class WebhookManager extends Base
+{
+    public function load()
+    {
+        return new \Espo\Core\Webhook\Manager(
+            $this->getContainer()->get('config'),
+            $this->getContainer()->get('fileManager'),
+            $this->getContainer()->get('entityManager'),
+            $this->getContainer()->get('fieldManagerUtil')
+        );
+    }
+}

application/Espo/Core/Mail/Sender.php

@@ -107,7 +107,12 @@ class Sender
 
         if ($params['auth']) {
             if (!empty($params['smtpAuthMechanism'])) {
-                $options['connectionClass'] = $params['smtpAuthMechanism'];
+                $smtpAuthMechanism = preg_replace("([\.]{2,})", '', $params['smtpAuthMechanism']);
+                if (in_array($smtpAuthMechanism, ['login', 'crammd5', 'plain'])) {
+                    $options['connectionClass'] = $smtpAuthMechanism;
+                } else {
+                    $options['connectionClass'] = 'login';
+                }
             } else {
                 $options['connectionClass'] = 'login';
             }
@@ -172,7 +177,7 @@ class Sender
         return $this;
     }
 
-    public function send(Email $email, $params = [], &$message = null, $attachmentList = [])
+    public function send(Email $email, $params = [], $message = null, $attachmentList = [])
     {
         if (!$message) {
             $message = new Message();
@@ -284,6 +289,7 @@ class Sender
                     $contents = $a->get('contents');
                 } else {
                     $fileName = $this->getEntityManager()->getRepository('Attachment')->getFilePath($a);
+                    if (!is_file($fileName)) continue;
                     $contents = file_get_contents($fileName);
                 }
                 $attachment = new MimePart($contents);
@@ -303,6 +309,7 @@ class Sender
                     $contents = $a->get('contents');
                 } else {
                     $fileName = $this->getEntityManager()->getRepository('Attachment')->getFilePath($a);
+                    if (!is_file($fileName)) continue;
                     $contents = file_get_contents($fileName);
                 }
                 $attachment = new MimePart($contents);
@@ -386,6 +393,9 @@ class Sender
             if (empty($messageId) || !is_string($messageId) || strlen($messageId) < 4 || strpos($messageId, 'dummy:') === 0) {
                 $messageId = $this->generateMessageId($email);
                 $email->set('messageId', '<' . $messageId . '>');
+                if ($email->id) {
+                    $this->getEntityManager()->saveEntity($email, ['silent' => true]);
+                }
             } else {
                 $messageId = substr($messageId, 1, strlen($messageId) - 2);
             }
@@ -399,6 +409,7 @@ class Sender
             $email->set('status', 'Sent');
             $email->set('dateSent', date("Y-m-d H:i:s"));
         } catch (\Exception $e) {
+            $this->useGlobal();
             throw new Error($e->getMessage(), 500);
         }
 

application/Espo/Core/NotificatorFactory.php

@@ -53,6 +53,9 @@ class NotificatorFactory extends InjectableFactory
             }
         }
 
-        return $this->createByClassName($className);
+        $obj = $this->createByClassName($className);
+        $obj->setEntityType($entityType);
+
+        return $obj;
     }
 }

application/Espo/Core/Notificators/Base.php

@@ -42,6 +42,10 @@ class Base implements Injectable
 
     protected $injections = [];
 
+    private $userIdEnabledMap = [];
+
+    protected $entityType;
+
     public static $order = 9;
 
     public function __construct()
@@ -65,6 +69,11 @@ class Base implements Injectable
         $this->dependencyList[] = $name;
     }
 
+    public function setEntityType(string $entityType)
+    {
+        $this->entityType = $entityType;
+    }
+
     public function getDependencyList()
     {
         return $this->dependencyList;
@@ -113,6 +122,8 @@ class Base implements Injectable
 
     protected function processForUser(Entity $entity, $assignedUserId)
     {
+        if (!$this->isNotificationsEnabledForUser($assignedUserId)) return;
+
         if ($entity->hasAttribute('createdById') && $entity->hasAttribute('modifiedById')) {
             if ($entity->isNew()) {
                 $isNotSelfAssignment = $assignedUserId !== $entity->get('createdById');
@@ -125,18 +136,36 @@ class Base implements Injectable
         if (!$isNotSelfAssignment) return;
 
         $notification = $this->getEntityManager()->getEntity('Notification');
-        $notification->set(array(
+        $notification->set([
             'type' => 'Assign',
             'userId' => $assignedUserId,
-            'data' => array(
+            'data' => [
                 'entityType' => $entity->getEntityType(),
                 'entityId' => $entity->id,
                 'entityName' => $entity->get('name'),
                 'isNew' => $entity->isNew(),
                 'userId' => $this->getUser()->id,
-                'userName' => $this->getUser()->get('name')
-            )
-        ));
+                'userName' => $this->getUser()->get('name'),
+            ]
+        ]);
         $this->getEntityManager()->saveEntity($notification);
     }
+
+    protected function isNotificationsEnabledForUser(string $userId)
+    {
+        if (!array_key_exists($userId, $this->userIdEnabledMap)) {
+            $preferences = $this->getEntityManager()->getEntity('Preferences', $userId);
+            $isEnabled = false;
+            if ($preferences) {
+                $isEnabled = true;
+                $ignoreList = $preferences->get('assignmentNotificationsIgnoreEntityTypeList') ?? [];
+                if (in_array($this->entityType, $ignoreList)) {
+                    $isEnabled = false;
+                }
+            }
+            $this->userIdEnabledMap[$userId] = $isEnabled;
+        }
+
+        return $this->userIdEnabledMap[$userId];
+    }
 }

application/Espo/Core/ORM/Repositories/RDB.php

@@ -197,10 +197,10 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
     protected function afterMassRelate(Entity $entity, $relationName, array $params = [], array $options = [])
     {
         if (!$this->hooksDisabled && empty($options['skipHooks'])) {
-            $hookData = array(
+            $hookData = [
                 'relationName' => $relationName,
-                'relationParams' => $params
-            );
+                'relationParams' => $params,
+            ];
             $this->getEntityManager()->getHookManager()->process($this->entityType, 'afterMassRelate', $entity, $options, $hookData);
         }
     }
@@ -215,14 +215,24 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
     {
         parent::afterRelate($entity, $relationName, $foreign, $data, $options);
 
-        if ($foreign instanceof Entity) {
-            $foreignEntity = $foreign;
-            if (!$this->hooksDisabled && empty($options['skipHooks'])) {
-                $hookData = array(
+        if (!$this->hooksDisabled && empty($options['skipHooks'])) {
+            if (is_string($foreign)) {
+                $foreignId = $foreign;
+                $foreignEntityType = $entity->getRelationParam($relationName, 'entity');
+                if ($foreignEntityType) {
+                    $foreign = $this->getEntityManager()->getEntity($foreignEntityType);
+                    $foreign->id = $foreignId;
+                    $foreign->setAsFetched();
+                }
+            }
+
+            if ($foreign instanceof Entity) {
+                $hookData = [
                     'relationName' => $relationName,
                     'relationData' => $data,
-                    'foreignEntity' => $foreignEntity
-                );
+                    'foreignEntity' => $foreign,
+                    'foreignId' => $foreign->id,
+                ];
                 $this->getEntityManager()->getHookManager()->process($this->entityType, 'afterRelate', $entity, $options, $hookData);
             }
         }
@@ -232,13 +242,23 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
     {
         parent::afterUnrelate($entity, $relationName, $foreign, $options);
 
-        if ($foreign instanceof Entity) {
-            $foreignEntity = $foreign;
-            if (!$this->hooksDisabled && empty($options['skipHooks'])) {
-                $hookData = array(
+        if (!$this->hooksDisabled && empty($options['skipHooks'])) {
+            if (is_string($foreign)) {
+                $foreignId = $foreign;
+                $foreignEntityType = $entity->getRelationParam($relationName, 'entity');
+                if ($foreignEntityType) {
+                    $foreign = $this->getEntityManager()->getEntity($foreignEntityType);
+                    $foreign->id = $foreignId;
+                    $foreign->setAsFetched();
+                }
+            }
+
+            if ($foreign instanceof Entity) {
+                $hookData = [
                     'relationName' => $relationName,
-                    'foreignEntity' => $foreignEntity
-                );
+                    'foreignEntity' => $foreign,
+                    'foreignId' => $foreign->id,
+                ];
                 $this->getEntityManager()->getHookManager()->process($this->entityType, 'afterUnrelate', $entity, $options, $hookData);
             }
         }
@@ -301,7 +321,9 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
                     $entity->set('modifiedAt', $nowString);
                 }
                 if ($entity->hasAttribute('createdById')) {
-                    if (empty($options['skipCreatedBy']) && (empty($options['import']) || !$entity->has('createdById'))) {
+                    if (!empty($options['createdById'])) {
+                        $entity->set('createdById', $options['createdById']);
+                    } else if (empty($options['skipCreatedBy']) && (empty($options['import']) || !$entity->has('createdById'))) {
                         if ($this->getEntityManager()->getUser()) {
                             $entity->set('createdById', $this->getEntityManager()->getUser()->id);
                         }
@@ -313,7 +335,9 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
                         $entity->set('modifiedAt', $nowString);
                     }
                     if ($entity->hasAttribute('modifiedById')) {
-                        if ($this->getEntityManager()->getUser()) {
+                        if (!empty($options['modifiedById'])) {
+                            $entity->set('modifiedById', $options['modifiedById']);
+                        } else if ($this->getEntityManager()->getUser()) {
                             $entity->set('modifiedById', $this->getEntityManager()->getUser()->id);
                             $entity->set('modifiedByName', $this->getEntityManager()->getUser()->get('name'));
                         }

application/Espo/Core/Portal/Application.php

@@ -50,9 +50,9 @@ class Application extends \Espo\Core\Application
         $portal = $this->getContainer()->get('entityManager')->getEntity('Portal', $portalId);
 
         if (!$portal) {
-            $portal = $this->getContainer()->get('entityManager')->getRepository('Portal')->where(array(
+            $portal = $this->getContainer()->get('entityManager')->getRepository('Portal')->where([
                 'customId' => $portalId
-            ))->findOne();
+            ])->findOne();
         }
 
         if (!$portal) {

application/Espo/Core/Portal/Container.php

@@ -94,7 +94,7 @@ class Container extends \Espo\Core\Container
             \Espo\Core\Utils\Language::detectLanguage($this->get('config'), $this->get('preferences')),
             $this->get('fileManager'),
             $this->get('metadata'),
-            $this->get('useCache')
+            $this->get('config')->get('useCache')
         );
         $language->setPortal($this->get('portal'));
         return $language;

application/Espo/Core/Portal/Utils/Layout.php

@@ -34,8 +34,11 @@ use \Espo\Core\Utils\Json;
 
 class Layout extends \Espo\Core\Utils\Layout
 {
-    public function get($scope, $name)
+    public function get(string $scope, string $name) : ?string
     {
+        $originalScope = $scope;
+        $originalName = $name;
+
         $scope = $this->sanitizeInput($scope);
         $name = $this->sanitizeInput($name);
 
@@ -43,87 +46,16 @@ class Layout extends \Espo\Core\Utils\Layout
             return Json::encode($this->changedData[$scope][$name]);
         }
 
-        $fileFullPath = Util::concatPath($this->getLayoutPath($scope, true), 'portal/' . $name . '.json');
+        $filePath = Util::concatPath($this->getLayoutPath($scope, true), 'portal/' . $name . '.json');
 
-        if (!file_exists($fileFullPath)) {
-            $fileFullPath = Util::concatPath($this->getLayoutPath($scope), 'portal/' . $name . '.json');
-        }
-        if (!file_exists($fileFullPath)) {
-            $fileFullPath = Util::concatPath($this->getLayoutPath($scope, true), $name . '.json');
-        }
-        if (!file_exists($fileFullPath)) {
-            $fileFullPath = Util::concatPath($this->getLayoutPath($scope), $name . '.json');
+        if (!file_exists($filePath)) {
+            $filePath = Util::concatPath($this->getLayoutPath($scope), 'portal/' . $name . '.json');
         }
 
-
-        if (!file_exists($fileFullPath)) {
-            $defaultPath = $this->params['defaultsPath'];
-            $fileFullPath = Util::concatPath(Util::concatPath($defaultPath, 'layouts'), $name . '.json' );
-
-            if (!file_exists($fileFullPath)) {
-                return false;
-            }
+        if (file_exists($filePath)) {
+            return $this->getFileManager()->getContents($filePath);
         }
 
-        return $this->getFileManager()->getContents($fileFullPath);
+        return parent::get($originalScope, $originalName);
     }
-
-
-    public function set($data, $scope, $name)
-    {
-        $scope = $this->sanitizeInput($scope);
-        $name = $this->sanitizeInput($name);
-
-        if (empty($scope) || empty($name)) {
-            return false;
-        }
-
-        $this->changedData[$scope][$name] = $data;
-    }
-
-    public function resetToDefault($scope, $name)
-    {
-        $scope = $this->sanitizeInput($scope);
-        $name = $this->sanitizeInput($name);
-
-        $filePath = 'custom/Espo/Custom/Resources/layouts/' . $scope . '/' . $name . '.json';
-        if ($this->getFileManager()->isFile($filePath)) {
-            $this->getFileManager()->removeFile($filePath);
-        }
-        if (!empty($this->changedData[$scope]) && !empty($this->changedData[$scope][$name])) {
-            unset($this->changedData[$scope][$name]);
-        }
-        return $this->get($scope, $name);
-    }
-
-    /**
-     * Save changes
-     *
-     * @return bool
-     */
-    public function save()
-    {
-        $result = true;
-
-        if (!empty($this->changedData)) {
-            foreach ($this->changedData as $scope => $rowData) {
-                foreach ($rowData as $layoutName => $layoutData) {
-                    if (empty($scope) || empty($layoutName)) {
-                        continue;
-                    }
-                    $layoutPath = $this->getLayoutPath($scope, true);
-                    $data = Json::encode($layoutData, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
-
-                    $result &= $this->getFileManager()->putContents(array($layoutPath, $layoutName.'.json'), $data);
-                }
-            }
-        }
-
-        if ($result == true) {
-            $this->clearChanges();
-        }
-
-        return (bool) $result;
-    }
-
 }

application/Espo/Core/SelectManagers/Base.php

@@ -70,6 +70,8 @@ class Base
 
     protected $selectAttributesDependancyMap = [];
 
+    protected $fullTextSearchForceOrderOnlyByRelevance = false;
+
     const MIN_LENGTH_FOR_CONTENT_SEARCH = 4;
 
     const MIN_LENGTH_FOR_FULL_TEXT_SEARCH = 4;
@@ -216,16 +218,15 @@ class Base
     {
         $this->prepareResult($result);
 
+        $boolFilterList = [];
+
         foreach ($where as $item) {
             if (!isset($item['type'])) continue;
 
             if ($item['type'] == 'bool' && !empty($item['value']) && is_array($item['value'])) {
+                $boolOr = [];
                 foreach ($item['value'] as $filter) {
-                    $p = $this->getBoolFilterWhere($filter);
-                    if (!empty($p)) {
-                        $where[] = $p;
-                    }
-                    $this->applyBoolFilter($filter, $result);
+                    $boolFilterList[] = $filter;
                 }
             } else if ($item['type'] == 'textFilter') {
                 if (isset($item['value']) || $item['value'] !== '') {
@@ -236,6 +237,10 @@ class Base
             }
         }
 
+        if (count($boolFilterList)) {
+            $this->applyBoolFilterList($boolFilterList, $result);
+        }
+
         $whereClause = $this->convertWhere($where, false, $result);
 
         $result['whereClause'] = array_merge($result['whereClause'], $whereClause);
@@ -351,12 +356,16 @@ class Base
         if ($relationType == 'belongsTo') {
             $key = $seed->getRelationParam($link, 'key');
 
-            $aliasName = 'usersTeams' . ucfirst($link);
+            $aliasName = 'usersTeams' . ucfirst($link) . strval(rand(10000, 99999));
 
-            $result['customJoin'] .= "
-                JOIN team_user AS {$aliasName}Middle ON {$aliasName}Middle.user_id = ".$query->toDb($seed->getEntityType()).".".$query->toDb($key)." AND {$aliasName}Middle.deleted = 0
-                JOIN team AS {$aliasName} ON {$aliasName}.deleted = 0 AND {$aliasName}Middle.team_id = {$aliasName}.id
-            ";
+            $this->addLeftJoin([
+                'TeamUser',
+                $aliasName . 'Middle',
+                [
+                    $aliasName . 'Middle.userId:' => $key,
+                    $aliasName . 'Middle.deleted' => false,
+                ]
+            ], $result);
 
             $result['whereClause'][] = [
                 $aliasName . 'Middle.teamId' => $idsValue
@@ -552,16 +561,16 @@ class Base
             return;
         }
 
-        $d = [
+        $or = [
             'teamsAccess.id' => $this->getUser()->getLinkMultipleIdList('teams')
         ];
         if ($this->hasAssignedUserField()) {
-            $d['assignedUserId'] = $this->getUser()->id;
+            $or['assignedUserId'] = $this->getUser()->id;
         } else if ($this->hasCreatedByField()) {
-            $d['createdById'] = $this->getUser()->id;
+            $or['createdById'] = $this->getUser()->id;
         }
         $result['whereClause'][] = [
-            'OR' => $d
+            'OR' => $or
         ];
     }
 
@@ -580,38 +589,42 @@ class Base
 
     protected function accessPortalOnlyContact(&$result)
     {
-        $d = [];
+        $or = [];
 
         $contactId = $this->getUser()->get('contactId');
 
         if ($contactId) {
-            if ($this->getSeed()->hasAttribute('contactId')) {
-                $d['contactId'] = $contactId;
+            if (
+                $this->getSeed()->hasAttribute('contactId') && $this->getSeed()->getRelationParam('contact', 'entity') === 'Contact'
+            ) {
+                $or['contactId'] = $contactId;
             }
-            if ($this->getSeed()->hasRelation('contacts')) {
+            if (
+                $this->getSeed()->hasRelation('contacts') && $this->getSeed()->getRelationParam('contacts', 'entity') === 'Contact'
+            ) {
                 $this->addLeftJoin(['contacts', 'contactsAccess'], $result);
                 $this->setDistinct(true, $result);
-                $d['contactsAccess.id'] = $contactId;
+                $or['contactsAccess.id'] = $contactId;
             }
         }
 
         if ($this->getSeed()->hasAttribute('createdById')) {
-            $d['createdById'] = $this->getUser()->id;
+            $or['createdById'] = $this->getUser()->id;
         }
 
         if ($this->getSeed()->hasAttribute('parentId') && $this->getSeed()->hasRelation('parent')) {
             $contactId = $this->getUser()->get('contactId');
             if ($contactId) {
-                $d[] = [
+                $or[] = [
                     'parentType' => 'Contact',
                     'parentId' => $contactId
                 ];
             }
         }
 
-        if (!empty($d)) {
+        if (!empty($or)) {
             $result['whereClause'][] = [
-                'OR' => $d
+                'OR' => $or
             ];
         } else {
             $result['whereClause'][] = [
@@ -622,27 +635,31 @@ class Base
 
     protected function accessPortalOnlyAccount(&$result)
     {
-        $d = [];
+        $or = [];
 
         $accountIdList = $this->getUser()->getLinkMultipleIdList('accounts');
         $contactId = $this->getUser()->get('contactId');
 
         if (count($accountIdList)) {
-            if ($this->getSeed()->hasAttribute('accountId')) {
-                $d['accountId'] = $accountIdList;
+            if (
+                $this->getSeed()->hasAttribute('accountId') && $this->getSeed()->getRelationParam('account', 'entity') === 'Account'
+            ) {
+                $or['accountId'] = $accountIdList;
             }
-            if ($this->getSeed()->hasRelation('accounts')) {
+            if (
+                $this->getSeed()->hasRelation('accounts') && $this->getSeed()->getRelationParam('accounts', 'entity') === 'Account'
+            ) {
                 $this->addLeftJoin(['accounts', 'accountsAccess'], $result);
                 $this->setDistinct(true, $result);
-                $d['accountsAccess.id'] = $accountIdList;
+                $or['accountsAccess.id'] = $accountIdList;
             }
             if ($this->getSeed()->hasAttribute('parentId') && $this->getSeed()->hasRelation('parent')) {
-                $d[] = [
+                $or[] = [
                     'parentType' => 'Account',
                     'parentId' => $accountIdList
                 ];
                 if ($contactId) {
-                    $d[] = [
+                    $or[] = [
                         'parentType' => 'Contact',
                         'parentId' => $contactId
                     ];
@@ -651,23 +668,27 @@ class Base
         }
 
         if ($contactId) {
-            if ($this->getSeed()->hasAttribute('contactId')) {
-                $d['contactId'] = $contactId;
+            if (
+                $this->getSeed()->hasAttribute('contactId') && $this->getSeed()->getRelationParam('contact', 'entity') === 'Contact'
+            ) {
+                $or['contactId'] = $contactId;
             }
-            if ($this->getSeed()->hasRelation('contacts')) {
+            if (
+                $this->getSeed()->hasRelation('contacts') && $this->getSeed()->getRelationParam('contacts', 'entity') === 'Contact'
+            ) {
                 $this->addLeftJoin(['contacts', 'contactsAccess'], $result);
                 $this->setDistinct(true, $result);
-                $d['contactsAccess.id'] = $contactId;
+                $or['contactsAccess.id'] = $contactId;
             }
         }
 
         if ($this->getSeed()->hasAttribute('createdById')) {
-            $d['createdById'] = $this->getUser()->id;
+            $or['createdById'] = $this->getUser()->id;
         }
 
-        if (!empty($d)) {
+        if (!empty($or)) {
             $result['whereClause'][] = [
-                'OR' => $d
+                'OR' => $or
             ];
         } else {
             $result['whereClause'][] = [
@@ -756,7 +777,7 @@ class Base
 
             $this->order($orderBy, $isDesc, $result);
         } else if (!empty($params['order'])) {
-            $orderBy = $this->getMetadata()->get(['entityDefs', $this->getEntityType(), 'collection', 'orderBy']);
+            $orderBy = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'orderBy']);
             $isDesc = $params['order'] === 'desc';
             $this->order($orderBy, $isDesc, $result);
         }
@@ -774,9 +795,7 @@ class Base
         }
 
         if (!empty($params['boolFilterList']) && is_array($params['boolFilterList'])) {
-            foreach ($params['boolFilterList'] as $filterName) {
-                $this->applyBoolFilter($filterName, $result);
-            }
+            $this->applyBoolFilterList($params['boolFilterList'], $result);
         }
 
         if (!empty($params['filterList']) && is_array($params['filterList'])) {
@@ -807,6 +826,22 @@ class Base
         return $result;
     }
 
+    public function applyDefaultOrder(array &$result)
+    {
+        $orderBy = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'orderBy']);
+        $order = $result['order'] ?? null;
+
+        if (!$order && !is_array($orderBy)) {
+            $order = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'order']) ?? null;
+        }
+
+        if ($orderBy) {
+            $this->applyOrder($orderBy, $order, $result);
+        } else {
+            $result['order'] = $order;
+        }
+    }
+
     public function checkWhere(array $where, bool $checkWherePermission = true, bool $forbidComplexExpressions = false)
     {
         foreach ($where as $w) {
@@ -1602,11 +1637,12 @@ class Base
                     break;
 
                 case 'isNotLinked':
-                    if (!$result) break;
-                    $alias = $attribute . 'IsNotLinkedFilter' . strval(rand(10000, 99999));
-                    $part[$alias . '.id'] = null;
-                    $this->setDistinct(true, $result);
-                    $this->addLeftJoin([$attribute, $alias], $result);
+                    $part['id!=s'] = [
+                        'selectParams' =>  [
+                            'select' => ['id'],
+                            'joins' => [$attribute],
+                        ]
+                    ];
                     break;
 
                 case 'isLinked':
@@ -1696,6 +1732,8 @@ class Base
                 case 'arrayNoneOf':
                 case 'arrayIsEmpty':
                 case 'arrayIsNotEmpty':
+                    if (!$result) break;
+
                     $arrayValueAlias = 'arrayFilter' . strval(rand(10000, 99999));
                     $arrayAttribute = $attribute;
                     $arrayEntityType = $this->getEntityType();
@@ -1705,7 +1743,16 @@ class Base
                         list($arrayAttributeLink, $arrayAttribute) = explode('.', $attribute);
                         $seed = $this->getSeed();
                         $arrayEntityType = $seed->getRelationParam($arrayAttributeLink, 'entity');
-                        $idPart = $arrayAttributeLink . '.id';
+
+                        $arrayLinkAlias = $arrayAttributeLink . 'Filter' . strval(rand(10000, 99999));
+                        $idPart = $arrayLinkAlias . '.id';
+
+                        $this->addLeftJoin([$arrayAttributeLink, $arrayLinkAlias], $result);
+
+                        $relationType = $seed->getRelationType($arrayAttributeLink);
+                        if ($relationType === 'manyMany' || $relationType === 'hasMany') {
+                            $this->setDistinct(true, $result);
+                        }
                     }
 
                     if ($type === 'arrayAnyOf') {
@@ -1760,42 +1807,70 @@ class Base
         $this->limit($offset, $maxSize, $result);
     }
 
-    public function applyPrimaryFilter(string $filterName, array &$result)
+    public function applyPrimaryFilter(string $filter, array &$result)
     {
         $this->prepareResult($result);
 
-        $method = 'filter' . ucfirst($filterName);
+        $method = 'filter' . ucfirst($filter);
         if (method_exists($this, $method)) {
             $this->$method($result);
         } else {
-            $className = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'filters', $filterName, 'className']);
+            $className = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'filters', $filter, 'className']);
             if ($className) {
                 if (!class_exists($className)) {
-                    $GLOBALS['log']->error("Could find class for filter {$filterName}.");
+                    $GLOBALS['log']->error("Could find class for filter {$filter}.");
                     return;
                 }
                 $impl = $this->getInjectableFactory()->createByClassName($className);
                 if (!$impl) {
-                    $GLOBALS['log']->error("Could not create filter {$filterName} implementation.");
+                    $GLOBALS['log']->error("Could not create filter {$filter} implementation.");
                     return;
                 }
-                $impl->applyFilter($this->entityType, $filterName, $result, $this);
+                $impl->applyFilter($this->entityType, $filter, $result, $this);
             }
         }
     }
 
-    public function applyFilter(string $filterName, array &$result)
+    public function applyFilter(string $filter, array &$result)
     {
-        $this->applyPrimaryFilter($filterName, $result);
+        $this->applyPrimaryFilter($filter, $result);
     }
 
-    public function applyBoolFilter(string $filterName, array &$result)
+    public function applyBoolFilter(string $filter, array &$result)
     {
         $this->prepareResult($result);
 
-        $method = 'boolFilter' . ucfirst($filterName);
+        $method = 'boolFilter' . ucfirst($filter);
         if (method_exists($this, $method)) {
-            $this->$method($result);
+            $wherePart = $this->$method($result);
+            if ($wherePart) {
+                $result['whereClause'][] = $wherePart;
+            }
+        }
+    }
+
+    public function applyBoolFilterList(array $filterList, array &$result)
+    {
+        $this->prepareResult($result);
+
+        $wherePartList = [];
+
+        foreach ($filterList as $filter) {
+            $method = 'boolFilter' . ucfirst($filter);
+            if (method_exists($this, $method)) {
+                $wherePart = $this->$method($result);
+                if ($wherePart) {
+                    $wherePartList[] = $wherePart;
+                }
+            }
+        }
+
+        if (count($wherePartList)) {
+            if (count($wherePartList) === 1) {
+                $result['whereClause'][] = $wherePartList;
+            } else {
+                $result['whereClause'][] = ['OR' => $wherePartList];
+            }
         }
     }
 
@@ -2105,7 +2180,7 @@ class Base
             $textFilter = str_replace('*', '%', $textFilter);
         } else {
             if (!$useFullTextSearch) {
-                $textFilterForFullTextSearch .= '*';
+                //$textFilterForFullTextSearch .= '*';
             }
         }
 
@@ -2131,6 +2206,23 @@ class Base
         if ($fullTextSearchData) {
             $fullTextGroup[] = $fullTextSearchData['where'];
             $fullTextSearchFieldList = $fullTextSearchData['fieldList'];
+
+            if (isset($result['orderBy']) && !$this->fullTextSearchForceOrderOnlyByRelevance) {
+                if (is_string($result['orderBy'])) {
+                    $result['orderBy'] = [
+                        [$fullTextSearchData['where'], 'desc'],
+                        [$result['orderBy'], $result['order'] ?? 'asc'],
+                    ];
+                }
+            } else {
+                $result['orderBy'] = [[$fullTextSearchData['where'], 'desc']];
+                $result['order'] = null;
+            }
+
+            $result['additionalSelect'] = $result['additionalSelect'] ?? [];
+            $result['additionalSelect'][] = $fullTextSearchData['where'];
+
+            $result['hasFullTextSearch'] = true;
         }
 
         foreach ($fieldList as $field) {
@@ -2186,10 +2278,10 @@ class Base
             if ($fullTextSearchData) {
                 if (!$useFullTextSearch) {
                     if (in_array($field, $fullTextSearchFieldList)) {
-                        if (!array_key_exists('OR', $fullTextGroup)) {
+                        /*if (!array_key_exists('OR', $fullTextGroup)) {
                             $fullTextGroup['OR'] = [];
                         }
-                        $fullTextGroup['OR'][$field . '*'] = $expression;
+                        $fullTextGroup['OR'][$field . '*'] = $expression;*/
                         continue;
                     }
                 }
@@ -2246,43 +2338,78 @@ class Base
 
     protected function boolFilterOnlyMy(&$result)
     {
+        $wherePart = null;
+
         if (!$this->checkIsPortal()) {
             if ($this->hasAssignedUsersField()) {
                 $this->setDistinct(true, $result);
-                $this->addLeftJoin(['assignedUsers', 'assignedUsersAccess'], $result);
-                $result['whereClause'][] = [
-                    'assignedUsersAccess.id' => $this->getUser()->id
+                $this->addLeftJoin(['assignedUsers', 'assignedUsersOnlyMyFilter'], $result);
+                $wherePart = [
+                    'assignedUsersOnlyMyFilter.id' => $this->getUser()->id
                 ];
             } else if ($this->hasAssignedUserField()) {
-                $result['whereClause'][] = [
+                $wherePart = [
                     'assignedUserId' => $this->getUser()->id
                 ];
             } else {
-                $result['whereClause'][] = [
+                $wherePart = [
                     'createdById' => $this->getUser()->id
                 ];
             }
         } else {
-            $result['whereClause'][] = [
+            $wherePart = [
                 'createdById' => $this->getUser()->id
             ];
         }
+
+        return $wherePart;
+    }
+
+    protected function boolFilterOnlyMyTeam(&$result)
+    {
+        $teamIdList = $this->getUser()->getLinkMultipleIdList('teams');
+
+        if (count($teamIdList) === 0) {
+            return [
+                'id' => null
+            ];
+        }
+
+        $this->addLeftJoin(['teams', 'teamsOnlyMyFilter'], $result);
+        $this->setDistinct(true, $result);
+        return [
+            'teamsOnlyMyFilterMiddle.teamId' => $teamIdList
+        ];
     }
 
     protected function filterFollowed(&$result)
     {
-        $query = $this->getEntityManager()->getQuery();
-        $result['customJoin'] .= "
-            JOIN subscription ON
-                subscription.entity_type = ".$query->quote($this->getEntityType())." AND
-                subscription.entity_id = ".$query->toDb($this->getEntityType()).".id AND
-                subscription.user_id = ".$query->quote($this->getUser()->id)."
-        ";
+        $this->addJoin([
+            'Subscription',
+            'subscription',
+            [
+                'subscription.entityType' => $this->getEntityType(),
+                'subscription.entityId=:' => 'id',
+                'subscription.userId' => $this->getUser()->id,
+            ]
+        ], $result);
     }
 
     protected function boolFilterFollowed(&$result)
     {
-        $this->filterFollowed($result);
+        $this->addLeftJoin([
+            'Subscription',
+            'subscription',
+            [
+                'subscription.entityType' => $this->getEntityType(),
+                'subscription.entityId=:' => 'id',
+                'subscription.userId' => $this->getUser()->id,
+            ]
+        ], $result);
+
+        return ['subscription.id!=' => null];
+
+        //$result['whereClause'][] = ['subscription.id!=' => null];
     }
 
     public function mergeSelectParams(array $selectParams1, ?array $selectParams2) : array

application/Espo/Core/Templates/i18n/fr_FR/BasePlus.json

@@ -1,9 +1,4 @@
 {
-  "links": {
-    "meetings": "Meetings",
-    "calls": "Calls",
-    "tasks": "Tasks"
-  },
   "labels": {
     "Create {entityType}": "Créer un {entityTypeTranslated}"
   }

application/Espo/Core/Templates/i18n/fr_FR/Company.json

@@ -1,14 +1,4 @@
 {
-  "fields": {
-    "billingAddress": "Billing Address",
-    "shippingAddress": "Shipping Address",
-    "website": "Website"
-  },
-  "links": {
-    "meetings": "Meetings",
-    "calls": "Calls",
-    "tasks": "Tasks"
-  },
   "labels": {
     "Create {entityType}": "Créer un {entityTypeTranslated}"
   }

application/Espo/Core/Templates/i18n/fr_FR/Event.json

@@ -1,36 +1,8 @@
 {
   "fields": {
-    "parent": "Parent",
-    "dateStart": "Date de début",
-    "dateEnd": "Date End",
-    "duration": "Duration",
-    "status": "Status",
-    "reminders": "Reminders"
-  },
-  "links": {
-    "parent": "Parent"
-  },
-  "options": {
-    "status": {
-      "Planned": "Planned",
-      "Held": "Held",
-      "Not Held": "Not Held"
-    }
+    "dateStart": "Date de début"
   },
   "labels": {
-    "Create {entityType}": "Créer un {entityTypeTranslated}",
-    "Schedule {entityType}": "Schedule {entityTypeTranslated}",
-    "Log {entityType}": "Log {entityTypeTranslated}",
-    "Set Held": "Set Held",
-    "Set Not Held": "Set Not Held"
-  },
-  "massActions": {
-    "setHeld": "Set Held",
-    "setNotHeld": "Set Not Held"
-  },
-  "presetFilters": {
-    "planned": "Planned",
-    "held": "Held",
-    "todays": "Today's"
+    "Create {entityType}": "Créer un {entityTypeTranslated}"
   }
 }

application/Espo/Core/Templates/i18n/fr_FR/Person.json

@@ -1,12 +1,4 @@
 {
-  "fields": {
-    "address": "Address"
-  },
-  "links": {
-    "meetings": "Meetings",
-    "calls": "Calls",
-    "tasks": "Tasks"
-  },
   "labels": {
     "Create {entityType}": "Créer un {entityTypeTranslated}"
   }

application/Espo/Core/Templates/i18n/id_ID/Base.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/id_ID/BasePlus.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/id_ID/Company.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/id_ID/Event.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/id_ID/Person.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/nb_NO/Event.json

@@ -4,7 +4,6 @@
     "dateStart": "Startdato",
     "dateEnd": "Sluttdato",
     "duration": "Varighet",
-    "status": "Status",
     "reminders": "Påminnelser"
   },
   "links": {

application/Espo/Core/Templates/i18n/nl_NL/BasePlus.json

@@ -1,8 +1,8 @@
 {
   "links": {
-    "meetings": "vergaderingen",
-    "calls": "gesprekken",
-    "tasks": "taken"
+    "meetings": "Vergaderingen",
+    "calls": "Gesprekken",
+    "tasks": "Taken"
   },
   "labels": {
     "Create {entityType}": "Klant {entityTypeTranslated}"

application/Espo/Core/Templates/i18n/nl_NL/Company.json

@@ -1,7 +1,7 @@
 {
   "fields": {
     "billingAddress": "Facturatie adres",
-    "shippingAddress": "Verzendingsadres"
+    "shippingAddress": "Verzending adres"
   },
   "links": {
     "meetings": "vergaderingen",

application/Espo/Core/Templates/i18n/nl_NL/Event.json

@@ -31,6 +31,7 @@
     "setNotHeld": "Set not Held"
   },
   "presetFilters": {
-    "planned": "Gepland"
+    "planned": "Gepland",
+    "todays": "Vandaag"
   }
 }

application/Espo/Core/Templates/i18n/nl_NL/Person.json

@@ -3,9 +3,9 @@
     "address": "Adres"
   },
   "links": {
-    "meetings": "vergaderingen",
-    "calls": "gesprekken",
-    "tasks": "taken"
+    "meetings": "Vergaderingen",
+    "calls": "Gesprekken",
+    "tasks": "Taken"
   },
   "labels": {
     "Create {entityType}": "Klant {entityTypeTranslated}"

application/Espo/Core/Templates/i18n/pt_BR/Base.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Criar {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_BR/BasePlus.json

@@ -1,5 +1,9 @@
 {
-    "labels": {
-        "Create {entityType}": "Criar {entityTypeTranslated}"
-    }
-}
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_BR/Company.json

@@ -1,5 +1,13 @@
 {
-    "labels": {
-        "Create {entityType}": "Criar {entityTypeTranslated}"
-    }
-}
+  "fields": {
+    "billingAddress": "Endereço de Cobrança",
+    "shippingAddress": "Endereço de Entrega"
+  },
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_BR/Event.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Criar {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_BR/Person.json

@@ -1,5 +1,12 @@
 {
-    "labels": {
-        "Create {entityType}": "Criar {entityTypeTranslated}"
-    }
-}
+  "fields": {
+    "address": "Endereço"
+  },
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/Base.json

@@ -0,0 +1,5 @@
+{
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/BasePlus.json

@@ -0,0 +1,9 @@
+{
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/Company.json

@@ -0,0 +1,13 @@
+{
+  "fields": {
+    "billingAddress": "Endereço de Cobrança",
+    "shippingAddress": "Endereço de Entrega"
+  },
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/Event.json

@@ -0,0 +1,5 @@
+{
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/Person.json

@@ -0,0 +1,12 @@
+{
+  "fields": {
+    "address": "Endereço"
+  },
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/sr_RS/Event.json

@@ -4,7 +4,6 @@
     "dateStart": "Početni datum",
     "dateEnd": "Krajnji datum",
     "duration": "Trajanje",
-    "status": "Status",
     "reminders": "Podsetnici"
   },
   "links": {

application/Espo/Core/Templates/i18n/uk_UA/Event.json

@@ -5,7 +5,10 @@
     "dateEnd": "Дата завершення",
     "duration": "Тривалість",
     "status": "Статус",
-    "reminders": "Нагадування"
+    "reminders": "Нагадування",
+    "dateStartDate": "Дата початку (цілий день)",
+    "dateEndDate": "Дата завершення (цілий день)",
+    "isAllDay": "Є цілий день"
   },
   "links": {
     "parent": "Батько"
@@ -19,7 +22,7 @@
   },
   "labels": {
     "Create {entityType}": "Створити {entityTypeTranslated}",
-    "Schedule {entityType}": "Розклад {entityTypeTranslated} ",
+    "Schedule {entityType}": "Розклад {entityTypeTranslated}",
     "Log {entityType}": "Лог {entityTypeTranslated}",
     "Set Held": "Позначити виконаним",
     "Set Not Held": "Позначити невиконаним"

application/Espo/Core/Traits/Injectable.php

@@ -0,0 +1,62 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Traits;
+
+trait Injectable
+{
+    private $injections = [];
+
+    public function inject($name, $object)
+    {
+        $this->injections[$name] = $object;
+    }
+
+    public function getDependencyList() : array
+    {
+        return $this->dependencyList;
+    }
+
+    protected function getInjection(string $name)
+    {
+        return $this->injections[$name];
+    }
+
+    protected function addDependency(string $name)
+    {
+        $this->dependencyList[] = $name;
+    }
+
+    protected function addDependencyList(array $list)
+    {
+        foreach ($list as $item) {
+            $this->addDependency($item);
+        }
+    }
+}

application/Espo/Core/UpgradeManager.php

@@ -50,4 +50,4 @@ class UpgradeManager extends Upgrades\Base
             'vendor' => 'vendorFiles',
         )
     );
-}
+}

application/Espo/Core/Upgrades/ActionManager.php

@@ -84,15 +84,23 @@ class ActionManager
         return $object->run($data);
     }
 
+    public function getActionClass($actionName)
+    {
+        return $this->getObject($actionName);
+    }
+
     public function getManifest()
     {
         return $this->getObject()->getManifest();
     }
 
-    protected function getObject()
+    protected function getObject($actionName = null)
     {
         $managerName = $this->getManagerName();
-        $actionName = $this->getAction();
+
+        if (!$actionName) {
+            $actionName = $this->getAction();
+        }
 
         if (!isset($this->objects[$managerName][$actionName])) {
             $class = '\Espo\Core\Upgrades\Actions\\' . ucfirst($managerName) . '\\' . ucfirst($actionName);
@@ -106,4 +114,4 @@ class ActionManager
 
         return $this->objects[$managerName][$actionName];
     }
-}
+}

application/Espo/Core/Upgrades/Actions/Base.php

@@ -37,10 +37,6 @@ use Composer\Semver\Semver;
 
 abstract class Base
 {
-    private $config;
-
-    private $entityManager;
-
     private $helper;
 
     protected $data;
@@ -53,7 +49,7 @@ abstract class Base
 
     private $zipUtil;
 
-    private $fileManager;
+    private $databaseHelper;
 
     protected $processId = null;
 
@@ -132,31 +128,31 @@ abstract class Base
         return $this->zipUtil;
     }
 
+    protected function getDatabaseHelper()
+    {
+        if (!isset($this->databaseHelper)) {
+            $this->databaseHelper = new \Espo\Core\Utils\Database\Helper($this->getConfig());
+        }
+
+        return $this->databaseHelper;
+    }
+
     protected function getFileManager()
     {
-        if (!isset($this->fileManager)) {
-            $this->fileManager = $this->getContainer()->get('fileManager');
-        }
-        return $this->fileManager;
+        return $this->getContainer()->get('fileManager');
     }
 
     protected function getConfig()
     {
-        if (!isset($this->config)) {
-            $this->config = $this->getContainer()->get('config');
-        }
-        return $this->config;
+        return $this->getContainer()->get('config');
     }
 
     public function getEntityManager()
     {
-        if (!isset($this->entityManager)) {
-            $this->entityManager = $this->getContainer()->get('entityManager');
-        }
-        return $this->entityManager;
+        return $this->getContainer()->get('entityManager');
     }
 
-    protected function throwErrorAndRemovePackage($errorMessage = '')
+    public function throwErrorAndRemovePackage($errorMessage = '')
     {
         $this->deletePackageFiles();
         $this->deletePackageArchive();
@@ -186,7 +182,7 @@ abstract class Base
         return $this->processId;
     }
 
-    protected function setProcessId($processId)
+    public function setProcessId($processId)
     {
         $this->processId = $processId;
     }
@@ -205,12 +201,26 @@ abstract class Base
 
         //check php version
         if (isset($manifest['php'])) {
-            $res &= $this->checkVersions($manifest['php'], System::getPhpVersion(), 'Your PHP version does not support this installation package.');
+            $res &= $this->checkVersions($manifest['php'], System::getPhpVersion(), 'Your PHP version ({version}) is not supported. Required version: {requiredVersion}.');
+        }
+
+        //check database version
+        if (isset($manifest['database'])) {
+            $databaseHelper = $this->getDatabaseHelper();
+            $databaseType = $databaseHelper->getDatabaseType();
+            $databaseTypeLc = strtolower($databaseType);
+
+            if (isset($manifest['database'][$databaseTypeLc])) {
+                $databaseVersion = $databaseHelper->getDatabaseVersion();
+                if ($databaseVersion) {
+                    $res &= $this->checkVersions($manifest['database'][$databaseTypeLc], $databaseVersion, 'Your '. $databaseType .' version ({version}) is not supported. Required version: {requiredVersion}.');
+                }
+            }
         }
 
         //check acceptableVersions
         if (isset($manifest['acceptableVersions'])) {
-            $res &= $this->checkVersions($manifest['acceptableVersions'], $this->getConfig()->get('version'), 'Your EspoCRM version doesn\'t match for this installation package.');
+            $res &= $this->checkVersions($manifest['acceptableVersions'], $this->getConfig()->get('version'), 'Your EspoCRM version ({version}) is not supported. Required version: {requiredVersion}.');
         }
 
         //check dependencies
@@ -244,6 +254,9 @@ abstract class Base
             }
         }
 
+        $errorMessage = preg_replace('/\{version\}/', $currentVersion, $errorMessage);
+        $errorMessage = preg_replace('/\{requiredVersion\}/', $version, $errorMessage);
+
         $this->throwErrorAndRemovePackage($errorMessage);
     }
 
@@ -266,17 +279,47 @@ abstract class Base
         return true;
     }
 
+    protected function getPackageType()
+    {
+        $manifest = $this->getManifest();
+
+        if (isset($manifest['type'])) {
+            return strtolower($manifest['type']);
+        }
+
+        return $this->defaultPackageType;
+    }
+
     protected function checkDependencies($dependencyList)
     {
         return true;
     }
 
     /**
-     * Run scripts by type
+     * Run a script by a type
      * @param  string $type Ex. "before", "after"
      * @return void
      */
     protected function runScript($type)
+    {
+        $beforeInstallScript = $this->getScriptPath($type);
+
+        if ($beforeInstallScript) {
+            $scriptNames = $this->getParams('scriptNames');
+            $scriptName = $scriptNames[$type];
+
+            require_once($beforeInstallScript);
+            $script = new $scriptName();
+
+            try {
+                $script->run($this->getContainer(), $this->scriptParams);
+            } catch (\Exception $e) {
+                $this->throwErrorAndRemovePackage($e->getMessage());
+            }
+        }
+    }
+
+    protected function getScriptPath($type)
     {
         $packagePath = $this->getPackagePath();
         $scriptNames = $this->getParams('scriptNames');
@@ -287,16 +330,8 @@ abstract class Base
         }
 
         $beforeInstallScript = Util::concatPath( array($packagePath, self::SCRIPTS, $scriptName) ) . '.php';
-
         if (file_exists($beforeInstallScript)) {
-            require_once($beforeInstallScript);
-            $script = new $scriptName();
-
-            try {
-                $script->run($this->getContainer(), $this->scriptParams);
-            } catch (\Exception $e) {
-                $this->throwErrorAndRemovePackage($e->getMessage());
-            }
+            return $beforeInstallScript;
         }
     }
 
@@ -474,6 +509,28 @@ abstract class Base
      * @return boolean
      */
     protected function copyFiles($type = null, $dest = '')
+    {
+        $filesPath = $this->getCopyFilesPath($type);
+
+        if ($filesPath) {
+            switch ($type) {
+                case 'vendor':
+                    $dest = $this->vendorDirName;
+                    break;
+            }
+
+            return $this->copy($filesPath, $dest, true);
+        }
+
+        return true;
+    }
+
+    /**
+     * Get needed file list based on type. E.g. file list for "beforeCopy" action
+     * @param  string $type
+     * @return boolean
+     */
+    protected function getCopyFilesPath($type = null)
     {
         switch ($type) {
             case 'before':
@@ -486,7 +543,6 @@ abstract class Base
                 $dirNames = $this->getParams('customDirNames');
                 if (isset($dirNames['vendor'])) {
                     $dirPath = $dirNames['vendor'];
-                    $dest = $this->vendorDirName;
                 }
                 break;
 
@@ -500,11 +556,9 @@ abstract class Base
             $filesPath = Util::concatPath($packagePath, $dirPath);
 
             if (file_exists($filesPath)) {
-                return $this->copy($filesPath, $dest, true);
+                return $filesPath;
             }
         }
-
-        return true;
     }
 
     protected function getVendorFileList($type = 'copy')
@@ -706,12 +760,15 @@ abstract class Base
 
     protected function checkIsWritable()
     {
-        $fullFileList = array_merge($this->getDeleteFileList(), $this->getCopyFileList());
+        $backupPath = $this->getPath('backupPath');
+        $fullFileList = array_merge([$backupPath], $this->getDeleteFileList(), $this->getCopyFileList());
 
         $result = $this->getFileManager()->isWritableList($fullFileList);
         if (!$result) {
             $permissionDeniedList = $this->getFileManager()->getLastPermissionDeniedList();
-            throw new Error("Permission denied for <br>". implode(", <br>", $permissionDeniedList));
+
+            $delimiter = $this->isCli() ? "\n" : "<br>";
+            throw new Error("Permission denied: " . $delimiter . implode($delimiter, $permissionDeniedList));
         }
     }
 
@@ -756,7 +813,8 @@ abstract class Base
             'useCache' => $config->get('useCache'),
         ];
 
-        $this->setParam('beforeMaintenanceModeParams', $actualParams);
+        $configParamName = $this->getTemporaryConfigParamName();
+        $config->set($configParamName, $actualParams);
 
         $save = false;
 
@@ -783,19 +841,40 @@ abstract class Base
     protected function disableMaintenanceMode()
     {
         $config = $this->getConfig();
-        $beforeMaintenanceModeParams = $this->getParams('beforeMaintenanceModeParams', []);
+
+        $configParamName = $this->getTemporaryConfigParamName();
+        $temporaryUpgradeParams = $config->get($configParamName, []);
 
         $save = false;
 
-        foreach ($beforeMaintenanceModeParams as $paramName => $paramValue) {
+        foreach ($temporaryUpgradeParams as $paramName => $paramValue) {
             if ($config->get($paramName) != $paramValue) {
                 $config->set($paramName, $paramValue);
                 $save = true;
             }
         }
 
+        if ($config->has($configParamName)) {
+            $config->remove($configParamName);
+            $save = true;
+        }
+
         if ($save) {
             $config->save();
         }
     }
+
+    protected function getTemporaryConfigParamName()
+    {
+        return 'temporaryUpgradeParams' . $this->getProcessId();
+    }
+
+    protected function isCli()
+    {
+        if (substr(php_sapi_name(), 0, 3) == 'cli') {
+            return true;
+        }
+
+        return false;
+    }
 }

application/Espo/Core/Upgrades/Actions/Base/Install.php

@@ -45,40 +45,107 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
 
         $GLOBALS['log']->debug('Installation process ['.$processId.']: start run.');
 
+        $this->stepInit($data);
+
+        $this->stepCopyBefore($data);
+        if ($this->getCopyFilesPath('before')) {
+            $this->stepRebuild($data);
+        }
+
+        $this->stepBeforeInstallScript($data);
+        if ($this->getScriptPath('before')) {
+            $this->stepRebuild($data);
+        }
+
+        $this->stepCopy($data);
+        $this->stepRebuild($data);
+
+        $this->stepCopyAfter($data);
+        if ($this->getCopyFilesPath('after')) {
+            $this->stepRebuild($data);
+        }
+
+        $this->stepAfterInstallScript($data);
+        if ($this->getScriptPath('after')) {
+            $this->stepRebuild($data);
+        }
+
+        $this->stepFinalize($data);
+
+        $GLOBALS['log']->debug('Installation process ['.$processId.']: end run.');
+    }
+
+    protected function initPackage(array $data)
+    {
+        $GLOBALS['log']->setLevel('info');
+
+        $processId = $data['id'];
+
         if (empty($processId)) {
             throw new Error('Installation package ID was not specified.');
         }
 
         $this->setProcessId($processId);
 
-        $this->initialize();
-
         /** check if an archive is unzipped, if no then unzip */
         $packagePath = $this->getPackagePath();
         if (!file_exists($packagePath)) {
             $this->unzipArchive();
             $this->isAcceptable();
         }
+    }
 
-        //check permissions copied and deleted files
+    public function stepInit(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "init" step.');
+
+        if (!$this->systemRebuild()) {
+            $this->throwErrorAndRemovePackage('Rebuild is failed. Fix all errors before upgrade.');
+        }
+
+        $this->initialize();
         $this->checkIsWritable();
-
         $this->enableMaintenanceMode();
-
         $this->beforeRunAction();
-
         $this->backupExistingFiles();
 
-        //beforeInstallFiles
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "init" step.');
+    }
+
+    public function stepCopyBefore(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "copyBefore" step.');
+
         if (!$this->copyFiles('before')) {
             $this->throwErrorAndRemovePackage('Cannot copy beforeInstall files.');
         }
 
-        /* run before install script */
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "copyBefore" step.');
+    }
+
+    public function stepBeforeInstallScript(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "beforeInstallScript" step.');
+
         if (!isset($data['skipBeforeScript']) || !$data['skipBeforeScript']) {
             $this->runScript('before');
         }
 
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "beforeInstallScript" step.');
+    }
+
+    public function stepCopy(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "copy" step.');
+
         /* remove files defined in a manifest "deleteBeforeCopy" */
         $this->deleteFiles('deleteBeforeCopy', true);
 
@@ -93,7 +160,14 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         $this->deleteFiles('vendor');
         $this->copyFiles('vendor');
 
-        $this->disableMaintenanceMode();
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "copy" step.');
+    }
+
+    public function stepRebuild(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "rebuild" step.');
 
         if (!isset($data['skipSystemRebuild']) || !$data['skipSystemRebuild']) {
             if (!$this->systemRebuild()) {
@@ -101,18 +175,45 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
             }
         }
 
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "rebuild" step.');
+    }
+
+    public function stepCopyAfter(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "copyAfter" step.');
+
         //afterInstallFiles
         if (!$this->copyFiles('after')) {
             $this->throwErrorAndRemovePackage('Cannot copy afterInstall files.');
         }
 
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "copyAfter" step.');
+    }
+
+    public function stepAfterInstallScript(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "afterInstallScript" step.');
+
         /* run after install script */
         if (!isset($data['skipAfterScript']) || !$data['skipAfterScript']) {
             $this->runScript('after');
         }
 
-        $this->afterRunAction();
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "afterInstallScript" step.');
+    }
 
+    public function stepFinalize(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "finalize" step.');
+
+        $this->disableMaintenanceMode();
+        $this->afterRunAction();
         $this->finalize();
 
         /* delete unziped files */
@@ -122,9 +223,18 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
             $this->getFileManager()->removeInDir([$this->getPath('backupPath'), self::FILES]);
         }
 
-        $GLOBALS['log']->debug('Installation process ['.$processId.']: end run.');
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "finalize" step.');
+    }
 
-        $this->clearCache();
+    public function stepRevert(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "revert" step.');
+
+        $this->restoreFiles();
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "revert" step.');
     }
 
     protected function restoreFiles()
@@ -134,6 +244,10 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         $backupPath = $this->getPath('backupPath');
         $backupFilePath = Util::concatPath($backupPath, self::FILES);
 
+        if (!file_exists($backupFilePath)) {
+            return true;
+        }
+
         $backupFileList = $this->getRestoreFileList();
         $copyFileList = $this->getCopyFileList();
         $deleteFileList = array_diff($copyFileList, $backupFileList);
@@ -150,7 +264,7 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         return $res;
     }
 
-    protected function throwErrorAndRemovePackage($errorMessage = '')
+    public function throwErrorAndRemovePackage($errorMessage = '')
     {
         $this->restoreFiles();
         parent::throwErrorAndRemovePackage($errorMessage);

application/Espo/Core/Upgrades/Actions/Base/Uninstall.php

@@ -155,7 +155,7 @@ class Uninstall extends \Espo\Core\Upgrades\Actions\Base
         return $res;
     }
 
-    protected function throwErrorAndRemovePackage($errorMessage = '')
+    public function throwErrorAndRemovePackage($errorMessage = '')
     {
         $this->restoreFiles();
         throw new Error($errorMessage);

application/Espo/Core/Upgrades/Actions/Extension/Install.php

@@ -186,7 +186,7 @@ class Install extends \Espo\Core\Upgrades\Actions\Base\Install
      * @param  string $errorMessage
      * @return void
      */
-    protected function throwErrorAndRemovePackage($errorMessage = '')
+    public function throwErrorAndRemovePackage($errorMessage = '')
     {
         if (!$this->isNew()) {
             throw new Error($errorMessage);

application/Espo/Core/Upgrades/Actions/Upgrade/Install.php

@@ -28,8 +28,19 @@
  ************************************************************************/
 
 namespace Espo\Core\Upgrades\Actions\Upgrade;
+
 class Install extends \Espo\Core\Upgrades\Actions\Base\Install
 {
+    public function stepBeforeUpgradeScript(array $data)
+    {
+        return $this->stepBeforeInstallScript($data);
+    }
+
+    public function stepAfterUpgradeScript(array $data)
+    {
+        return $this->stepAfterInstallScript($data);
+    }
+
     protected function finalize()
     {
         $manifest = $this->getManifest();

application/Espo/Core/Upgrades/Base.php

@@ -29,9 +29,10 @@
 
 namespace Espo\Core\Upgrades;
 
-use Espo\Core\Utils\Util,
-    Espo\Core\Utils\Json,
-    Espo\Core\Exceptions\Error;
+use Espo\Core\Utils\Util;
+use Espo\Core\Utils\Json;
+use Espo\Core\Exceptions\Error;
+use Espo\Core\Exceptions\NotFound;
 
 abstract class Base
 {
@@ -71,6 +72,14 @@ abstract class Base
         return $this->getActionManager()->getManifest();
     }
 
+    public function getManifestById($processId)
+    {
+        $actionClass = $this->getActionManager()->getActionClass(self::INSTALL);
+        $actionClass->setProcessId($processId);
+
+        return $actionClass->getManifest();
+    }
+
     public function upload($data)
     {
         $this->getActionManager()->setAction(self::UPLOAD);
@@ -98,4 +107,28 @@ abstract class Base
 
         return $this->getActionManager()->run($processId);
     }
+
+    public function runInstallStep($stepName, array $params = [])
+    {
+        return $this->runActionStep(self::INSTALL, $stepName, $params);
+    }
+
+    protected function runActionStep($actionName, $stepName, array $params = [])
+    {
+        $actionClass = $this->getActionManager()->getActionClass($actionName);
+        $methodName = 'step' . ucfirst($stepName);
+
+        if (!method_exists($actionClass, $methodName)) {
+            if (!empty($params['id'])) {
+                $actionClass->setProcessId($params['id']);
+                $actionClass->throwErrorAndRemovePackage('Step "'. $stepName .'" is not found.');
+            }
+
+            throw new Error('Step "'. $stepName .'" is not found.');
+        }
+
+        $actionClass->$methodName($params); // throw an Exception on error
+
+        return true;
+    }
 }

application/Espo/Core/Utils/Api/Auth.php

@@ -31,6 +31,8 @@ namespace Espo\Core\Utils\Api;
 
 use \Espo\Core\Utils\Api\Slim;
 
+use \Espo\Core\Utils\Auth as AuthUtil;
+
 class Auth extends \Slim\Middleware
 {
     protected $auth;
@@ -39,7 +41,7 @@ class Auth extends \Slim\Middleware
 
     protected $showDialog = false;
 
-    public function __construct(\Espo\Core\Utils\Auth $auth, $authRequired = null, $showDialog = false)
+    public function __construct(AuthUtil $auth, $authRequired = null, $showDialog = false)
     {
         $this->auth = $auth;
         $this->authRequired = $authRequired;
@@ -128,14 +130,14 @@ class Auth extends \Slim\Middleware
 
         if ($username) {
             try {
-                $isAuthenticated = $this->auth->login($username, $password, $authenticationMethod);
+                $authResult = $this->auth->login($username, $password, $authenticationMethod);
             } catch (\Exception $e) {
                 $this->processException($e);
                 return;
             }
 
-            if ($isAuthenticated) {
-                $this->next->call();
+            if ($authResult) {
+                $this->handleAuthResult($authResult);
             } else {
                 $this->processUnauthorized();
             }
@@ -147,6 +149,31 @@ class Auth extends \Slim\Middleware
         }
     }
 
+    protected function handleAuthResult(array $authResult)
+    {
+        $status = $authResult['status'];
+
+        $response = $this->app->response();
+
+        if ($status === AuthUtil::STATUS_SUCCESS) {
+            $this->next->call();
+            return;
+        }
+
+        if ($status === AuthUtil::STATUS_SECOND_STEP_REQUIRED) {
+            $response->setStatus(401);
+            $response->headers->set('X-Status-Reason', 'second-step-required');
+
+            $bodyData = [
+                'status' => $status,
+                'message' => $authResult['message'] ?? null,
+                'view' => $authResult['view'] ?? null,
+                'token' => $authResult['token'] ?? null,
+            ];
+            $response->setBody(json_encode($bodyData));
+        }
+    }
+
     protected function processException(\Exception $e)
     {
         $response = $this->app->response();

application/Espo/Core/Utils/Api/Output.php

@@ -71,7 +71,7 @@ class Output
         echo $data;
     }
 
-    public function processError(string $message = 'Error', int $statusCode = 500, bool $toPrint = false, $exception = null)
+    public function processError(string $message = 'Error', $statusCode = 500, bool $toPrint = false, $exception = null)
     {
         $currentRoute = $this->getSlim()->router()->getCurrentRoute();
 
@@ -99,17 +99,31 @@ class Output
         $this->displayError($message, $statusCode, $toPrint, $exception);
     }
 
-    public function displayError(string $text, int $statusCode = 500, bool $toPrint = false, $exception = null)
+    public function displayError(string $text, $statusCode = 500, bool $toPrint = false, $exception = null)
     {
         $logLevel = 'error';
+        $messageLineFile = null;
+
+        if ($exception) {
+            $messageLineFile = 'line: ' . $exception->getLine() . ', file: ' . $exception->getFile();
+        }
+
         if ($exception && !empty($exception->logLevel)) {
             $logLevel = $exception->logLevel;
         }
+
         $logMessageItemList = [];
+
         if ($text) $logMessageItemList[] = "{$text}";
+
         if (!empty($this->slim)) {
             $logMessageItemList[] = $this->getSlim()->request()->getMethod() . ' ' .$_SERVER['REQUEST_URI'];
         }
+
+        if ($messageLineFile) {
+            $logMessageItemList[] = $messageLineFile;
+        }
+
         $logMessage = "($statusCode) " . implode("; ", $logMessageItemList);
 
         $GLOBALS['log']->log($logLevel, $logMessage);
@@ -134,6 +148,8 @@ class Output
             if ($toPrint) {
                 $status = $this->getCodeDescription($statusCode);
                 $status = isset($status) ? $statusCode.' '.$status : 'HTTP '.$statusCode;
+                if ($text)
+                    $text = htmlspecialchars($text);
                 $this->getSlim()->printError($text, $status);
             }
 

application/Espo/Core/Utils/Auth.php

@@ -52,6 +52,10 @@ class Auth
 
     private $portal;
 
+    const STATUS_SUCCESS = 'success';
+
+    const STATUS_SECOND_STEP_REQUIRED = 'secondStepRequired';
+
     public function __construct(\Espo\Core\Container $container, $allowAnyAccess = false)
     {
         $this->container = $container;
@@ -71,18 +75,40 @@ class Auth
         return $this->getConfig()->get('authenticationMethod', 'Espo');
     }
 
-    protected function getAuthentication($authenticationMethod)
+    protected function getAuthenticationImpl(string $method) : \Espo\Core\Utils\Authentication\Base
     {
-        $authenticationMethod = preg_replace('/[^a-zA-Z0-9]+/', '', $authenticationMethod);
+        $className = $this->getMetadata()->get([
+            'authenticationMethods', $method, 'implementationClassName'
+        ]);
 
-        $authenticationClassName = "\\Espo\\Custom\\Core\\Utils\\Authentication\\" . $authenticationMethod;
-        if (!class_exists($authenticationClassName)) {
-            $authenticationClassName = "\\Espo\\Core\\Utils\\Authentication\\" . $authenticationMethod;
+        if (!$className) {
+            $sanitizedName = preg_replace('/[^a-zA-Z0-9]+/', '', $method);
+
+            $className = "\\Espo\\Custom\\Core\\Utils\\Authentication\\" . $sanitizedName;
+            if (!class_exists($className)) {
+                $className = "\\Espo\\Core\\Utils\\Authentication\\" . $sanitizedName;
+            }
         }
 
-        $authentication = new $authenticationClassName($this->getConfig(), $this->getEntityManager(), $this);
+        return new $className($this->getConfig(), $this->getEntityManager(), $this, $this->getContainer());
+    }
 
-        return $authentication;
+    protected function get2FAImpl(string $method) : \Espo\Core\Utils\Authentication\TwoFA\Base
+    {
+        $className = $this->getMetadata()->get([
+            'app', 'auth2FAMethods', $method, 'implementationClassName'
+        ]);
+
+        if (!$className) {
+            $sanitizedName = preg_replace('/[^a-zA-Z0-9]+/', '', $method);
+
+            $className = "\\Espo\\Custom\\Core\\Utils\\Authentication\\TwoFA\\" . $sanitizedName;
+            if (!class_exists($className)) {
+                $className = "\\Espo\\Core\\Utils\\Authentication\\TwoFA\\" . $sanitizedName;
+            }
+        }
+
+        return $this->getContainer()->get('injectableFactory')->createByClassName($className);
     }
 
     protected function setPortal(Portal $portal)
@@ -116,6 +142,11 @@ class Auth
         return $this->getContainer()->get('entityManager');
     }
 
+    protected function getMetadata()
+    {
+        return $this->getContainer()->get('metadata');
+    }
+
     public function useNoAuth()
     {
         $entityManager = $this->getContainer()->get('entityManager');
@@ -142,6 +173,14 @@ class Auth
             }
         }
 
+        $createTokenSecret = $this->request->headers->get('Espo-Authorization-Create-Token-Secret') === 'true';
+
+        if ($createTokenSecret) {
+            if ($this->getConfig()->get('authTokenSecretDisabled')) {
+                $createTokenSecret = false;
+            }
+        }
+
         if (!$isByTokenOnly) {
             $this->checkFailedAttemptsLimit($username);
         }
@@ -153,6 +192,15 @@ class Auth
             $authToken = $this->getEntityManager()->getRepository('AuthToken')->where([
                 'token' => $password
             ])->findOne();
+
+            if ($authToken) {
+                if ($authToken->get('secret')) {
+                    $sentSecret = $_COOKIE['auth-token-secret'] ?? null;
+                    if ($sentSecret !== $authToken->get('secret')) {
+                        $authToken = null;
+                    }
+                }
+            }
         }
 
         if ($authToken) {
@@ -191,13 +239,15 @@ class Auth
             $authenticationMethod = $this->getDefaultAuthenticationMethod();
         }
 
-        $authentication = $this->getAuthentication($authenticationMethod);
+        $authenticationImpl = $this->getAuthenticationImpl($authenticationMethod);
 
         $params = [
-            'isPortal' => $this->isPortal()
+            'isPortal' => $this->isPortal(),
         ];
 
-        $user = $authentication->login($username, $password, $authToken, $params, $this->request);
+        $loginResultData = [];
+
+        $user = $authenticationImpl->login($username, $password, $authToken, $params, $this->request, $loginResultData);
 
         $authLogRecord = null;
 
@@ -247,7 +297,31 @@ class Auth
         $this->getEntityManager()->setUser($user);
         $this->getContainer()->setUser($user);
 
-        if ($this->request->headers->get('Http-Espo-Authorization')) {
+        $secondStepRequired = false;
+
+        if (!$authToken && $this->getConfig()->get('auth2FA')) {
+            $twoFAMethod = $this->getUser2FAMethod($user);
+            if ($twoFAMethod) {
+                $twoFAImpl = $this->get2FAImpl($twoFAMethod);
+
+                $twoFACode = $this->request->headers->get('Espo-Authorization-Code');
+
+                if ($twoFACode) {
+                    if (!$twoFAImpl->verifyCode($user, $twoFACode)) {
+                        return;
+                    }
+                } else {
+                    $loginResultData = $twoFAImpl->getLoginData($user);
+                    $secondStepRequired = true;
+                }
+            }
+        }
+
+        if (!$secondStepRequired) {
+            $secondStepRequired = $loginResultData['secondStepRequired'] ?? false;
+        }
+
+        if (!$secondStepRequired && $this->request->headers->get('Http-Espo-Authorization')) {
             if (!$authToken) {
                 $authToken = $this->getEntityManager()->getEntity('AuthToken');
                 $token = $this->generateToken();
@@ -255,6 +329,13 @@ class Auth
                 $authToken->set('hash', $user->get('password'));
                 $authToken->set('ipAddress', $_SERVER['REMOTE_ADDR']);
                 $authToken->set('userId', $user->id);
+
+                if ($createTokenSecret) {
+                    $secret = $this->generateToken();
+                    $authToken->set('secret', $secret);
+                    $this->setSecretInCookie($secret);
+                }
+
                 if ($this->isPortal()) {
                     $authToken->set('portalId', $this->getPortal()->id);
                 }
@@ -262,7 +343,7 @@ class Auth
                 if ($this->getConfig()->get('authTokenPreventConcurrent')) {
                     $concurrentAuthTokenList = $this->getEntityManager()->getRepository('AuthToken')->select(['id'])->where([
                         'userId' => $user->id,
-                        'isActive' => true
+                        'isActive' => true,
                     ])->find();
                     foreach ($concurrentAuthTokenList as $concurrentAuthToken) {
                         $concurrentAuthToken->set('isActive', false);
@@ -295,7 +376,32 @@ class Auth
             $user->set('authLogRecordId', $authLogRecord->id);
         }
 
-        return true;
+        if ($secondStepRequired) {
+            return [
+                'status' => self::STATUS_SECOND_STEP_REQUIRED,
+                'message' => $loginResultData['message'] ?? null,
+                'token' => $loginResultData['token'] ?? null,
+                'view' => $loginResultData['view'] ?? null,
+            ];
+        }
+
+        return [
+            'status' => self::STATUS_SUCCESS,
+        ];
+    }
+
+    protected function getUser2FAMethod(\Espo\Entities\User $user) : ?string
+    {
+        $userData = $this->getEntityManager()->getRepository('UserData')->getByUserId($user->id);
+        if (!$userData) return null;
+        if (!$userData->get('auth2FA')) return null;
+
+        $method = $userData->get('auth2FAMethod');
+
+        if (!$method) return null;
+        if (!in_array($method, $this->getConfig()->get('auth2FAMethodList', []))) return null;
+
+        return $method;
     }
 
     protected function checkFailedAttemptsLimit($username = null)
@@ -334,10 +440,16 @@ class Auth
 
     public function destroyAuthToken($token)
     {
-        $authToken = $this->getEntityManager()->getRepository('AuthToken')->select(['id', 'isActive'])->where(['token' => $token])->findOne();
+        $authToken = $this->getEntityManager()->getRepository('AuthToken')->select(['id', 'isActive', 'secret'])->where(['token' => $token])->findOne();
         if ($authToken) {
             $authToken->set('isActive', false);
             $this->getEntityManager()->saveEntity($authToken);
+            if ($authToken->get('secret')) {
+                $sentSecret = $_COOKIE['auth-token-secret'] ?? null;
+                if ($sentSecret === $authToken->get('secret')) {
+                    setcookie('auth-token-secret', null, -1, '/');
+                }
+            }
             return true;
         }
     }
@@ -379,4 +491,19 @@ class Auth
         $authLogRecord->set('denialReason', $denialReason);
         $this->getEntityManager()->saveEntity($authLogRecord);
     }
+
+    protected function setSecretInCookie(string $secret)
+    {
+        if (version_compare(\PHP_VERSION, '7.3.0') < 0) {
+            setcookie('auth-token-secret', $secret, strtotime('+1000 days'), '/', '', false, true);
+            return;
+        }
+
+        setcookie('auth-token-secret', $secret, [
+            'expires' => strtotime('+1000 days'),
+            'path' => '/',
+            'httponly' => true,
+            'samesite' => 'Lax',
+        ]);
+    }
 }