stream fix

.gitignore

@@ -15,4 +15,5 @@ npm-debug.log
 /tests/integration/config.php
 composer.phar
 vendor/
-/custom/Espo/Custom/*
+/custom/Espo/Custom/*
+/install/config.php

.htaccess

@@ -9,13 +9,9 @@ DirectoryIndex index.php index.html
 
   # PROTECTED DIRECTORIES
   RewriteCond %{REQUEST_FILENAME} -d
-  RewriteRule ^/?(data|api|client)/ - [F]
+  RewriteRule ^/?(api|client)/ - [F]
 
-  RewriteRule ^/?data/config\.php$ - [F]
-  RewriteRule ^/?data/logs/ - [F]
-  RewriteRule ^/?data/cache/ - [F]
-  RewriteRule ^/?data/upload/ - [F]
-  RewriteRule ^/?data/\.backup/ - [F]
+  RewriteRule ^/?data/ - [F]
   RewriteRule ^/?application/ - [F]
   RewriteRule ^/?custom/ - [F]
   RewriteRule ^/?vendor/ - [F]

Gruntfile.js

@@ -126,7 +126,7 @@ module.exports = function (grunt) {
             start: ['build/EspoCRM-*'],
             final: ['build/tmp'],
             beforeFinal: {
-                src: ['build/tmp/custom/Espo/Custom/*', '!build/tmp/custom/Espo/Custom/.htaccess']
+                src: ['build/tmp/custom/Espo/Custom/*', '!build/tmp/custom/Espo/Custom/.htaccess', 'build/tmp/install/config.php']
             }
         },
         less: lessData,
@@ -190,6 +190,7 @@ module.exports = function (grunt) {
                     'extension.php',
                     'websocket.php',
                     'command.php',
+                    'oauth-callback.php',
                     'index.php',
                     'LICENSE.txt',
                     '.htaccess',

README.md

@@ -9,7 +9,7 @@ Download the latest release from our [website](http://www.espocrm.com).
 ### Requirements
 
 * PHP 7.1 or above (with pdo, json, gd, openssl, zip, imap, mbstring, curl extensions);
-* MySQL 5.5.3 or above, or MariaDB.
+* MySQL 5.6.0 or above, or MariaDB.
 
 For more information about server configuration see [this article](https://www.espocrm.com/documentation/administration/server-configuration/).
 

application/Espo/Acl/Webhook.php

@@ -0,0 +1,73 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Acl;
+
+use \Espo\Entities\User as EntityUser;
+use \Espo\ORM\Entity;
+
+class Webhook extends \Espo\Core\Acl\Base
+{
+    public function checkIsOwner(EntityUser $user, Entity $entity)
+    {
+        return $user->id === $entity->get('userId') && $user->isApi();
+    }
+
+    public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if (!$data) return false;
+        if ($user->isApi() && $user->id === $entity->get('userId')) return true;
+        return false;
+    }
+
+    public function checkEntityRead(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if (!$data) return false;
+        if ($user->isApi() && $user->id === $entity->get('userId')) return true;
+        return false;
+    }
+
+    public function checkEntityDelete(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if (!$data) return false;
+        if ($user->isApi() && $user->id === $entity->get('userId')) return true;
+        return false;
+    }
+
+    public function checkEntityEdit(EntityUser $user, Entity $entity, $data)
+    {
+        if ($user->isAdmin()) return true;
+        if (!$data) return false;
+        if ($user->isApi() && $user->id === $entity->get('userId')) return true;
+        return false;
+    }
+}

application/Espo/Controllers/ActionHistoryRecord.php

@@ -67,4 +67,9 @@ class ActionHistoryRecord extends \Espo\Core\Controllers\Record
     {
         throw new Forbidden();
     }
+
+    public function beforeMassConvertCurrency()
+    {
+        throw new Forbidden();
+    }
 }

application/Espo/Controllers/AuthLogRecord.php

@@ -64,4 +64,9 @@ class AuthLogRecord extends \Espo\Core\Controllers\Record
     {
         throw new Forbidden();
     }
+
+    public function beforeMassConvertCurrency()
+    {
+        throw new Forbidden();
+    }
 }

application/Espo/Controllers/AuthToken.php

@@ -94,4 +94,9 @@ class AuthToken extends \Espo\Core\Controllers\Record
     {
         throw new Forbidden();
     }
+
+    public function beforeMassConvertCurrency()
+    {
+        throw new Forbidden();
+    }
 }

application/Espo/Controllers/DashboardTemplate.php

@@ -0,0 +1,67 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\BadRequest;
+
+class DashboardTemplate extends \Espo\Core\Controllers\Record
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function postActionDeployToUsers($params, $data)
+    {
+        if (empty($data->id)) throw new BadRequest();
+        if (empty($data->userIdList)) throw new BadRequest();
+
+        return $this->getServiceFactory()->create('DashboardTemplate')->deployToUsers(
+            $data->id,
+            $data->userIdList,
+            !empty($data->append)
+        );
+    }
+
+    public function postActionDeployToTeam($params, $data)
+    {
+        if (empty($data->id)) throw new BadRequest();
+        if (empty($data->teamId)) throw new BadRequest();
+
+        return $this->getServiceFactory()->create('DashboardTemplate')->deployToTeam(
+            $data->id,
+            $data->teamId,
+            !empty($data->append)
+        );
+    }
+}

application/Espo/Controllers/EntityManager.php

@@ -92,6 +92,9 @@ class EntityManager extends \Espo\Core\Controllers\Base
         if (isset($data['fullTextSearch'])) {
             $params['fullTextSearch'] = $data['fullTextSearch'];
         }
+        if (isset($data['countDisabled'])) {
+            $params['countDisabled'] = $data['countDisabled'];
+        }
 
         $params['kanbanViewMode'] = !empty($data['kanbanViewMode']);
         if (!empty($data['kanbanStatusIgnoreList'])) {

application/Espo/Controllers/FieldManager.php

@@ -121,6 +121,8 @@ class FieldManager extends \Espo\Core\Controllers\Base
 
         $this->getContainer()->get('fieldManager')->resetToDefault($data->scope, $data->name);
 
+        $this->getContainer()->get('dataManager')->clearCache();
+
         $this->getContainer()->get('dataManager')->rebuildMetadata();
 
         return true;

application/Espo/Controllers/I18n.php

@@ -33,9 +33,13 @@ class I18n extends \Espo\Core\Controllers\Base
 {
     public function actionRead($params, $data, $request)
     {
-        if ($request->get('default')) {
+        $default = $request->get('default') === 'true';
+
+        return $this->getServiceFactory()->create('Language')->getDataForFrontend($default);
+
+        /*if ($request->get('default')) {
             return $this->getContainer()->get('defaultLanguage')->getAll();
         }
-        return $this->getContainer()->get('language')->getAll();
+        return $this->getContainer()->get('language')->getAll();*/
     }
 }

application/Espo/Controllers/Layout.php

@@ -39,11 +39,7 @@ class Layout extends \Espo\Core\Controllers\Base
 {
     public function actionRead($params, $data)
     {
-        $data = $this->getContainer()->get('layout')->get($params['scope'], $params['name']);
-        if (empty($data)) {
-            throw new NotFound("Layout " . $params['scope'] . ":" . $params['name'] . ' is not found.');
-        }
-        return $data;
+        return $this->getServiceFactory()->create('Layout')->getForFrontend($params['scope'], $params['name']);
     }
 
     public function actionUpdate($params, $data, $request)

application/Espo/Controllers/LeadCapture.php

@@ -69,4 +69,11 @@ class LeadCapture extends \Espo\Core\Controllers\Record
 
         return $this->getRecordService()->generateNewApiKeyForEntity($data->id)->getValueMap();
     }
+
+    public function getActionSmtpAccountDataList()
+    {
+        if (!$this->getUser()->isAdmin()) throw new Forbidden();
+
+        return $this->getServiceFactory()->create('LeadCapture')->getSmtpAccountDataList();
+    }
 }

application/Espo/Controllers/Metadata.php

@@ -36,7 +36,7 @@ class Metadata extends \Espo\Core\Controllers\Base
 
     public function actionRead($params, $data)
     {
-        return $this->getMetadata()->getAllForFrontend();
+        return $this->getServiceFactory()->create('Metadata')->getDataForFrontend();
     }
 
     public function getActionGet($params, $data, $request)

application/Espo/Controllers/ScheduledJob.php

@@ -25,10 +25,12 @@
  *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
- ************************************************************************/ 
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
+use Espo\Core\Exceptions\Forbidden;
+
 class ScheduledJob extends \Espo\Core\Controllers\Record
 {
     protected function checkControllerAccess()

application/Espo/Controllers/ScheduledJobLogRecord.php

@@ -25,10 +25,12 @@
  *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
- ************************************************************************/ 
+ ************************************************************************/
 
 namespace Espo\Controllers;
 
+use Espo\Core\Exceptions\Forbidden;
+
 class ScheduledJobLogRecord extends \Espo\Core\Controllers\Record
 {
     protected function checkControllerAccess()
@@ -38,4 +40,3 @@ class ScheduledJobLogRecord extends \Espo\Core\Controllers\Record
         }
     }
 }
-

application/Espo/Controllers/Settings.php

@@ -29,13 +29,11 @@
 
 namespace Espo\Controllers;
 
-use \Espo\Core\Exceptions\Error;
-use \Espo\Core\Exceptions\Forbidden;
-use \Espo\Core\Exceptions\BadRequest;
+use Espo\Core\Exceptions\Forbidden;
+use Espo\Core\Exceptions\BadRequest;
 
 class Settings extends \Espo\Core\Controllers\Base
 {
-
     protected function getConfigData()
     {
         $data = $this->getServiceFactory()->create('Settings')->getConfigData();

application/Espo/Controllers/Stream.php

@@ -46,6 +46,7 @@ class Stream extends \Espo\Core\Controllers\Base
         $maxSize = intval($request->get('maxSize'));
         $after = $request->get('after');
         $filter = $request->get('filter');
+        $skipOwn = $request->get('skipOwn') === 'true';
 
         $service = $this->getService('Stream');
 
@@ -61,7 +62,8 @@ class Stream extends \Espo\Core\Controllers\Base
             'offset' => $offset,
             'maxSize' => $maxSize,
             'after' => $after,
-            'filter' => $filter
+            'filter' => $filter,
+            'skipOwn' => $skipOwn,
         ]);
 
         return (object) [
@@ -96,7 +98,7 @@ class Stream extends \Espo\Core\Controllers\Base
             'maxSize' => $maxSize,
             'after' => $after,
             'filter' => 'posts',
-            'where' => $where
+            'where' => $where,
         ]);
 
         return (object) [

application/Espo/Controllers/User.php

@@ -69,24 +69,28 @@ class User extends \Espo\Core\Controllers\Record
             throw new BadRequest();
         }
 
-        $p = $this->getEntityManager()->getRepository('PasswordChangeRequest')->where(array(
-            'requestId' => $data->requestId
-        ))->findOne();
+        if ($this->getConfig()->get('passwordRecoveryDisabled')) {
+            throw new Forbidden("Password recovery disabled");
+        }
 
-        if (!$p) {
+        $request = $this->getEntityManager()->getRepository('PasswordChangeRequest')->where([
+            'requestId' => $data->requestId
+        ])->findOne();
+
+        if (!$request) {
             throw new Forbidden();
         }
-        $userId = $p->get('userId');
+
+        $userId = $request->get('userId');
         if (!$userId) {
             throw new Error();
         }
 
-        $this->getEntityManager()->removeEntity($p);
-
         if ($this->getService('User')->changePassword($userId, $data->password)) {
-            return array(
-                'url' => $p->get('url')
-            );
+            $this->getEntityManager()->removeEntity($request);
+            return [
+                'url' => $request->get('url')
+            ];
         }
     }
 
@@ -113,6 +117,14 @@ class User extends \Espo\Core\Controllers\Record
         return $this->getRecordService()->generateNewApiKeyForEntity($data->id)->getValueMap();
     }
 
+    public function postActionGenerateNewPassword($params, $data, $request)
+    {
+        if (empty($data->id)) throw new BadRequest();
+        if (!$this->getUser()->isAdmin()) throw new Forbidden();
+        $this->getRecordService()->generateNewPasswordForUser($data->id);
+        return true;
+    }
+
     public function beforeCreateLink()
     {
         if (!$this->getUser()->isAdmin()) throw new Forbidden();

application/Espo/Controllers/UserSecurity.php

@@ -0,0 +1,77 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\Forbidden;
+use \Espo\Core\Exceptions\NotFound;
+use \Espo\Core\Exceptions\BadRequest;
+
+class UserSecurity extends \Espo\Core\Controllers\Base
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin() && !$this->getUser()->isRegular()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function getActionRead($params, $data, $request)
+    {
+        $id = $params['id'] ?? null;
+
+        if (!$id) throw new BadRequest();
+        if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
+
+        return $this->getService('UserSecurity')->read($id);
+    }
+
+    public function postActionGenerate2FAData($params, $data)
+    {
+        $data = $data ?? (object) [];
+        $id = $data->id;
+
+        if (!$id) throw new BadRequest();
+        if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
+
+        return $this->getService('UserSecurity')->generate2FAData($id, $data);
+    }
+
+    public function putActionUpdate($params, $data)
+    {
+        $id = $params['id'] ?? null;
+        $data = $data ?? (object) [];
+
+        if (!$id) throw new BadRequest();
+        if (!$this->getUser()->isAdmin() && $id !== $this->getUser()->id) throw new Forbidden();
+
+        return $this->getService('UserSecurity')->update($id, $data);
+    }
+}

application/Espo/Controllers/Webhook.php

@@ -0,0 +1,50 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Controllers;
+
+use \Espo\Core\Exceptions\Error;
+use \Espo\Core\Exceptions\Forbidden;
+
+class Webhook extends \Espo\Core\Controllers\Record
+{
+    protected function checkControllerAccess()
+    {
+        if (!$this->getUser()->isAdmin() && !$this->getUser()->isApi()) {
+            throw new Forbidden();
+        }
+    }
+
+    public function actionCreate($params, $data, $request, $response = null)
+    {
+        $result = parent::actionCreate($params, $data, $request, $response);
+        if ($response) $response->setStatus(201);
+        return $result;
+    }
+}

application/Espo/Core/Acl/GlobalRestricton.php

@@ -60,21 +60,45 @@ class GlobalRestricton
     public function __construct(
         \Espo\Core\Utils\Metadata $metadata,
         \Espo\Core\Utils\File\Manager $fileManager,
-        \Espo\Core\Utils\FieldManagerUtil $fieldManagerUtil
+        \Espo\Core\Utils\FieldManagerUtil $fieldManagerUtil,
+        bool $useCache = true
     )
     {
         $this->metadata = $metadata;
         $this->fileManager = $fileManager;
         $this->fieldManagerUtil = $fieldManagerUtil;
 
-        if (!file_exists($this->cacheFilePath)) {
-            $this->buildCacheFile();
+        $isFromCache = false;
+
+        if ($useCache) {
+            if (file_exists($this->cacheFilePath)) {
+                $this->data = include($this->cacheFilePath);
+                $isFromCache = true;
+
+                if (!($this->data instanceof \StdClass)) {
+                    $GLOBALS['log']->error("ACL GlobalRestricton: Bad data fetched from cache.");
+                    $this->data = null;
+                }
+            }
         }
 
-        $this->data = include($this->cacheFilePath);
+        if (!$this->data) {
+            $this->buildData();
+        }
+
+        if ($useCache) {
+            if (!$isFromCache) {
+                $this->storeCacheFile();
+            }
+        }
     }
 
-    protected function buildCacheFile()
+    protected function storeCacheFile()
+    {
+        $this->getFileManager()->putPhpContents($this->cacheFilePath, $this->data, true);
+    }
+
+    protected function buildData()
     {
         $scopeList = array_keys($this->getMetadata()->get(['entityDefs'], []));
 
@@ -127,8 +151,6 @@ class GlobalRestricton
         }
 
         $this->data = $data;
-
-        $this->getFileManager()->putPhpContents($this->cacheFilePath, $data, true);
     }
 
     protected function getMetadata()

application/Espo/Core/Acl/Table.php

@@ -88,7 +88,7 @@ class Table
         if ($this->isStrictModeForced) {
             $this->isStrictMode = true;
         } else {
-            $this->isStrictMode = $config->get('aclStrictMode', false);
+            $this->isStrictMode = $config->get('aclStrictMode', true);
         }
 
         $this->user = $user;

application/Espo/Core/AclManager.php

@@ -59,7 +59,8 @@ class AclManager
         $this->globalRestricton = new \Espo\Core\Acl\GlobalRestricton(
             $container->get('metadata'),
             $container->get('fileManager'),
-            $container->get('fieldManagerUtil')
+            $container->get('fieldManagerUtil'),
+            $container->get('config')->get('useCache')
         );
     }
 

application/Espo/Core/AclPortal/Base.php

@@ -104,6 +104,13 @@ class Base extends \Espo\Core\Acl\Base
             }
             if ($inAccount) {
                 return true;
+            } else {
+                if (is_null($isOwnContact) && $entity) {
+                    $isOwnContact = $this->checkIsOwnContact($user, $entity);
+                }
+                if ($isOwnContact) {
+                    return true;
+                }
             }
         }
 
@@ -117,7 +124,6 @@ class Base extends \Espo\Core\Acl\Base
         }
 
         return false;
-
     }
 
     public function checkReadOnlyAccount(User $user, $data)
@@ -152,13 +158,13 @@ class Base extends \Espo\Core\Acl\Base
     {
         $accountIdList = $user->getLinkMultipleIdList('accounts');
         if (count($accountIdList)) {
-            if ($entity->hasAttribute('accountId')) {
+            if ($entity->hasAttribute('accountId') && $entity->getRelationParam('account', 'entity') === 'Account') {
                 if (in_array($entity->get('accountId'), $accountIdList)) {
                     return true;
                 }
             }
 
-            if ($entity->hasRelation('accounts')) {
+            if ($entity->hasRelation('accounts') && $entity->getRelationParam('accounts', 'entity') === 'Account') {
                 $repository = $this->getEntityManager()->getRepository($entity->getEntityType());
                 foreach ($accountIdList as $accountId) {
                     if ($repository->isRelated($entity, 'accounts', $accountId)) {
@@ -183,13 +189,13 @@ class Base extends \Espo\Core\Acl\Base
     {
         $contactId = $user->get('contactId');
         if ($contactId) {
-            if ($entity->hasAttribute('contactId')) {
+            if ($entity->hasAttribute('contactId') && $entity->getRelationParam('contact', 'entity') === 'Contact') {
                 if ($entity->get('contactId') === $contactId) {
                     return true;
                 }
             }
 
-            if ($entity->hasRelation('contacts')) {
+            if ($entity->hasRelation('contacts') && $entity->getRelationParam('contacts', 'entity') === 'Contact') {
                 $repository = $this->getEntityManager()->getRepository($entity->getEntityType());
                 if ($repository->isRelated($entity, 'contacts', $contactId)) {
                     return true;
@@ -207,6 +213,4 @@ class Base extends \Espo\Core\Acl\Base
 
         return false;
     }
-
 }
-

application/Espo/Core/Console/Commands/Upgrade.php

@@ -29,9 +29,137 @@
 
 namespace Espo\Core\Console\Commands;
 
+use Espo\Core\Exceptions\Error;
+
 class Upgrade extends Base
 {
-    public function run()
+    protected $upgradeManager;
+
+    protected $upgradeStepList = [
+        'copyBefore',
+        'rebuild',
+        'beforeUpgradeScript',
+        'rebuild',
+        'copy',
+        'rebuild',
+        'copyAfter',
+        'rebuild',
+        'afterUpgradeScript',
+        'rebuild',
+    ];
+
+    public function run($options, $flagList, $argumentList)
+    {
+        $params = $this->normalizeParams($options, $flagList, $argumentList);
+
+        switch ($params['mode']) {
+            case 'local':
+                $this->runLocalUpgrade($params);
+                break;
+
+            default:
+            case 'remote':
+                $this->runRemoteUpgrade($params);
+                break;
+        }
+    }
+
+    /**
+     * Normalize params. Permitted options and flags and $arguments:
+     * -y - without confirmation
+     * -s - single process
+     * --file="EspoCRM-upgrade.zip"
+     * --step="beforeUpgradeScript"
+     * @param  array $options
+     * @param  array $flagList
+     * @param  array $argumentList
+     * @return array
+     */
+    protected function normalizeParams($options, $flagList, $argumentList)
+    {
+        $params = [
+            'mode' => 'remote',
+            'skipConfirmation' => false,
+            'singleProcess' => false,
+        ];
+
+        if (!empty($options['file'])) {
+            $params['mode'] = 'local';
+            $params['file'] = $options['file'];
+        }
+
+        if (in_array('y', $flagList)) {
+            $params['skipConfirmation'] = true;
+        }
+
+        if (in_array('s', $flagList)) {
+            $params['singleProcess'] = true;
+        }
+
+        if (!empty($options['step'])) {
+            $params['step'] = $options['step'];
+        }
+
+        return $params;
+    }
+
+    protected function runLocalUpgrade(array $params)
+    {
+        if (empty($params['file']) || !file_exists($params['file'])) {
+            echo "Upgrade package is not found.\n";
+            return;
+        }
+
+        $packageFile = $params['file'];
+        $fromVersion = $this->getConfig()->get('version');
+
+        fwrite(\STDOUT, "Current version is {$fromVersion}.\n");
+
+        $upgradeId = $this->upload($packageFile);
+        $manifest = $this->getUpgradeManager()->getManifestById($upgradeId);
+        $nextVersion = $manifest['version'];
+
+        if (!$params['skipConfirmation']) {
+            fwrite(\STDOUT, "EspoCRM will be upgraded to version {$nextVersion} now. Enter [Y] to continue.\n");
+
+            if (!$this->confirm()) {
+                echo "Upgrade canceled.\n";
+                return;
+            }
+        }
+
+        fwrite(\STDOUT, "Upgrading... This may take a while...");
+
+        try {
+            $this->runUpgradeProcess($upgradeId, $params);
+        } catch (\Exception $e) {
+            fwrite(\STDOUT, "\n");
+            fwrite(\STDOUT, $e->getMessage() . "\n");
+            return;
+        }
+
+        fwrite(\STDOUT, "\n");
+
+        $app = new \Espo\Core\Application();
+        $currentVerison = $app->getContainer()->get('config')->get('version');
+
+        fwrite(\STDOUT, "Upgrade is complete. Current version is {$currentVerison}.\n");
+
+        $infoData = $this->getVersionInfo();
+        $lastVersion = $infoData->lastVersion ?? null;
+
+        if ($lastVersion && $lastVersion !== $currentVerison && $fromVersion !== $currentVerison) {
+            fwrite(\STDOUT, "Newer version is available.\n");
+            return;
+        }
+
+        if ($lastVersion && $lastVersion === $currentVerison) {
+            fwrite(\STDOUT, "You have the latest version.\n");
+            return;
+        }
+    }
+
+    protected function runRemoteUpgrade(array $params)
     {
         $infoData = $this->getVersionInfo();
         if (!$infoData) return;
@@ -48,11 +176,13 @@ class Upgrade extends Base
             return;
         }
 
-        fwrite(\STDOUT, "EspoCRM will be upgraded to version {$nextVersion} now. Enter [Y] to continue.\n");
+        if (!$params['skipConfirmation']) {
+            fwrite(\STDOUT, "EspoCRM will be upgraded to version {$nextVersion} now. Enter [Y] to continue.\n");
 
-        if (!$this->confirm()) {
-            echo "Upgrade canceled.\n";
-            return;
+            if (!$this->confirm()) {
+                echo "Upgrade canceled.\n";
+                return;
+            }
         }
 
         fwrite(\STDOUT, "Downloading...");
@@ -64,13 +194,22 @@ class Upgrade extends Base
 
         fwrite(\STDOUT, "Upgrading... This may take a while...");
 
-        $this->upgrade($upgradePackageFilePath);
+        $upgradeId = $this->upload($upgradePackageFilePath);
+
+        try {
+            $this->runUpgradeProcess($upgradeId, $params);
+        } catch (\Exception $e) {
+            $error = $e->getMessage();
+        }
+
+        $this->getFileManager()->unlink($upgradePackageFilePath);
 
         fwrite(\STDOUT, "\n");
 
-        fwrite(\STDOUT, $resultText);
-
-        $this->getFileManager()->unlink($upgradePackageFilePath);
+        if (!empty($error)) {
+            echo $error;
+            return;
+        }
 
         $app = new \Espo\Core\Application();
         $currentVerison = $app->getContainer()->get('config')->get('version');
@@ -88,22 +227,66 @@ class Upgrade extends Base
         }
     }
 
-    protected function upgrade($filePath)
+    protected function upload($filePath)
     {
-        $app = new \Espo\Core\Application();
-        $app->setupSystemUser();
-
-        $upgradeManager = new \Espo\Core\UpgradeManager($app->getContainer());
-
         try {
             $fileData = file_get_contents($filePath);
             $fileData = 'data:application/zip;base64,' . base64_encode($fileData);
-
-            $upgradeId = $upgradeManager->upload($fileData);
-            $upgradeManager->install(['id' => $upgradeId]);
+            $upgradeId = $this->getUpgradeManager()->upload($fileData);
         } catch (\Exception $e) {
             die("Error: " . $e->getMessage() . "\n");
         }
+
+        return $upgradeId;
+    }
+
+    protected function runUpgradeProcess($upgradeId, array $params = [])
+    {
+        $useSingleProcess = array_key_exists('singleProcess', $params) ? $params['singleProcess'] : false;
+
+        $stepList = !empty($params['step']) ? [$params['step']] : $this->upgradeStepList;
+        array_unshift($stepList, 'init');
+        array_push($stepList, 'finalize');
+
+        if (!$useSingleProcess && $this->isShellEnabled()) {
+            return $this->runSteps($upgradeId, $stepList);
+        }
+
+        return $this->runStepsInSingleProcess($upgradeId, $stepList);
+    }
+
+    protected function runStepsInSingleProcess($upgradeId, array $stepList)
+    {
+        $GLOBALS['log']->debug('Installation process ['.$upgradeId.']: Single process mode.');
+
+        try {
+            foreach ($stepList as $stepName) {
+                $upgradeManager = $this->getUpgradeManager(true);
+                $upgradeManager->runInstallStep($stepName, ['id' => $upgradeId]);
+            }
+        } catch (\Exception $e) {
+            $GLOBALS['log']->error('Upgrade Error: ' . $e->getMessage());
+            throw new Error($e->getMessage());
+        }
+
+        return true;
+    }
+
+    protected function runSteps($upgradeId, array $stepList)
+    {
+        $phpExecutablePath = $this->getPhpExecutablePath();
+
+        foreach ($stepList as $stepName) {
+            $command = $phpExecutablePath . " command.php upgrade-step --step=". ucfirst($stepName) ." --id=". $upgradeId;
+
+            $shellResult = shell_exec($command);
+            if ($shellResult !== 'true') {
+                $GLOBALS['log']->error('Upgrade Error: ' . $shellResult);
+                throw new Error($shellResult);
+            }
+        }
+
+        return true;
     }
 
     protected function confirm()
@@ -127,6 +310,29 @@ class Upgrade extends Base
         return $this->getContainer()->get('fileManager');
     }
 
+    protected function getUpgradeManager($reload = false)
+    {
+        if (!$this->upgradeManager || $reload) {
+            $app = new \Espo\Core\Application();
+            $app->setupSystemUser();
+
+            $this->upgradeManager = new \Espo\Core\UpgradeManager($app->getContainer());
+        }
+
+        return $this->upgradeManager;
+    }
+
+    protected function getPhpExecutablePath()
+    {
+        $phpExecutablePath = $this->getConfig()->get('phpExecutablePath');
+
+        if (!$phpExecutablePath) {
+            $phpExecutablePath = (new \Symfony\Component\Process\PhpExecutableFinder)->find();
+        }
+
+        return $phpExecutablePath;
+    }
+
     protected function getVersionInfo()
     {
         $url = 'https://s.espocrm.com/upgrade/next/';
@@ -183,4 +389,18 @@ class Upgrade extends Base
 
         return realpath($localFilePath);
     }
+
+    protected function isShellEnabled()
+    {
+        if (!function_exists('exec') || !is_callable('shell_exec')) {
+            return false;
+        }
+
+        $result = shell_exec("echo test");
+        if (empty($result)) {
+            return false;
+        }
+
+        return true;
+    }
 }

application/Espo/Core/Console/Commands/UpgradeStep.php

@@ -0,0 +1,71 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Console\Commands;
+
+class UpgradeStep extends Base
+{
+    public function run($options, $flagList, $argumentList)
+    {
+        if (empty($options['step'])) {
+            echo "Step is not specified.\n";
+            return;
+        }
+
+        if (empty($options['id'])) {
+            echo "Upgrade ID is not specified.\n";
+            return;
+        }
+
+        $stepName = $options['step'];
+        $upgradeId = $options['id'];
+
+        return $this->runUpgradeStep($stepName, ['id' => $upgradeId]);
+    }
+
+    protected function runUpgradeStep($stepName, array $params)
+    {
+        $app = new \Espo\Core\Application();
+        $app->setupSystemUser();
+
+        $upgradeManager = new \Espo\Core\UpgradeManager($app->getContainer());
+
+        try {
+            $result = $upgradeManager->runInstallStep($stepName, $params); // throw Exception on error
+        } catch (\Exception $e) {
+            die("Error: " . $e->getMessage() . "\n");
+        }
+
+        if (is_bool($result)) {
+            $result = $result ? "true" : "false";
+        }
+
+        return $result;
+    }
+}

application/Espo/Core/Container.php

@@ -291,7 +291,7 @@ class Container
             'en_US',
             $this->get('fileManager'),
             $this->get('metadata'),
-            $this->get('useCache')
+            $this->get('config')->get('useCache')
         );
     }
 
@@ -301,7 +301,7 @@ class Container
             \Espo\Core\Utils\Language::detectLanguage($this->get('config')),
             $this->get('fileManager'),
             $this->get('metadata'),
-            $this->get('useCache')
+            $this->get('config')->get('useCache')
         );
     }
 

application/Espo/Core/Controllers/Record.php

@@ -536,4 +536,50 @@ class Record extends Base
 
         return $this->getRecordService()->restoreDeleted($id);
     }
+
+    public function postActionMassConvertCurrency($params, $data, $request)
+    {
+        if (!$this->getAcl()->checkScope($this->name, 'edit')) throw new Forbidden();
+        if ($this->getAcl()->get('massUpdatePermission') !== 'yes') throw new Forbidden();
+
+        $fieldList = $data->fieldList ?? null;
+        if (!empty($data->field)) {
+            if (!is_array($fieldList)) $fieldList = [];
+            $fieldList[] = $data->field;
+        }
+
+        $params = [];
+        if (property_exists($data, 'where') && !empty($data->byWhere)) {
+            $params['where'] = json_decode(json_encode($data->where), true);
+            if (property_exists($data, 'selectData')) {
+                $params['selectData'] = json_decode(json_encode($data->selectData), true);
+            }
+        } else if (property_exists($data, 'ids')) {
+            $params['ids'] = $data->ids;
+        }
+
+        if (empty($data->currencyRates)) throw new BadRequest();
+        if (empty($data->targetCurrency)) throw new BadRequest();
+        if (empty($data->baseCurrency)) throw new BadRequest();
+
+        return $this->getRecordService()->massConvertCurrency($params, $data->targetCurrency, $data->baseCurrency, $data->currencyRates, $fieldList);
+    }
+
+    public function postActionConvertCurrency($params, $data, $request)
+    {
+        if (!$this->getAcl()->checkScope($this->name, 'edit')) throw new Forbidden();
+
+        $fieldList = $data->fieldList ?? null;
+        if (!empty($data->field)) {
+            if (!is_array($fieldList)) $fieldList = [];
+            $fieldList[] = $data->field;
+        }
+
+        if (empty($data->id)) throw new BadRequest();
+        if (empty($data->currencyRates)) throw new BadRequest();
+        if (empty($data->targetCurrency)) throw new BadRequest();
+        if (empty($data->baseCurrency)) throw new BadRequest();
+
+        return $this->getRecordService()->convertCurrency($data->id, $data->targetCurrency, $data->baseCurrency, $data->currencyRates, $fieldList);
+    }
 }

application/Espo/Core/Exceptions/ConflictSilent.php

@@ -0,0 +1,35 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Exceptions;
+
+class ConflictSilent extends Conflict
+{
+    public $logLevel = 'notice';
+}

application/Espo/Core/FieldValidators/ChecklistType.php

@@ -0,0 +1,35 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\FieldValidators;
+
+class ChecklistType extends ArrayType
+{
+
+}

application/Espo/Core/Formula/Functions/EntityGroup/AddLinkMultipleIdType.php

@@ -65,7 +65,7 @@ class AddLinkMultipleIdType extends \Espo\Core\Formula\Functions\Base
             }
         } else {
             if (!is_string($id)) {
-                throw new Error();
+                return;
             }
             $this->getEntity()->addLinkMultipleId($link, $id);
         }

application/Espo/Core/Formula/Functions/EntityGroup/SumRelatedType.php

@@ -97,7 +97,21 @@ class SumRelatedType extends \Espo\Core\Formula\Functions\Base
 
         $selectParams['select'] = [[$foreignLink . '.id', 'foreignId'], 'SUM:' . $field];
 
-        $foreignSelectManager->addJoin($foreignLink, $selectParams);
+        if ($entity->getRelationType($link) === 'hasChildren') {
+            $foreignSelectManager->addJoin([
+                $entity->getEntityType(),
+                $foreignLink,
+                [
+                     $foreignLink . '.id:' => $foreignLink . 'Id',
+                    'deleted' => false,
+                    $foreignLink . '.id!=' => null,
+                ]
+            ], $selectParams);
+            $selectParams['whereClause'][] = [$foreignLink . 'Type'  => $entity->getEntityType()];
+
+        } else {
+            $foreignSelectManager->addJoin($foreignLink, $selectParams);
+        }
 
         $selectParams['groupBy'] = [$foreignLink . '.id'];
 

application/Espo/Core/Formula/Functions/PasswordGroup/GenerateType.php

@@ -0,0 +1,54 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\PasswordGroup;
+
+use \Espo\ORM\Entity;
+use \Espo\Core\Exceptions\Error;
+
+class GenerateType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('config');
+    }
+
+    public function process(\StdClass $item)
+    {
+        $config = $this->getInjection('config');
+
+        $length = $config->get('passwordGenerateLength', 10);
+        $letterCount = $config->get('passwordGenerateLetterCount', 4);
+        $numberCount = $config->get('passwordGenerateNumberCount', 2);
+
+        $password = \Espo\Core\Utils\Util::generatePassword($length, $letterCount, $numberCount, true);
+
+        return $password;
+    }
+}

application/Espo/Core/Formula/Functions/PasswordGroup/HashType.php

@@ -0,0 +1,60 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\PasswordGroup;
+
+use \Espo\ORM\Entity;
+use \Espo\Core\Exceptions\Error;
+
+class HashType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('config');
+    }
+
+    public function process(\StdClass $item)
+    {
+        $args = $item->value ?? [];
+
+        if (!is_array($args)) throw new Error();
+        if (count($args) < 1)
+             throw new Error("Formula: password\\hash: no argument.");
+
+        $password = $this->evaluate($args[0]);
+
+        if (!is_string($password))
+             throw new Error("Formula: password\\hash: bad argument.");
+
+        $passwordHash = new \Espo\Core\Utils\PasswordHash($this->getInjection('config'));
+        $hash = $passwordHash->hash($password);
+
+        return $hash;
+    }
+}

application/Espo/Core/Formula/Functions/RecordGroup/AttributeType.php

@@ -0,0 +1,69 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\RecordGroup;
+
+use Espo\Core\Exceptions\Error;
+
+class AttributeType extends \Espo\Core\Formula\Functions\AttributeType
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+    }
+
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            throw new Error();
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 3) {
+            throw new Error();
+        }
+
+        $entityType = $this->evaluate($item->value[0]);
+        $id = $this->evaluate($item->value[1]);
+        $attribute = $this->evaluate($item->value[2]);
+
+        if (!$entityType) throw new Error("Formula record\\attribute: Empty entityType.");
+        if (!$id) return null;
+        if (!$attribute) throw new Error("Formula record\\attribute: Empty attribute.");
+
+        $entity = $this->getInjection('entityManager')->getEntity($entityType, $id);
+
+        if (!$entity) return null;
+
+        return $this->attributeFetcher->fetch($entity, $attribute);
+    }
+}

application/Espo/Core/Formula/Functions/RecordGroup/CountType.php

@@ -64,8 +64,13 @@ class CountType extends \Espo\Core\Formula\Functions\Base
 
             $selectManager = $this->getInjection('selectManagerFactory')->create($entityType);
             $selectParams = $selectManager->getEmptySelectParams();
+
             if ($filter) {
-                $selectManager->applyFilter($filter, $selectParams);
+                if (is_string($filter)) {
+                    $selectManager->applyFilter($filter, $selectParams);
+                } else {
+                    throw new Error("Formula record\\count: Bad filter.");
+                }
             }
 
             return $this->getInjection('entityManager')->getRepository($entityType)->count($selectParams);

application/Espo/Core/Formula/Functions/RecordGroup/FindOneType.php

@@ -0,0 +1,94 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\RecordGroup;
+
+use Espo\Core\Exceptions\Error;
+
+class FindOneType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+        $this->addDependency('selectManagerFactory');
+    }
+
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            throw new Error();
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 3) {
+            throw new Error();
+        }
+
+        $entityType = $this->evaluate($item->value[0]);
+        $orderBy = $this->evaluate($item->value[1]);
+        $order = $this->evaluate($item->value[2]) ?? 'asc';
+
+        $selectManager = $this->getInjection('selectManagerFactory')->create($entityType);
+        $selectParams = $selectManager->getEmptySelectParams();
+
+        if (count($item->value) <= 4) {
+            $filter = null;
+            if (count($item->value) == 4) {
+                $filter = $this->evaluate($item->value[3]);
+            }
+            if ($filter) {
+                if (!is_string($filter)) throw new Error("Formula record\\findOne: Bad filter.");
+                $selectManager->applyFilter($filter, $selectParams);
+            }
+        } else {
+            $whereClause = [];
+            $i = 3;
+            while ($i < count($item->value) - 1) {
+                $key = $this->evaluate($item->value[$i]);
+                $value = $this->evaluate($item->value[$i + 1]);
+                $whereClause[] = [$key => $value];
+                $i = $i + 2;
+            }
+            $selectParams['whereClause'] = $whereClause;
+        }
+
+        if ($orderBy) {
+            $selectManager->applyOrder($orderBy, $order, $selectParams);
+        }
+
+        $e = $this->getInjection('entityManager')->getRepository($entityType)->select(['id'])->findOne($selectParams);
+
+        if ($e) return $e->id;
+
+        return null;
+    }
+}

application/Espo/Core/Formula/Functions/RecordGroup/FindRelatedOneType.php

@@ -0,0 +1,121 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Formula\Functions\RecordGroup;
+
+use Espo\Core\Exceptions\Error;
+
+class FindRelatedOneType extends \Espo\Core\Formula\Functions\Base
+{
+    protected function init()
+    {
+        $this->addDependency('entityManager');
+        $this->addDependency('selectManagerFactory');
+    }
+
+    public function process(\StdClass $item)
+    {
+        if (!property_exists($item, 'value')) {
+            throw new Error();
+        }
+
+        if (!is_array($item->value)) {
+            throw new Error();
+        }
+
+        if (count($item->value) < 5) {
+            throw new Error();
+        }
+
+        $entityManager = $this->getInjection('entityManager');
+
+        $entityType = $this->evaluate($item->value[0]);
+        $id = $this->evaluate($item->value[1]);
+        $link = $this->evaluate($item->value[2]);
+        $orderBy = $this->evaluate($item->value[3]);
+        $order = $this->evaluate($item->value[4]) ?? 'asc';
+
+        if (!$entityType) throw new Error("Formula record\\findRelatedOne: Empty entityType.");
+        if (!$id) return null;
+        if (!$link) throw new Error("Formula record\\findRelatedOne: Empty link.");
+
+        $entity = $entityManager->getEntity($entityType, $id);
+
+        if (!$entity) return null;
+
+        $relationType = $entity->getRelationParam($link, 'type');
+
+        $foreignEntityType = $entity->getRelationParam($link, 'entity');
+        if (!$foreignEntityType) throw new Error("Formula record\\findRelatedOne: Bad or not supported link '{$link}'.");
+
+        $foreignLink = $entity->getRelationParam($link, 'foreign');
+        if (!$foreignLink) throw new Error("Formula record\\findRelatedOne: Not supported link '{$link}'.");
+
+        $selectManager = $this->getInjection('selectManagerFactory')->create($foreignEntityType);
+        $selectParams = $selectManager->getEmptySelectParams();
+
+
+        if ($relationType === 'hasChildren') {
+            $selectParams['whereClause'][] = [$foreignLink . 'Id' => $entity->id];
+            $selectParams['whereClause'][] = [$foreignLink . 'Type' => $entity->getEntityType()];
+        } else {
+            $selectManager->addJoin($foreignLink, $selectParams);
+            $selectParams['whereClause'][] = [$foreignLink . '.id' => $entity->id];
+        }
+
+        if (count($item->value) <= 6) {
+            $filter = null;
+            if (count($item->value) == 6) {
+                $filter = $this->evaluate($item->value[3]);
+            }
+            if ($filter) {
+                if (!is_string($filter)) throw new Error("Formula record\\findRelatedOne: Bad filter.");
+                $selectManager->applyFilter($filter, $selectParams);
+            }
+        } else {
+            $i = 5;
+            while ($i < count($item->value) - 1) {
+                $key = $this->evaluate($item->value[$i]);
+                $value = $this->evaluate($item->value[$i + 1]);
+                $selectParams['whereClause'][] = [$key => $value];
+                $i = $i + 2;
+            }
+        }
+
+        if ($orderBy) {
+            $selectManager->applyOrder($orderBy, $order, $selectParams);
+        }
+
+        $e = $entityManager->getRepository($foreignEntityType)->select(['id'])->findOne($selectParams);
+
+        if ($e) return $e->id;
+
+        return null;
+    }
+}

application/Espo/Core/Loaders/Hasher.php

@@ -0,0 +1,40 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Loaders;
+
+class Hasher extends Base
+{
+    public function load()
+    {
+        return new \Espo\Core\Utils\Hasher(
+            $this->getContainer()->get('config')
+        );
+    }
+}

application/Espo/Core/Loaders/Totp.php

@@ -0,0 +1,40 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Loaders;
+
+class Totp extends Base
+{
+    public function load()
+    {
+        return new \Espo\Core\Utils\Authentication\TwoFA\Utils\Totp(
+            $this->getContainer()->get('config')
+        );
+    }
+}

application/Espo/Core/Loaders/WebhookManager.php

@@ -0,0 +1,43 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Loaders;
+
+class WebhookManager extends Base
+{
+    public function load()
+    {
+        return new \Espo\Core\Webhook\Manager(
+            $this->getContainer()->get('config'),
+            $this->getContainer()->get('fileManager'),
+            $this->getContainer()->get('entityManager'),
+            $this->getContainer()->get('fieldManagerUtil')
+        );
+    }
+}

application/Espo/Core/Mail/Sender.php

@@ -107,7 +107,12 @@ class Sender
 
         if ($params['auth']) {
             if (!empty($params['smtpAuthMechanism'])) {
-                $options['connectionClass'] = $params['smtpAuthMechanism'];
+                $smtpAuthMechanism = preg_replace("([\.]{2,})", '', $params['smtpAuthMechanism']);
+                if (in_array($smtpAuthMechanism, ['login', 'crammd5', 'plain'])) {
+                    $options['connectionClass'] = $smtpAuthMechanism;
+                } else {
+                    $options['connectionClass'] = 'login';
+                }
             } else {
                 $options['connectionClass'] = 'login';
             }
@@ -172,7 +177,7 @@ class Sender
         return $this;
     }
 
-    public function send(Email $email, $params = [], &$message = null, $attachmentList = [])
+    public function send(Email $email, $params = [], $message = null, $attachmentList = [])
     {
         if (!$message) {
             $message = new Message();
@@ -388,6 +393,9 @@ class Sender
             if (empty($messageId) || !is_string($messageId) || strlen($messageId) < 4 || strpos($messageId, 'dummy:') === 0) {
                 $messageId = $this->generateMessageId($email);
                 $email->set('messageId', '<' . $messageId . '>');
+                if ($email->id) {
+                    $this->getEntityManager()->saveEntity($email, ['silent' => true]);
+                }
             } else {
                 $messageId = substr($messageId, 1, strlen($messageId) - 2);
             }
@@ -401,6 +409,7 @@ class Sender
             $email->set('status', 'Sent');
             $email->set('dateSent', date("Y-m-d H:i:s"));
         } catch (\Exception $e) {
+            $this->useGlobal();
             throw new Error($e->getMessage(), 500);
         }
 

application/Espo/Core/NotificatorFactory.php

@@ -53,6 +53,9 @@ class NotificatorFactory extends InjectableFactory
             }
         }
 
-        return $this->createByClassName($className);
+        $obj = $this->createByClassName($className);
+        $obj->setEntityType($entityType);
+
+        return $obj;
     }
 }

application/Espo/Core/Notificators/Base.php

@@ -42,6 +42,10 @@ class Base implements Injectable
 
     protected $injections = [];
 
+    private $userIdEnabledMap = [];
+
+    protected $entityType;
+
     public static $order = 9;
 
     public function __construct()
@@ -65,6 +69,11 @@ class Base implements Injectable
         $this->dependencyList[] = $name;
     }
 
+    public function setEntityType(string $entityType)
+    {
+        $this->entityType = $entityType;
+    }
+
     public function getDependencyList()
     {
         return $this->dependencyList;
@@ -113,6 +122,8 @@ class Base implements Injectable
 
     protected function processForUser(Entity $entity, $assignedUserId)
     {
+        if (!$this->isNotificationsEnabledForUser($assignedUserId)) return;
+
         if ($entity->hasAttribute('createdById') && $entity->hasAttribute('modifiedById')) {
             if ($entity->isNew()) {
                 $isNotSelfAssignment = $assignedUserId !== $entity->get('createdById');
@@ -125,18 +136,36 @@ class Base implements Injectable
         if (!$isNotSelfAssignment) return;
 
         $notification = $this->getEntityManager()->getEntity('Notification');
-        $notification->set(array(
+        $notification->set([
             'type' => 'Assign',
             'userId' => $assignedUserId,
-            'data' => array(
+            'data' => [
                 'entityType' => $entity->getEntityType(),
                 'entityId' => $entity->id,
                 'entityName' => $entity->get('name'),
                 'isNew' => $entity->isNew(),
                 'userId' => $this->getUser()->id,
-                'userName' => $this->getUser()->get('name')
-            )
-        ));
+                'userName' => $this->getUser()->get('name'),
+            ]
+        ]);
         $this->getEntityManager()->saveEntity($notification);
     }
+
+    protected function isNotificationsEnabledForUser(string $userId)
+    {
+        if (!array_key_exists($userId, $this->userIdEnabledMap)) {
+            $preferences = $this->getEntityManager()->getEntity('Preferences', $userId);
+            $isEnabled = false;
+            if ($preferences) {
+                $isEnabled = true;
+                $ignoreList = $preferences->get('assignmentNotificationsIgnoreEntityTypeList') ?? [];
+                if (in_array($this->entityType, $ignoreList)) {
+                    $isEnabled = false;
+                }
+            }
+            $this->userIdEnabledMap[$userId] = $isEnabled;
+        }
+
+        return $this->userIdEnabledMap[$userId];
+    }
 }

application/Espo/Core/ORM/Repositories/RDB.php

@@ -197,10 +197,10 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
     protected function afterMassRelate(Entity $entity, $relationName, array $params = [], array $options = [])
     {
         if (!$this->hooksDisabled && empty($options['skipHooks'])) {
-            $hookData = array(
+            $hookData = [
                 'relationName' => $relationName,
-                'relationParams' => $params
-            );
+                'relationParams' => $params,
+            ];
             $this->getEntityManager()->getHookManager()->process($this->entityType, 'afterMassRelate', $entity, $options, $hookData);
         }
     }
@@ -215,14 +215,24 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
     {
         parent::afterRelate($entity, $relationName, $foreign, $data, $options);
 
-        if ($foreign instanceof Entity) {
-            $foreignEntity = $foreign;
-            if (!$this->hooksDisabled && empty($options['skipHooks'])) {
-                $hookData = array(
+        if (!$this->hooksDisabled && empty($options['skipHooks'])) {
+            if (is_string($foreign)) {
+                $foreignId = $foreign;
+                $foreignEntityType = $entity->getRelationParam($relationName, 'entity');
+                if ($foreignEntityType) {
+                    $foreign = $this->getEntityManager()->getEntity($foreignEntityType);
+                    $foreign->id = $foreignId;
+                    $foreign->setAsFetched();
+                }
+            }
+
+            if ($foreign instanceof Entity) {
+                $hookData = [
                     'relationName' => $relationName,
                     'relationData' => $data,
-                    'foreignEntity' => $foreignEntity
-                );
+                    'foreignEntity' => $foreign,
+                    'foreignId' => $foreign->id,
+                ];
                 $this->getEntityManager()->getHookManager()->process($this->entityType, 'afterRelate', $entity, $options, $hookData);
             }
         }
@@ -232,13 +242,23 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
     {
         parent::afterUnrelate($entity, $relationName, $foreign, $options);
 
-        if ($foreign instanceof Entity) {
-            $foreignEntity = $foreign;
-            if (!$this->hooksDisabled && empty($options['skipHooks'])) {
-                $hookData = array(
+        if (!$this->hooksDisabled && empty($options['skipHooks'])) {
+            if (is_string($foreign)) {
+                $foreignId = $foreign;
+                $foreignEntityType = $entity->getRelationParam($relationName, 'entity');
+                if ($foreignEntityType) {
+                    $foreign = $this->getEntityManager()->getEntity($foreignEntityType);
+                    $foreign->id = $foreignId;
+                    $foreign->setAsFetched();
+                }
+            }
+
+            if ($foreign instanceof Entity) {
+                $hookData = [
                     'relationName' => $relationName,
-                    'foreignEntity' => $foreignEntity
-                );
+                    'foreignEntity' => $foreign,
+                    'foreignId' => $foreign->id,
+                ];
                 $this->getEntityManager()->getHookManager()->process($this->entityType, 'afterUnrelate', $entity, $options, $hookData);
             }
         }
@@ -301,7 +321,9 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
                     $entity->set('modifiedAt', $nowString);
                 }
                 if ($entity->hasAttribute('createdById')) {
-                    if (empty($options['skipCreatedBy']) && (empty($options['import']) || !$entity->has('createdById'))) {
+                    if (!empty($options['createdById'])) {
+                        $entity->set('createdById', $options['createdById']);
+                    } else if (empty($options['skipCreatedBy']) && (empty($options['import']) || !$entity->has('createdById'))) {
                         if ($this->getEntityManager()->getUser()) {
                             $entity->set('createdById', $this->getEntityManager()->getUser()->id);
                         }
@@ -313,7 +335,9 @@ class RDB extends \Espo\ORM\Repositories\RDB implements Injectable
                         $entity->set('modifiedAt', $nowString);
                     }
                     if ($entity->hasAttribute('modifiedById')) {
-                        if ($this->getEntityManager()->getUser()) {
+                        if (!empty($options['modifiedById'])) {
+                            $entity->set('modifiedById', $options['modifiedById']);
+                        } else if ($this->getEntityManager()->getUser()) {
                             $entity->set('modifiedById', $this->getEntityManager()->getUser()->id);
                             $entity->set('modifiedByName', $this->getEntityManager()->getUser()->get('name'));
                         }

application/Espo/Core/Portal/Container.php

@@ -94,7 +94,7 @@ class Container extends \Espo\Core\Container
             \Espo\Core\Utils\Language::detectLanguage($this->get('config'), $this->get('preferences')),
             $this->get('fileManager'),
             $this->get('metadata'),
-            $this->get('useCache')
+            $this->get('config')->get('useCache')
         );
         $language->setPortal($this->get('portal'));
         return $language;

application/Espo/Core/Portal/Utils/Layout.php

@@ -34,8 +34,11 @@ use \Espo\Core\Utils\Json;
 
 class Layout extends \Espo\Core\Utils\Layout
 {
-    public function get($scope, $name)
+    public function get(string $scope, string $name) : ?string
     {
+        $originalScope = $scope;
+        $originalName = $name;
+
         $scope = $this->sanitizeInput($scope);
         $name = $this->sanitizeInput($name);
 
@@ -43,87 +46,16 @@ class Layout extends \Espo\Core\Utils\Layout
             return Json::encode($this->changedData[$scope][$name]);
         }
 
-        $fileFullPath = Util::concatPath($this->getLayoutPath($scope, true), 'portal/' . $name . '.json');
+        $filePath = Util::concatPath($this->getLayoutPath($scope, true), 'portal/' . $name . '.json');
 
-        if (!file_exists($fileFullPath)) {
-            $fileFullPath = Util::concatPath($this->getLayoutPath($scope), 'portal/' . $name . '.json');
-        }
-        if (!file_exists($fileFullPath)) {
-            $fileFullPath = Util::concatPath($this->getLayoutPath($scope, true), $name . '.json');
-        }
-        if (!file_exists($fileFullPath)) {
-            $fileFullPath = Util::concatPath($this->getLayoutPath($scope), $name . '.json');
+        if (!file_exists($filePath)) {
+            $filePath = Util::concatPath($this->getLayoutPath($scope), 'portal/' . $name . '.json');
         }
 
-
-        if (!file_exists($fileFullPath)) {
-            $defaultPath = $this->params['defaultsPath'];
-            $fileFullPath = Util::concatPath(Util::concatPath($defaultPath, 'layouts'), $name . '.json' );
-
-            if (!file_exists($fileFullPath)) {
-                return false;
-            }
+        if (file_exists($filePath)) {
+            return $this->getFileManager()->getContents($filePath);
         }
 
-        return $this->getFileManager()->getContents($fileFullPath);
+        return parent::get($originalScope, $originalName);
     }
-
-
-    public function set($data, $scope, $name)
-    {
-        $scope = $this->sanitizeInput($scope);
-        $name = $this->sanitizeInput($name);
-
-        if (empty($scope) || empty($name)) {
-            return false;
-        }
-
-        $this->changedData[$scope][$name] = $data;
-    }
-
-    public function resetToDefault($scope, $name)
-    {
-        $scope = $this->sanitizeInput($scope);
-        $name = $this->sanitizeInput($name);
-
-        $filePath = 'custom/Espo/Custom/Resources/layouts/' . $scope . '/' . $name . '.json';
-        if ($this->getFileManager()->isFile($filePath)) {
-            $this->getFileManager()->removeFile($filePath);
-        }
-        if (!empty($this->changedData[$scope]) && !empty($this->changedData[$scope][$name])) {
-            unset($this->changedData[$scope][$name]);
-        }
-        return $this->get($scope, $name);
-    }
-
-    /**
-     * Save changes
-     *
-     * @return bool
-     */
-    public function save()
-    {
-        $result = true;
-
-        if (!empty($this->changedData)) {
-            foreach ($this->changedData as $scope => $rowData) {
-                foreach ($rowData as $layoutName => $layoutData) {
-                    if (empty($scope) || empty($layoutName)) {
-                        continue;
-                    }
-                    $layoutPath = $this->getLayoutPath($scope, true);
-                    $data = Json::encode($layoutData, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
-
-                    $result &= $this->getFileManager()->putContents(array($layoutPath, $layoutName.'.json'), $data);
-                }
-            }
-        }
-
-        if ($result == true) {
-            $this->clearChanges();
-        }
-
-        return (bool) $result;
-    }
-
 }

application/Espo/Core/SelectManagers/Base.php

@@ -70,6 +70,8 @@ class Base
 
     protected $selectAttributesDependancyMap = [];
 
+    protected $fullTextSearchForceOrderOnlyByRelevance = false;
+
     const MIN_LENGTH_FOR_CONTENT_SEARCH = 4;
 
     const MIN_LENGTH_FOR_FULL_TEXT_SEARCH = 4;
@@ -216,16 +218,15 @@ class Base
     {
         $this->prepareResult($result);
 
+        $boolFilterList = [];
+
         foreach ($where as $item) {
             if (!isset($item['type'])) continue;
 
             if ($item['type'] == 'bool' && !empty($item['value']) && is_array($item['value'])) {
+                $boolOr = [];
                 foreach ($item['value'] as $filter) {
-                    $p = $this->getBoolFilterWhere($filter);
-                    if (!empty($p)) {
-                        $where[] = $p;
-                    }
-                    $this->applyBoolFilter($filter, $result);
+                    $boolFilterList[] = $filter;
                 }
             } else if ($item['type'] == 'textFilter') {
                 if (isset($item['value']) || $item['value'] !== '') {
@@ -236,6 +237,10 @@ class Base
             }
         }
 
+        if (count($boolFilterList)) {
+            $this->applyBoolFilterList($boolFilterList, $result);
+        }
+
         $whereClause = $this->convertWhere($where, false, $result);
 
         $result['whereClause'] = array_merge($result['whereClause'], $whereClause);
@@ -552,16 +557,16 @@ class Base
             return;
         }
 
-        $d = [
+        $or = [
             'teamsAccess.id' => $this->getUser()->getLinkMultipleIdList('teams')
         ];
         if ($this->hasAssignedUserField()) {
-            $d['assignedUserId'] = $this->getUser()->id;
+            $or['assignedUserId'] = $this->getUser()->id;
         } else if ($this->hasCreatedByField()) {
-            $d['createdById'] = $this->getUser()->id;
+            $or['createdById'] = $this->getUser()->id;
         }
         $result['whereClause'][] = [
-            'OR' => $d
+            'OR' => $or
         ];
     }
 
@@ -580,38 +585,42 @@ class Base
 
     protected function accessPortalOnlyContact(&$result)
     {
-        $d = [];
+        $or = [];
 
         $contactId = $this->getUser()->get('contactId');
 
         if ($contactId) {
-            if ($this->getSeed()->hasAttribute('contactId')) {
-                $d['contactId'] = $contactId;
+            if (
+                $this->getSeed()->hasAttribute('contactId') && $this->getSeed()->getRelationParam('contact', 'entity') === 'Contact'
+            ) {
+                $or['contactId'] = $contactId;
             }
-            if ($this->getSeed()->hasRelation('contacts')) {
+            if (
+                $this->getSeed()->hasRelation('contacts') && $this->getSeed()->getRelationParam('contacts', 'entity') === 'Contact'
+            ) {
                 $this->addLeftJoin(['contacts', 'contactsAccess'], $result);
                 $this->setDistinct(true, $result);
-                $d['contactsAccess.id'] = $contactId;
+                $or['contactsAccess.id'] = $contactId;
             }
         }
 
         if ($this->getSeed()->hasAttribute('createdById')) {
-            $d['createdById'] = $this->getUser()->id;
+            $or['createdById'] = $this->getUser()->id;
         }
 
         if ($this->getSeed()->hasAttribute('parentId') && $this->getSeed()->hasRelation('parent')) {
             $contactId = $this->getUser()->get('contactId');
             if ($contactId) {
-                $d[] = [
+                $or[] = [
                     'parentType' => 'Contact',
                     'parentId' => $contactId
                 ];
             }
         }
 
-        if (!empty($d)) {
+        if (!empty($or)) {
             $result['whereClause'][] = [
-                'OR' => $d
+                'OR' => $or
             ];
         } else {
             $result['whereClause'][] = [
@@ -622,27 +631,31 @@ class Base
 
     protected function accessPortalOnlyAccount(&$result)
     {
-        $d = [];
+        $or = [];
 
         $accountIdList = $this->getUser()->getLinkMultipleIdList('accounts');
         $contactId = $this->getUser()->get('contactId');
 
         if (count($accountIdList)) {
-            if ($this->getSeed()->hasAttribute('accountId')) {
-                $d['accountId'] = $accountIdList;
+            if (
+                $this->getSeed()->hasAttribute('accountId') && $this->getSeed()->getRelationParam('account', 'entity') === 'Account'
+            ) {
+                $or['accountId'] = $accountIdList;
             }
-            if ($this->getSeed()->hasRelation('accounts')) {
+            if (
+                $this->getSeed()->hasRelation('accounts') && $this->getSeed()->getRelationParam('accounts', 'entity') === 'Account'
+            ) {
                 $this->addLeftJoin(['accounts', 'accountsAccess'], $result);
                 $this->setDistinct(true, $result);
-                $d['accountsAccess.id'] = $accountIdList;
+                $or['accountsAccess.id'] = $accountIdList;
             }
             if ($this->getSeed()->hasAttribute('parentId') && $this->getSeed()->hasRelation('parent')) {
-                $d[] = [
+                $or[] = [
                     'parentType' => 'Account',
                     'parentId' => $accountIdList
                 ];
                 if ($contactId) {
-                    $d[] = [
+                    $or[] = [
                         'parentType' => 'Contact',
                         'parentId' => $contactId
                     ];
@@ -651,23 +664,27 @@ class Base
         }
 
         if ($contactId) {
-            if ($this->getSeed()->hasAttribute('contactId')) {
-                $d['contactId'] = $contactId;
+            if (
+                $this->getSeed()->hasAttribute('contactId') && $this->getSeed()->getRelationParam('contact', 'entity') === 'Contact'
+            ) {
+                $or['contactId'] = $contactId;
             }
-            if ($this->getSeed()->hasRelation('contacts')) {
+            if (
+                $this->getSeed()->hasRelation('contacts') && $this->getSeed()->getRelationParam('contacts', 'entity') === 'Contact'
+            ) {
                 $this->addLeftJoin(['contacts', 'contactsAccess'], $result);
                 $this->setDistinct(true, $result);
-                $d['contactsAccess.id'] = $contactId;
+                $or['contactsAccess.id'] = $contactId;
             }
         }
 
         if ($this->getSeed()->hasAttribute('createdById')) {
-            $d['createdById'] = $this->getUser()->id;
+            $or['createdById'] = $this->getUser()->id;
         }
 
-        if (!empty($d)) {
+        if (!empty($or)) {
             $result['whereClause'][] = [
-                'OR' => $d
+                'OR' => $or
             ];
         } else {
             $result['whereClause'][] = [
@@ -756,7 +773,7 @@ class Base
 
             $this->order($orderBy, $isDesc, $result);
         } else if (!empty($params['order'])) {
-            $orderBy = $this->getMetadata()->get(['entityDefs', $this->getEntityType(), 'collection', 'orderBy']);
+            $orderBy = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'orderBy']);
             $isDesc = $params['order'] === 'desc';
             $this->order($orderBy, $isDesc, $result);
         }
@@ -774,9 +791,7 @@ class Base
         }
 
         if (!empty($params['boolFilterList']) && is_array($params['boolFilterList'])) {
-            foreach ($params['boolFilterList'] as $filterName) {
-                $this->applyBoolFilter($filterName, $result);
-            }
+            $this->applyBoolFilterList($params['boolFilterList'], $result);
         }
 
         if (!empty($params['filterList']) && is_array($params['filterList'])) {
@@ -804,6 +819,13 @@ class Base
 
         $this->applyAdditional($params, $result);
 
+        if (empty($result['orderBy'])) {
+            $result['orderBy'] = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'orderBy']);
+            if (empty($result['order']) && !is_array($result['orderBy'])) {
+                $result['order'] = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'order']) ?? null;
+            }
+        }
+
         return $result;
     }
 
@@ -1760,42 +1782,70 @@ class Base
         $this->limit($offset, $maxSize, $result);
     }
 
-    public function applyPrimaryFilter(string $filterName, array &$result)
+    public function applyPrimaryFilter(string $filter, array &$result)
     {
         $this->prepareResult($result);
 
-        $method = 'filter' . ucfirst($filterName);
+        $method = 'filter' . ucfirst($filter);
         if (method_exists($this, $method)) {
             $this->$method($result);
         } else {
-            $className = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'filters', $filterName, 'className']);
+            $className = $this->getMetadata()->get(['entityDefs', $this->entityType, 'collection', 'filters', $filter, 'className']);
             if ($className) {
                 if (!class_exists($className)) {
-                    $GLOBALS['log']->error("Could find class for filter {$filterName}.");
+                    $GLOBALS['log']->error("Could find class for filter {$filter}.");
                     return;
                 }
                 $impl = $this->getInjectableFactory()->createByClassName($className);
                 if (!$impl) {
-                    $GLOBALS['log']->error("Could not create filter {$filterName} implementation.");
+                    $GLOBALS['log']->error("Could not create filter {$filter} implementation.");
                     return;
                 }
-                $impl->applyFilter($this->entityType, $filterName, $result, $this);
+                $impl->applyFilter($this->entityType, $filter, $result, $this);
             }
         }
     }
 
-    public function applyFilter(string $filterName, array &$result)
+    public function applyFilter(string $filter, array &$result)
     {
-        $this->applyPrimaryFilter($filterName, $result);
+        $this->applyPrimaryFilter($filter, $result);
     }
 
-    public function applyBoolFilter(string $filterName, array &$result)
+    public function applyBoolFilter(string $filter, array &$result)
     {
         $this->prepareResult($result);
 
-        $method = 'boolFilter' . ucfirst($filterName);
+        $method = 'boolFilter' . ucfirst($filter);
         if (method_exists($this, $method)) {
-            $this->$method($result);
+            $wherePart = $this->$method($result);
+            if ($wherePart) {
+                $result['whereClause'][] = $wherePart;
+            }
+        }
+    }
+
+    public function applyBoolFilterList(array $filterList, array &$result)
+    {
+        $this->prepareResult($result);
+
+        $wherePartList = [];
+
+        foreach ($filterList as $filter) {
+            $method = 'boolFilter' . ucfirst($filter);
+            if (method_exists($this, $method)) {
+                $wherePart = $this->$method($result);
+                if ($wherePart) {
+                    $wherePartList[] = $wherePart;
+                }
+            }
+        }
+
+        if (count($wherePartList)) {
+            if (count($wherePartList) === 1) {
+                $result['whereClause'][] = $wherePartList;
+            } else {
+                $result['whereClause'][] = ['OR' => $wherePartList];
+            }
         }
     }
 
@@ -2105,7 +2155,7 @@ class Base
             $textFilter = str_replace('*', '%', $textFilter);
         } else {
             if (!$useFullTextSearch) {
-                $textFilterForFullTextSearch .= '*';
+                //$textFilterForFullTextSearch .= '*';
             }
         }
 
@@ -2131,6 +2181,20 @@ class Base
         if ($fullTextSearchData) {
             $fullTextGroup[] = $fullTextSearchData['where'];
             $fullTextSearchFieldList = $fullTextSearchData['fieldList'];
+
+            if (isset($result['orderBy']) && !$this->fullTextSearchForceOrderOnlyByRelevance) {
+                if (is_string($result['orderBy'])) {
+                    $result['orderBy'] = [
+                        [$fullTextSearchData['where'], 'desc'],
+                        [$result['orderBy'], $result['order'] ?? 'asc'],
+                    ];
+                }
+            } else {
+                $result['orderBy'] = [[$fullTextSearchData['where'], 'desc']];
+                $result['order'] = null;
+            }
+
+            $result['hasFullTextSearch'] = true;
         }
 
         foreach ($fieldList as $field) {
@@ -2186,10 +2250,10 @@ class Base
             if ($fullTextSearchData) {
                 if (!$useFullTextSearch) {
                     if (in_array($field, $fullTextSearchFieldList)) {
-                        if (!array_key_exists('OR', $fullTextGroup)) {
+                        /*if (!array_key_exists('OR', $fullTextGroup)) {
                             $fullTextGroup['OR'] = [];
                         }
-                        $fullTextGroup['OR'][$field . '*'] = $expression;
+                        $fullTextGroup['OR'][$field . '*'] = $expression;*/
                         continue;
                     }
                 }
@@ -2246,43 +2310,78 @@ class Base
 
     protected function boolFilterOnlyMy(&$result)
     {
+        $wherePart = null;
+
         if (!$this->checkIsPortal()) {
             if ($this->hasAssignedUsersField()) {
                 $this->setDistinct(true, $result);
-                $this->addLeftJoin(['assignedUsers', 'assignedUsersAccess'], $result);
-                $result['whereClause'][] = [
-                    'assignedUsersAccess.id' => $this->getUser()->id
+                $this->addLeftJoin(['assignedUsers', 'assignedUsersOnlyMyFilter'], $result);
+                $wherePart = [
+                    'assignedUsersOnlyMyFilter.id' => $this->getUser()->id
                 ];
             } else if ($this->hasAssignedUserField()) {
-                $result['whereClause'][] = [
+                $wherePart = [
                     'assignedUserId' => $this->getUser()->id
                 ];
             } else {
-                $result['whereClause'][] = [
+                $wherePart = [
                     'createdById' => $this->getUser()->id
                 ];
             }
         } else {
-            $result['whereClause'][] = [
+            $wherePart = [
                 'createdById' => $this->getUser()->id
             ];
         }
+
+        return $wherePart;
+    }
+
+    protected function boolFilterOnlyMyTeam(&$result)
+    {
+        $teamIdList = $this->getUser()->getLinkMultipleIdList('teams');
+
+        if (count($teamIdList) === 0) {
+            return [
+                'id' => null
+            ];
+        }
+
+        $this->addLeftJoin(['teams', 'teamsOnlyMyFilter'], $result);
+        $this->setDistinct(true, $result);
+        return [
+            'teamsOnlyMyFilterMiddle.teamId' => $teamIdList
+        ];
     }
 
     protected function filterFollowed(&$result)
     {
-        $query = $this->getEntityManager()->getQuery();
-        $result['customJoin'] .= "
-            JOIN subscription ON
-                subscription.entity_type = ".$query->quote($this->getEntityType())." AND
-                subscription.entity_id = ".$query->toDb($this->getEntityType()).".id AND
-                subscription.user_id = ".$query->quote($this->getUser()->id)."
-        ";
+        $this->addJoin([
+            'Subscription',
+            'subscription',
+            [
+                'subscription.entityType' => $this->getEntityType(),
+                'subscription.entityId=:' => 'id',
+                'subscription.userId' => $this->getUser()->id,
+            ]
+        ], $result);
     }
 
     protected function boolFilterFollowed(&$result)
     {
-        $this->filterFollowed($result);
+        $this->addLeftJoin([
+            'Subscription',
+            'subscription',
+            [
+                'subscription.entityType' => $this->getEntityType(),
+                'subscription.entityId=:' => 'id',
+                'subscription.userId' => $this->getUser()->id,
+            ]
+        ], $result);
+
+        return ['subscription.id!=' => null];
+
+        //$result['whereClause'][] = ['subscription.id!=' => null];
     }
 
     public function mergeSelectParams(array $selectParams1, ?array $selectParams2) : array

application/Espo/Core/Templates/i18n/fr_FR/BasePlus.json

@@ -1,9 +1,4 @@
 {
-  "links": {
-    "meetings": "Meetings",
-    "calls": "Calls",
-    "tasks": "Tasks"
-  },
   "labels": {
     "Create {entityType}": "Créer un {entityTypeTranslated}"
   }

application/Espo/Core/Templates/i18n/fr_FR/Company.json

@@ -1,14 +1,4 @@
 {
-  "fields": {
-    "billingAddress": "Billing Address",
-    "shippingAddress": "Shipping Address",
-    "website": "Website"
-  },
-  "links": {
-    "meetings": "Meetings",
-    "calls": "Calls",
-    "tasks": "Tasks"
-  },
   "labels": {
     "Create {entityType}": "Créer un {entityTypeTranslated}"
   }

application/Espo/Core/Templates/i18n/fr_FR/Event.json

@@ -1,36 +1,8 @@
 {
   "fields": {
-    "parent": "Parent",
-    "dateStart": "Date de début",
-    "dateEnd": "Date End",
-    "duration": "Duration",
-    "status": "Status",
-    "reminders": "Reminders"
-  },
-  "links": {
-    "parent": "Parent"
-  },
-  "options": {
-    "status": {
-      "Planned": "Planned",
-      "Held": "Held",
-      "Not Held": "Not Held"
-    }
+    "dateStart": "Date de début"
   },
   "labels": {
-    "Create {entityType}": "Créer un {entityTypeTranslated}",
-    "Schedule {entityType}": "Schedule {entityTypeTranslated}",
-    "Log {entityType}": "Log {entityTypeTranslated}",
-    "Set Held": "Set Held",
-    "Set Not Held": "Set Not Held"
-  },
-  "massActions": {
-    "setHeld": "Set Held",
-    "setNotHeld": "Set Not Held"
-  },
-  "presetFilters": {
-    "planned": "Planned",
-    "held": "Held",
-    "todays": "Today's"
+    "Create {entityType}": "Créer un {entityTypeTranslated}"
   }
 }

application/Espo/Core/Templates/i18n/fr_FR/Person.json

@@ -1,12 +1,4 @@
 {
-  "fields": {
-    "address": "Address"
-  },
-  "links": {
-    "meetings": "Meetings",
-    "calls": "Calls",
-    "tasks": "Tasks"
-  },
   "labels": {
     "Create {entityType}": "Créer un {entityTypeTranslated}"
   }

application/Espo/Core/Templates/i18n/id_ID/Base.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/id_ID/BasePlus.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/id_ID/Company.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/id_ID/Event.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/id_ID/Person.json

@@ -1,5 +1,5 @@
 {
-    "labels": {
-        "Create {entityType}": "Buat {entityTypeTranslated}"
-    }
-}
+  "labels": {
+    "Create {entityType}": "Buat {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/nb_NO/Event.json

@@ -4,7 +4,6 @@
     "dateStart": "Startdato",
     "dateEnd": "Sluttdato",
     "duration": "Varighet",
-    "status": "Status",
     "reminders": "Påminnelser"
   },
   "links": {

application/Espo/Core/Templates/i18n/pt_PR/Base.json

@@ -0,0 +1,5 @@
+{
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/BasePlus.json

@@ -0,0 +1,9 @@
+{
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/Company.json

@@ -0,0 +1,13 @@
+{
+  "fields": {
+    "billingAddress": "Endereço de Cobrança",
+    "shippingAddress": "Endereço de Entrega"
+  },
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/Event.json

@@ -0,0 +1,5 @@
+{
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/pt_PR/Person.json

@@ -0,0 +1,12 @@
+{
+  "fields": {
+    "address": "Endereço"
+  },
+  "links": {
+    "meetings": "Reuniões",
+    "tasks": "Tarefas"
+  },
+  "labels": {
+    "Create {entityType}": "Criar {entityTypeTranslated}"
+  }
+}

application/Espo/Core/Templates/i18n/sr_RS/Event.json

@@ -4,7 +4,6 @@
     "dateStart": "Početni datum",
     "dateEnd": "Krajnji datum",
     "duration": "Trajanje",
-    "status": "Status",
     "reminders": "Podsetnici"
   },
   "links": {

application/Espo/Core/Templates/i18n/uk_UA/Event.json

@@ -5,7 +5,10 @@
     "dateEnd": "Дата завершення",
     "duration": "Тривалість",
     "status": "Статус",
-    "reminders": "Нагадування"
+    "reminders": "Нагадування",
+    "dateStartDate": "Дата початку (цілий день)",
+    "dateEndDate": "Дата завершення (цілий день)",
+    "isAllDay": "Є цілий день"
   },
   "links": {
     "parent": "Батько"
@@ -19,7 +22,7 @@
   },
   "labels": {
     "Create {entityType}": "Створити {entityTypeTranslated}",
-    "Schedule {entityType}": "Розклад {entityTypeTranslated} ",
+    "Schedule {entityType}": "Розклад {entityTypeTranslated}",
     "Log {entityType}": "Лог {entityTypeTranslated}",
     "Set Held": "Позначити виконаним",
     "Set Not Held": "Позначити невиконаним"

application/Espo/Core/Traits/Injectable.php

@@ -0,0 +1,62 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Traits;
+
+trait Injectable
+{
+    private $injections = [];
+
+    public function inject($name, $object)
+    {
+        $this->injections[$name] = $object;
+    }
+
+    public function getDependencyList() : array
+    {
+        return $this->dependencyList;
+    }
+
+    protected function getInjection(string $name)
+    {
+        return $this->injections[$name];
+    }
+
+    protected function addDependency(string $name)
+    {
+        $this->dependencyList[] = $name;
+    }
+
+    protected function addDependencyList(array $list)
+    {
+        foreach ($list as $item) {
+            $this->addDependency($item);
+        }
+    }
+}

application/Espo/Core/UpgradeManager.php

@@ -50,4 +50,4 @@ class UpgradeManager extends Upgrades\Base
             'vendor' => 'vendorFiles',
         )
     );
-}
+}

application/Espo/Core/Upgrades/ActionManager.php

@@ -84,15 +84,23 @@ class ActionManager
         return $object->run($data);
     }
 
+    public function getActionClass($actionName)
+    {
+        return $this->getObject($actionName);
+    }
+
     public function getManifest()
     {
         return $this->getObject()->getManifest();
     }
 
-    protected function getObject()
+    protected function getObject($actionName = null)
     {
         $managerName = $this->getManagerName();
-        $actionName = $this->getAction();
+
+        if (!$actionName) {
+            $actionName = $this->getAction();
+        }
 
         if (!isset($this->objects[$managerName][$actionName])) {
             $class = '\Espo\Core\Upgrades\Actions\\' . ucfirst($managerName) . '\\' . ucfirst($actionName);
@@ -106,4 +114,4 @@ class ActionManager
 
         return $this->objects[$managerName][$actionName];
     }
-}
+}

application/Espo/Core/Upgrades/Actions/Base.php

@@ -37,10 +37,6 @@ use Composer\Semver\Semver;
 
 abstract class Base
 {
-    private $config;
-
-    private $entityManager;
-
     private $helper;
 
     protected $data;
@@ -53,7 +49,7 @@ abstract class Base
 
     private $zipUtil;
 
-    private $fileManager;
+    private $databaseHelper;
 
     protected $processId = null;
 
@@ -132,31 +128,31 @@ abstract class Base
         return $this->zipUtil;
     }
 
+    protected function getDatabaseHelper()
+    {
+        if (!isset($this->databaseHelper)) {
+            $this->databaseHelper = new \Espo\Core\Utils\Database\Helper($this->getConfig());
+        }
+
+        return $this->databaseHelper;
+    }
+
     protected function getFileManager()
     {
-        if (!isset($this->fileManager)) {
-            $this->fileManager = $this->getContainer()->get('fileManager');
-        }
-        return $this->fileManager;
+        return $this->getContainer()->get('fileManager');
     }
 
     protected function getConfig()
     {
-        if (!isset($this->config)) {
-            $this->config = $this->getContainer()->get('config');
-        }
-        return $this->config;
+        return $this->getContainer()->get('config');
     }
 
     public function getEntityManager()
     {
-        if (!isset($this->entityManager)) {
-            $this->entityManager = $this->getContainer()->get('entityManager');
-        }
-        return $this->entityManager;
+        return $this->getContainer()->get('entityManager');
     }
 
-    protected function throwErrorAndRemovePackage($errorMessage = '')
+    public function throwErrorAndRemovePackage($errorMessage = '')
     {
         $this->deletePackageFiles();
         $this->deletePackageArchive();
@@ -186,7 +182,7 @@ abstract class Base
         return $this->processId;
     }
 
-    protected function setProcessId($processId)
+    public function setProcessId($processId)
     {
         $this->processId = $processId;
     }
@@ -205,12 +201,26 @@ abstract class Base
 
         //check php version
         if (isset($manifest['php'])) {
-            $res &= $this->checkVersions($manifest['php'], System::getPhpVersion(), 'Your PHP version does not support this installation package.');
+            $res &= $this->checkVersions($manifest['php'], System::getPhpVersion(), 'Your PHP version ({version}) is not supported. Required version: {requiredVersion}.');
+        }
+
+        //check database version
+        if (isset($manifest['database'])) {
+            $databaseHelper = $this->getDatabaseHelper();
+            $databaseType = $databaseHelper->getDatabaseType();
+            $databaseTypeLc = strtolower($databaseType);
+
+            if (isset($manifest['database'][$databaseTypeLc])) {
+                $databaseVersion = $databaseHelper->getDatabaseVersion();
+                if ($databaseVersion) {
+                    $res &= $this->checkVersions($manifest['database'][$databaseTypeLc], $databaseVersion, 'Your '. $databaseType .' version ({version}) is not supported. Required version: {requiredVersion}.');
+                }
+            }
         }
 
         //check acceptableVersions
         if (isset($manifest['acceptableVersions'])) {
-            $res &= $this->checkVersions($manifest['acceptableVersions'], $this->getConfig()->get('version'), 'Your EspoCRM version doesn\'t match for this installation package.');
+            $res &= $this->checkVersions($manifest['acceptableVersions'], $this->getConfig()->get('version'), 'Your EspoCRM version ({version}) is not supported. Required version: {requiredVersion}.');
         }
 
         //check dependencies
@@ -244,6 +254,9 @@ abstract class Base
             }
         }
 
+        $errorMessage = preg_replace('/\{version\}/', $currentVersion, $errorMessage);
+        $errorMessage = preg_replace('/\{requiredVersion\}/', $version, $errorMessage);
+
         $this->throwErrorAndRemovePackage($errorMessage);
     }
 
@@ -266,17 +279,47 @@ abstract class Base
         return true;
     }
 
+    protected function getPackageType()
+    {
+        $manifest = $this->getManifest();
+
+        if (isset($manifest['type'])) {
+            return strtolower($manifest['type']);
+        }
+
+        return $this->defaultPackageType;
+    }
+
     protected function checkDependencies($dependencyList)
     {
         return true;
     }
 
     /**
-     * Run scripts by type
+     * Run a script by a type
      * @param  string $type Ex. "before", "after"
      * @return void
      */
     protected function runScript($type)
+    {
+        $beforeInstallScript = $this->getScriptPath($type);
+
+        if ($beforeInstallScript) {
+            $scriptNames = $this->getParams('scriptNames');
+            $scriptName = $scriptNames[$type];
+
+            require_once($beforeInstallScript);
+            $script = new $scriptName();
+
+            try {
+                $script->run($this->getContainer(), $this->scriptParams);
+            } catch (\Exception $e) {
+                $this->throwErrorAndRemovePackage($e->getMessage());
+            }
+        }
+    }
+
+    protected function getScriptPath($type)
     {
         $packagePath = $this->getPackagePath();
         $scriptNames = $this->getParams('scriptNames');
@@ -287,16 +330,8 @@ abstract class Base
         }
 
         $beforeInstallScript = Util::concatPath( array($packagePath, self::SCRIPTS, $scriptName) ) . '.php';
-
         if (file_exists($beforeInstallScript)) {
-            require_once($beforeInstallScript);
-            $script = new $scriptName();
-
-            try {
-                $script->run($this->getContainer(), $this->scriptParams);
-            } catch (\Exception $e) {
-                $this->throwErrorAndRemovePackage($e->getMessage());
-            }
+            return $beforeInstallScript;
         }
     }
 
@@ -474,6 +509,28 @@ abstract class Base
      * @return boolean
      */
     protected function copyFiles($type = null, $dest = '')
+    {
+        $filesPath = $this->getCopyFilesPath($type);
+
+        if ($filesPath) {
+            switch ($type) {
+                case 'vendor':
+                    $dest = $this->vendorDirName;
+                    break;
+            }
+
+            return $this->copy($filesPath, $dest, true);
+        }
+
+        return true;
+    }
+
+    /**
+     * Get needed file list based on type. E.g. file list for "beforeCopy" action
+     * @param  string $type
+     * @return boolean
+     */
+    protected function getCopyFilesPath($type = null)
     {
         switch ($type) {
             case 'before':
@@ -486,7 +543,6 @@ abstract class Base
                 $dirNames = $this->getParams('customDirNames');
                 if (isset($dirNames['vendor'])) {
                     $dirPath = $dirNames['vendor'];
-                    $dest = $this->vendorDirName;
                 }
                 break;
 
@@ -500,11 +556,9 @@ abstract class Base
             $filesPath = Util::concatPath($packagePath, $dirPath);
 
             if (file_exists($filesPath)) {
-                return $this->copy($filesPath, $dest, true);
+                return $filesPath;
             }
         }
-
-        return true;
     }
 
     protected function getVendorFileList($type = 'copy')
@@ -706,12 +760,15 @@ abstract class Base
 
     protected function checkIsWritable()
     {
-        $fullFileList = array_merge($this->getDeleteFileList(), $this->getCopyFileList());
+        $backupPath = $this->getPath('backupPath');
+        $fullFileList = array_merge([$backupPath], $this->getDeleteFileList(), $this->getCopyFileList());
 
         $result = $this->getFileManager()->isWritableList($fullFileList);
         if (!$result) {
             $permissionDeniedList = $this->getFileManager()->getLastPermissionDeniedList();
-            throw new Error("Permission denied for <br>". implode(", <br>", $permissionDeniedList));
+
+            $delimiter = $this->isCli() ? "\n" : "<br>";
+            throw new Error("Permission denied: " . $delimiter . implode($delimiter, $permissionDeniedList));
         }
     }
 
@@ -756,7 +813,8 @@ abstract class Base
             'useCache' => $config->get('useCache'),
         ];
 
-        $this->setParam('beforeMaintenanceModeParams', $actualParams);
+        $configParamName = $this->getTemporaryConfigParamName();
+        $config->set($configParamName, $actualParams);
 
         $save = false;
 
@@ -783,19 +841,40 @@ abstract class Base
     protected function disableMaintenanceMode()
     {
         $config = $this->getConfig();
-        $beforeMaintenanceModeParams = $this->getParams('beforeMaintenanceModeParams', []);
+
+        $configParamName = $this->getTemporaryConfigParamName();
+        $temporaryUpgradeParams = $config->get($configParamName, []);
 
         $save = false;
 
-        foreach ($beforeMaintenanceModeParams as $paramName => $paramValue) {
+        foreach ($temporaryUpgradeParams as $paramName => $paramValue) {
             if ($config->get($paramName) != $paramValue) {
                 $config->set($paramName, $paramValue);
                 $save = true;
             }
         }
 
+        if ($config->has($configParamName)) {
+            $config->remove($configParamName);
+            $save = true;
+        }
+
         if ($save) {
             $config->save();
         }
     }
+
+    protected function getTemporaryConfigParamName()
+    {
+        return 'temporaryUpgradeParams' . $this->getProcessId();
+    }
+
+    protected function isCli()
+    {
+        if (substr(php_sapi_name(), 0, 3) == 'cli') {
+            return true;
+        }
+
+        return false;
+    }
 }

application/Espo/Core/Upgrades/Actions/Base/Install.php

@@ -45,40 +45,107 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
 
         $GLOBALS['log']->debug('Installation process ['.$processId.']: start run.');
 
+        $this->stepInit($data);
+
+        $this->stepCopyBefore($data);
+        if ($this->getCopyFilesPath('before')) {
+            $this->stepRebuild($data);
+        }
+
+        $this->stepBeforeInstallScript($data);
+        if ($this->getScriptPath('before')) {
+            $this->stepRebuild($data);
+        }
+
+        $this->stepCopy($data);
+        $this->stepRebuild($data);
+
+        $this->stepCopyAfter($data);
+        if ($this->getCopyFilesPath('after')) {
+            $this->stepRebuild($data);
+        }
+
+        $this->stepAfterInstallScript($data);
+        if ($this->getScriptPath('after')) {
+            $this->stepRebuild($data);
+        }
+
+        $this->stepFinalize($data);
+
+        $GLOBALS['log']->debug('Installation process ['.$processId.']: end run.');
+    }
+
+    protected function initPackage(array $data)
+    {
+        $GLOBALS['log']->setLevel('info');
+
+        $processId = $data['id'];
+
         if (empty($processId)) {
             throw new Error('Installation package ID was not specified.');
         }
 
         $this->setProcessId($processId);
 
-        $this->initialize();
-
         /** check if an archive is unzipped, if no then unzip */
         $packagePath = $this->getPackagePath();
         if (!file_exists($packagePath)) {
             $this->unzipArchive();
             $this->isAcceptable();
         }
+    }
 
-        //check permissions copied and deleted files
+    public function stepInit(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "init" step.');
+
+        if (!$this->systemRebuild()) {
+            $this->throwErrorAndRemovePackage('Rebuild is failed. Fix all errors before upgrade.');
+        }
+
+        $this->initialize();
         $this->checkIsWritable();
-
         $this->enableMaintenanceMode();
-
         $this->beforeRunAction();
-
         $this->backupExistingFiles();
 
-        //beforeInstallFiles
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "init" step.');
+    }
+
+    public function stepCopyBefore(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "copyBefore" step.');
+
         if (!$this->copyFiles('before')) {
             $this->throwErrorAndRemovePackage('Cannot copy beforeInstall files.');
         }
 
-        /* run before install script */
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "copyBefore" step.');
+    }
+
+    public function stepBeforeInstallScript(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "beforeInstallScript" step.');
+
         if (!isset($data['skipBeforeScript']) || !$data['skipBeforeScript']) {
             $this->runScript('before');
         }
 
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "beforeInstallScript" step.');
+    }
+
+    public function stepCopy(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "copy" step.');
+
         /* remove files defined in a manifest "deleteBeforeCopy" */
         $this->deleteFiles('deleteBeforeCopy', true);
 
@@ -93,7 +160,14 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         $this->deleteFiles('vendor');
         $this->copyFiles('vendor');
 
-        $this->disableMaintenanceMode();
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "copy" step.');
+    }
+
+    public function stepRebuild(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "rebuild" step.');
 
         if (!isset($data['skipSystemRebuild']) || !$data['skipSystemRebuild']) {
             if (!$this->systemRebuild()) {
@@ -101,18 +175,45 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
             }
         }
 
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "rebuild" step.');
+    }
+
+    public function stepCopyAfter(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "copyAfter" step.');
+
         //afterInstallFiles
         if (!$this->copyFiles('after')) {
             $this->throwErrorAndRemovePackage('Cannot copy afterInstall files.');
         }
 
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "copyAfter" step.');
+    }
+
+    public function stepAfterInstallScript(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "afterInstallScript" step.');
+
         /* run after install script */
         if (!isset($data['skipAfterScript']) || !$data['skipAfterScript']) {
             $this->runScript('after');
         }
 
-        $this->afterRunAction();
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "afterInstallScript" step.');
+    }
 
+    public function stepFinalize(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "finalize" step.');
+
+        $this->disableMaintenanceMode();
+        $this->afterRunAction();
         $this->finalize();
 
         /* delete unziped files */
@@ -122,9 +223,18 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
             $this->getFileManager()->removeInDir([$this->getPath('backupPath'), self::FILES]);
         }
 
-        $GLOBALS['log']->debug('Installation process ['.$processId.']: end run.');
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "finalize" step.');
+    }
 
-        $this->clearCache();
+    public function stepRevert(array $data)
+    {
+        $this->initPackage($data);
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: Start "revert" step.');
+
+        $this->restoreFiles();
+
+        $GLOBALS['log']->info('Installation process ['. $this->getProcessId() .']: End "revert" step.');
     }
 
     protected function restoreFiles()
@@ -134,6 +244,10 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         $backupPath = $this->getPath('backupPath');
         $backupFilePath = Util::concatPath($backupPath, self::FILES);
 
+        if (!file_exists($backupFilePath)) {
+            return true;
+        }
+
         $backupFileList = $this->getRestoreFileList();
         $copyFileList = $this->getCopyFileList();
         $deleteFileList = array_diff($copyFileList, $backupFileList);
@@ -150,7 +264,7 @@ class Install extends \Espo\Core\Upgrades\Actions\Base
         return $res;
     }
 
-    protected function throwErrorAndRemovePackage($errorMessage = '')
+    public function throwErrorAndRemovePackage($errorMessage = '')
     {
         $this->restoreFiles();
         parent::throwErrorAndRemovePackage($errorMessage);

application/Espo/Core/Upgrades/Actions/Base/Uninstall.php

@@ -155,7 +155,7 @@ class Uninstall extends \Espo\Core\Upgrades\Actions\Base
         return $res;
     }
 
-    protected function throwErrorAndRemovePackage($errorMessage = '')
+    public function throwErrorAndRemovePackage($errorMessage = '')
     {
         $this->restoreFiles();
         throw new Error($errorMessage);

application/Espo/Core/Upgrades/Actions/Extension/Install.php

@@ -186,7 +186,7 @@ class Install extends \Espo\Core\Upgrades\Actions\Base\Install
      * @param  string $errorMessage
      * @return void
      */
-    protected function throwErrorAndRemovePackage($errorMessage = '')
+    public function throwErrorAndRemovePackage($errorMessage = '')
     {
         if (!$this->isNew()) {
             throw new Error($errorMessage);

application/Espo/Core/Upgrades/Actions/Upgrade/Install.php

@@ -28,8 +28,19 @@
  ************************************************************************/
 
 namespace Espo\Core\Upgrades\Actions\Upgrade;
+
 class Install extends \Espo\Core\Upgrades\Actions\Base\Install
 {
+    public function stepBeforeUpgradeScript(array $data)
+    {
+        return $this->stepBeforeInstallScript($data);
+    }
+
+    public function stepAfterUpgradeScript(array $data)
+    {
+        return $this->stepAfterInstallScript($data);
+    }
+
     protected function finalize()
     {
         $manifest = $this->getManifest();

application/Espo/Core/Upgrades/Base.php

@@ -29,9 +29,10 @@
 
 namespace Espo\Core\Upgrades;
 
-use Espo\Core\Utils\Util,
-    Espo\Core\Utils\Json,
-    Espo\Core\Exceptions\Error;
+use Espo\Core\Utils\Util;
+use Espo\Core\Utils\Json;
+use Espo\Core\Exceptions\Error;
+use Espo\Core\Exceptions\NotFound;
 
 abstract class Base
 {
@@ -71,6 +72,14 @@ abstract class Base
         return $this->getActionManager()->getManifest();
     }
 
+    public function getManifestById($processId)
+    {
+        $actionClass = $this->getActionManager()->getActionClass(self::INSTALL);
+        $actionClass->setProcessId($processId);
+
+        return $actionClass->getManifest();
+    }
+
     public function upload($data)
     {
         $this->getActionManager()->setAction(self::UPLOAD);
@@ -98,4 +107,28 @@ abstract class Base
 
         return $this->getActionManager()->run($processId);
     }
+
+    public function runInstallStep($stepName, array $params = [])
+    {
+        return $this->runActionStep(self::INSTALL, $stepName, $params);
+    }
+
+    protected function runActionStep($actionName, $stepName, array $params = [])
+    {
+        $actionClass = $this->getActionManager()->getActionClass($actionName);
+        $methodName = 'step' . ucfirst($stepName);
+
+        if (!method_exists($actionClass, $methodName)) {
+            if (!empty($params['id'])) {
+                $actionClass->setProcessId($params['id']);
+                $actionClass->throwErrorAndRemovePackage('Step "'. $stepName .'" is not found.');
+            }
+
+            throw new Error('Step "'. $stepName .'" is not found.');
+        }
+
+        $actionClass->$methodName($params); // throw an Exception on error
+
+        return true;
+    }
 }

application/Espo/Core/Utils/Api/Auth.php

@@ -31,6 +31,8 @@ namespace Espo\Core\Utils\Api;
 
 use \Espo\Core\Utils\Api\Slim;
 
+use \Espo\Core\Utils\Auth as AuthUtil;
+
 class Auth extends \Slim\Middleware
 {
     protected $auth;
@@ -39,7 +41,7 @@ class Auth extends \Slim\Middleware
 
     protected $showDialog = false;
 
-    public function __construct(\Espo\Core\Utils\Auth $auth, $authRequired = null, $showDialog = false)
+    public function __construct(AuthUtil $auth, $authRequired = null, $showDialog = false)
     {
         $this->auth = $auth;
         $this->authRequired = $authRequired;
@@ -128,14 +130,14 @@ class Auth extends \Slim\Middleware
 
         if ($username) {
             try {
-                $isAuthenticated = $this->auth->login($username, $password, $authenticationMethod);
+                $authResult = $this->auth->login($username, $password, $authenticationMethod);
             } catch (\Exception $e) {
                 $this->processException($e);
                 return;
             }
 
-            if ($isAuthenticated) {
-                $this->next->call();
+            if ($authResult) {
+                $this->handleAuthResult($authResult);
             } else {
                 $this->processUnauthorized();
             }
@@ -147,6 +149,31 @@ class Auth extends \Slim\Middleware
         }
     }
 
+    protected function handleAuthResult(array $authResult)
+    {
+        $status = $authResult['status'];
+
+        $response = $this->app->response();
+
+        if ($status === AuthUtil::STATUS_SUCCESS) {
+            $this->next->call();
+            return;
+        }
+
+        if ($status === AuthUtil::STATUS_SECOND_STEP_REQUIRED) {
+            $response->setStatus(401);
+            $response->headers->set('X-Status-Reason', 'second-step-required');
+
+            $bodyData = [
+                'status' => $status,
+                'message' => $authResult['message'] ?? null,
+                'view' => $authResult['view'] ?? null,
+                'token' => $authResult['token'] ?? null,
+            ];
+            $response->setBody(json_encode($bodyData));
+        }
+    }
+
     protected function processException(\Exception $e)
     {
         $response = $this->app->response();

application/Espo/Core/Utils/Api/Output.php

@@ -148,6 +148,8 @@ class Output
             if ($toPrint) {
                 $status = $this->getCodeDescription($statusCode);
                 $status = isset($status) ? $statusCode.' '.$status : 'HTTP '.$statusCode;
+                if ($text)
+                    $text = htmlspecialchars($text);
                 $this->getSlim()->printError($text, $status);
             }
 

application/Espo/Core/Utils/Auth.php

@@ -52,6 +52,10 @@ class Auth
 
     private $portal;
 
+    const STATUS_SUCCESS = 'success';
+
+    const STATUS_SECOND_STEP_REQUIRED = 'secondStepRequired';
+
     public function __construct(\Espo\Core\Container $container, $allowAnyAccess = false)
     {
         $this->container = $container;
@@ -71,18 +75,40 @@ class Auth
         return $this->getConfig()->get('authenticationMethod', 'Espo');
     }
 
-    protected function getAuthentication($authenticationMethod)
+    protected function getAuthenticationImpl(string $method) : \Espo\Core\Utils\Authentication\Base
     {
-        $authenticationMethod = preg_replace('/[^a-zA-Z0-9]+/', '', $authenticationMethod);
+        $className = $this->getMetadata()->get([
+            'authenticationMethods', $method, 'implementationClassName'
+        ]);
 
-        $authenticationClassName = "\\Espo\\Custom\\Core\\Utils\\Authentication\\" . $authenticationMethod;
-        if (!class_exists($authenticationClassName)) {
-            $authenticationClassName = "\\Espo\\Core\\Utils\\Authentication\\" . $authenticationMethod;
+        if (!$className) {
+            $sanitizedName = preg_replace('/[^a-zA-Z0-9]+/', '', $method);
+
+            $className = "\\Espo\\Custom\\Core\\Utils\\Authentication\\" . $sanitizedName;
+            if (!class_exists($className)) {
+                $className = "\\Espo\\Core\\Utils\\Authentication\\" . $sanitizedName;
+            }
         }
 
-        $authentication = new $authenticationClassName($this->getConfig(), $this->getEntityManager(), $this);
+        return new $className($this->getConfig(), $this->getEntityManager(), $this, $this->getContainer());
+    }
 
-        return $authentication;
+    protected function get2FAImpl(string $method) : \Espo\Core\Utils\Authentication\TwoFA\Base
+    {
+        $className = $this->getMetadata()->get([
+            'app', 'auth2FAMethods', $method, 'implementationClassName'
+        ]);
+
+        if (!$className) {
+            $sanitizedName = preg_replace('/[^a-zA-Z0-9]+/', '', $method);
+
+            $className = "\\Espo\\Custom\\Core\\Utils\\Authentication\\TwoFA\\" . $sanitizedName;
+            if (!class_exists($className)) {
+                $className = "\\Espo\\Core\\Utils\\Authentication\\TwoFA\\" . $sanitizedName;
+            }
+        }
+
+        return $this->getContainer()->get('injectableFactory')->createByClassName($className);
     }
 
     protected function setPortal(Portal $portal)
@@ -116,6 +142,11 @@ class Auth
         return $this->getContainer()->get('entityManager');
     }
 
+    protected function getMetadata()
+    {
+        return $this->getContainer()->get('metadata');
+    }
+
     public function useNoAuth()
     {
         $entityManager = $this->getContainer()->get('entityManager');
@@ -142,6 +173,14 @@ class Auth
             }
         }
 
+        $createTokenSecret = $this->request->headers->get('Espo-Authorization-Create-Token-Secret') === 'true';
+
+        if ($createTokenSecret) {
+            if ($this->getConfig()->get('authTokenSecretDisabled')) {
+                $createTokenSecret = false;
+            }
+        }
+
         if (!$isByTokenOnly) {
             $this->checkFailedAttemptsLimit($username);
         }
@@ -153,6 +192,15 @@ class Auth
             $authToken = $this->getEntityManager()->getRepository('AuthToken')->where([
                 'token' => $password
             ])->findOne();
+
+            if ($authToken) {
+                if ($authToken->get('secret')) {
+                    $sentSecret = $_COOKIE['auth-token-secret'] ?? null;
+                    if ($sentSecret !== $authToken->get('secret')) {
+                        $authToken = null;
+                    }
+                }
+            }
         }
 
         if ($authToken) {
@@ -191,13 +239,15 @@ class Auth
             $authenticationMethod = $this->getDefaultAuthenticationMethod();
         }
 
-        $authentication = $this->getAuthentication($authenticationMethod);
+        $authenticationImpl = $this->getAuthenticationImpl($authenticationMethod);
 
         $params = [
-            'isPortal' => $this->isPortal()
+            'isPortal' => $this->isPortal(),
         ];
 
-        $user = $authentication->login($username, $password, $authToken, $params, $this->request);
+        $loginResultData = [];
+
+        $user = $authenticationImpl->login($username, $password, $authToken, $params, $this->request, $loginResultData);
 
         $authLogRecord = null;
 
@@ -247,7 +297,31 @@ class Auth
         $this->getEntityManager()->setUser($user);
         $this->getContainer()->setUser($user);
 
-        if ($this->request->headers->get('Http-Espo-Authorization')) {
+        $secondStepRequired = false;
+
+        if (!$authToken && $this->getConfig()->get('auth2FA')) {
+            $twoFAMethod = $this->getUser2FAMethod($user);
+            if ($twoFAMethod) {
+                $twoFAImpl = $this->get2FAImpl($twoFAMethod);
+
+                $twoFACode = $this->request->headers->get('Espo-Authorization-Code');
+
+                if ($twoFACode) {
+                    if (!$twoFAImpl->verifyCode($user, $twoFACode)) {
+                        return;
+                    }
+                } else {
+                    $loginResultData = $twoFAImpl->getLoginData($user);
+                    $secondStepRequired = true;
+                }
+            }
+        }
+
+        if (!$secondStepRequired) {
+            $secondStepRequired = $loginResultData['secondStepRequired'] ?? false;
+        }
+
+        if (!$secondStepRequired && $this->request->headers->get('Http-Espo-Authorization')) {
             if (!$authToken) {
                 $authToken = $this->getEntityManager()->getEntity('AuthToken');
                 $token = $this->generateToken();
@@ -255,6 +329,13 @@ class Auth
                 $authToken->set('hash', $user->get('password'));
                 $authToken->set('ipAddress', $_SERVER['REMOTE_ADDR']);
                 $authToken->set('userId', $user->id);
+
+                if ($createTokenSecret) {
+                    $secret = $this->generateToken();
+                    $authToken->set('secret', $secret);
+                    $this->setSecretInCookie($secret);
+                }
+
                 if ($this->isPortal()) {
                     $authToken->set('portalId', $this->getPortal()->id);
                 }
@@ -262,7 +343,7 @@ class Auth
                 if ($this->getConfig()->get('authTokenPreventConcurrent')) {
                     $concurrentAuthTokenList = $this->getEntityManager()->getRepository('AuthToken')->select(['id'])->where([
                         'userId' => $user->id,
-                        'isActive' => true
+                        'isActive' => true,
                     ])->find();
                     foreach ($concurrentAuthTokenList as $concurrentAuthToken) {
                         $concurrentAuthToken->set('isActive', false);
@@ -295,7 +376,32 @@ class Auth
             $user->set('authLogRecordId', $authLogRecord->id);
         }
 
-        return true;
+        if ($secondStepRequired) {
+            return [
+                'status' => self::STATUS_SECOND_STEP_REQUIRED,
+                'message' => $loginResultData['message'] ?? null,
+                'token' => $loginResultData['token'] ?? null,
+                'view' => $loginResultData['view'] ?? null,
+            ];
+        }
+
+        return [
+            'status' => self::STATUS_SUCCESS,
+        ];
+    }
+
+    protected function getUser2FAMethod(\Espo\Entities\User $user) : ?string
+    {
+        $userData = $this->getEntityManager()->getRepository('UserData')->getByUserId($user->id);
+        if (!$userData) return null;
+        if (!$userData->get('auth2FA')) return null;
+
+        $method = $userData->get('auth2FAMethod');
+
+        if (!$method) return null;
+        if (!in_array($method, $this->getConfig()->get('auth2FAMethodList', []))) return null;
+
+        return $method;
     }
 
     protected function checkFailedAttemptsLimit($username = null)
@@ -334,10 +440,16 @@ class Auth
 
     public function destroyAuthToken($token)
     {
-        $authToken = $this->getEntityManager()->getRepository('AuthToken')->select(['id', 'isActive'])->where(['token' => $token])->findOne();
+        $authToken = $this->getEntityManager()->getRepository('AuthToken')->select(['id', 'isActive', 'secret'])->where(['token' => $token])->findOne();
         if ($authToken) {
             $authToken->set('isActive', false);
             $this->getEntityManager()->saveEntity($authToken);
+            if ($authToken->get('secret')) {
+                $sentSecret = $_COOKIE['auth-token-secret'] ?? null;
+                if ($sentSecret === $authToken->get('secret')) {
+                    setcookie('auth-token-secret', null, -1, '/');
+                }
+            }
             return true;
         }
     }
@@ -379,4 +491,19 @@ class Auth
         $authLogRecord->set('denialReason', $denialReason);
         $this->getEntityManager()->saveEntity($authLogRecord);
     }
+
+    protected function setSecretInCookie(string $secret)
+    {
+        if (version_compare(\PHP_VERSION, '7.3.0') < 0) {
+            setcookie('auth-token-secret', $secret, strtotime('+1000 days'), '/', '', false, true);
+            return;
+        }
+
+        setcookie('auth-token-secret', $secret, [
+            'expires' => strtotime('+1000 days'),
+            'path' => '/',
+            'httponly' => true,
+            'samesite' => 'Lax',
+        ]);
+    }
 }

application/Espo/Core/Utils/Authentication/TwoFA/Base.php

@@ -0,0 +1,53 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Utils\Authentication\TwoFA;
+
+use \Espo\Core\Utils\Config;
+use \Espo\Core\ORM\EntityManager;
+use \Espo\Core\Utils\Auth;
+use \Espo\Core\Container;
+use \Espo\Entities\User;
+
+abstract class Base implements \Espo\Core\Interfaces\Injectable
+{
+    use \Espo\Core\Traits\Injectable;
+
+    protected $dependencyList = [
+        'config',
+        'entityManager',
+    ];
+
+    abstract public function verifyCode(User $user, string $code) : bool;
+
+    public function getLoginData(User $user) : array
+    {
+        return [];
+    }
+}

application/Espo/Core/Utils/Authentication/TwoFA/Totp.php

@@ -0,0 +1,64 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Utils\Authentication\TwoFA;
+
+use \Espo\Entities\User;
+
+class Totp extends Base
+{
+    protected $dependencyList = [
+        'config',
+        'entityManager',
+        'totp',
+    ];
+
+    public function verifyCode(User $user, string $code) : bool
+    {
+        $userData = $this->getInjection('entityManager')->getRepository('UserData')->getByUserId($user->id);
+
+        if (!$userData) return false;
+        if (!$userData->get('auth2FA')) return false;
+        if ($userData->get('auth2FAMethod') != 'Totp') return false;
+
+        $secret = $userData->get('auth2FATotpSecret');
+
+        if (!$secret) return false;
+
+        return $this->getInjection('totp')->verifyCode($secret, $code);
+    }
+
+
+    public function getLoginData(User $user) : array
+    {
+        return [
+            'message' => 'enterTotpCode',
+        ];
+    }
+}

application/Espo/Core/Utils/Authentication/TwoFA/Utils/Totp.php

@@ -0,0 +1,54 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Utils\Authentication\TwoFA\Utils;
+
+class Totp
+{
+    protected $config;
+
+    public function __construct(\Espo\Core\Utils\Config $config)
+    {
+        $this->config = $config;
+    }
+
+    public function verifyCode(string $secret, string $code)
+    {
+        $impl = new \RobThree\Auth\TwoFactorAuth();
+
+        return $impl->verifyCode($secret, $code);
+    }
+
+    public function createSecret()
+    {
+        $impl = new \RobThree\Auth\TwoFactorAuth();
+
+        return $impl->createSecret();
+    }
+}

application/Espo/Core/Utils/Database/DBAL/Schema/Column.php

@@ -31,7 +31,6 @@ namespace Espo\Core\Utils\Database\DBAL\Schema;
 
 class Column extends \Doctrine\DBAL\Schema\Column
 {
-
     /**
      * @var boolean
      */
@@ -42,6 +41,7 @@ class Column extends \Doctrine\DBAL\Schema\Column
      */
     protected $_unique = false;
 
+    protected $_quoted = true;
 
     /**
      * @param boolean $unique
@@ -85,4 +85,4 @@ class Column extends \Doctrine\DBAL\Schema\Column
         ), $this->_platformOptions, $this->_customSchemaOptions);
     }
 
-}
+}

application/Espo/Core/Utils/Database/DBAL/Schema/Index.php

@@ -30,6 +30,7 @@
 namespace Espo\Core\Utils\Database\DBAL\Schema;
 
 use Doctrine\DBAL\Schema\Index as DBALIndex;
+use Doctrine\DBAL\Platforms\AbstractPlatform;
 
 class Index extends \Doctrine\DBAL\Schema\Index
 {
@@ -62,7 +63,7 @@ class Index extends \Doctrine\DBAL\Schema\Index
             $flags = $this->getFlags();
             $otherFlags = $other->getFlags();
 
-            if ( ! $this->isUnique() && !$this->isPrimary() && $flags === $otherFlags) {
+        if ( ! $this->isUnique() && !$this->isPrimary() /*espo*/ && $flags === $otherFlags /*espo*/) {
                 return true;
             } else if ($other->isPrimary() != $this->isPrimary()) {
                 return false;
@@ -70,13 +71,48 @@ class Index extends \Doctrine\DBAL\Schema\Index
                 return false;
             }
 
+            /*espo*/
             if (count($flags) != count($otherFlags) || array_diff($flags, $otherFlags) !== array_diff($otherFlags, $flags)) {
                 return false;
             }
+            /*espo*/
 
             return true;
         }
 
         return false;
     }
-}
+
+    public function getQuotedColumns(AbstractPlatform $platform)
+    {
+        $columns = array();
+
+        foreach ($this->_columns as $column) {
+            $column->_quoted = true;
+            $columns[] = $column->getQuotedName($platform);
+        }
+
+        return $columns;
+    }
+
+    public function overrules(DBALIndex $other)
+    {
+        if ($other->isPrimary()) {
+            return false;
+        } else if ($this->isSimpleIndex() && $other->isUnique()) {
+            return false;
+        }
+
+        /*espo*/
+        if (count($other->getColumns()) != count($this->getColumns())) {
+            return false;
+        }
+        /*espo*/
+
+        if ($this->spansColumns($other->getColumns()) && ($this->isPrimary() || $this->isUnique())) {
+            return true;
+        }
+
+        return false;
+    }
+}

application/Espo/Core/Utils/Database/DBAL/Schema/Table.php

@@ -34,6 +34,8 @@ use Doctrine\DBAL\Schema\SchemaException;
 
 class Table extends \Doctrine\DBAL\Schema\Table
 {
+    protected $_quoted = true;
+
     /**
      * @param string $columnName
      * @param string $typeName
@@ -50,6 +52,18 @@ class Table extends \Doctrine\DBAL\Schema\Table
         return $column;
     }
 
+    public function setPrimaryKey(array $columns, $indexName = false)
+    {
+        $primaryKey = $this->_createIndex($columns, $indexName ?: "primary", true, true);
+
+        foreach ($columns as $columnName) {
+            $column = $this->getColumn($columnName);
+            $column->setNotnull(true);
+        }
+
+        return $primaryKey;
+    }
+
     public function addIndex(array $columnNames, $indexName = null, array $flags = array())
     {
         if($indexName == null) {
@@ -61,6 +75,17 @@ class Table extends \Doctrine\DBAL\Schema\Table
         return $this->_createIndex($columnNames, $indexName, false, false, $flags);
     }
 
+    public function addUniqueIndex(array $columnNames, $indexName = null)
+    {
+        if ($indexName === null) {
+            $indexName = $this->_generateIdentifierName(
+                array_merge(array($this->getName()), $columnNames), "uniq", $this->_getMaxIdentifierLength()
+            );
+        }
+
+        return $this->_createIndex($columnNames, $indexName, true, false);
+    }
+
     private function _createIndex(array $columnNames, $indexName, $isUnique, $isPrimary, array $flags = array())
     {
         if (preg_match('(([^a-zA-Z0-9_]+))', $indexName)) {
@@ -81,4 +106,4 @@ class Table extends \Doctrine\DBAL\Schema\Table
 
         return $this;
     }
-}
+}

application/Espo/Core/Utils/Database/Helper.php

@@ -145,7 +145,7 @@ class Helper
 
         switch ($tableEngine) {
             case 'InnoDB':
-                $version = $this->getDatabaseVersion();
+                $version = $this->getFullDatabaseVersion();
 
                 if (version_compare($version, '10.0.0') >= 0) {
                     return 767; //InnoDB, MariaDB
@@ -178,7 +178,7 @@ class Helper
             return $default;
         }
 
-        $version = $this->getDatabaseVersion();
+        $version = $this->getFullDatabaseVersion();
         if (preg_match('/mariadb/i', $version)) {
             return 'MariaDB';
         }
@@ -186,7 +186,7 @@ class Helper
         return $default;
     }
 
-    protected function getDatabaseVersion()
+    protected function getFullDatabaseVersion()
     {
         $connection = $this->getDbalConnection();
         if (!$connection) {
@@ -196,6 +196,19 @@ class Helper
         return $connection->fetchColumn("select version()");
     }
 
+    /**
+     * Get Database version
+     * @return string|null
+     */
+    public function getDatabaseVersion()
+    {
+        $fullVersion = $this->getFullDatabaseVersion();
+
+        if (preg_match('/[0-9]+\.[0-9]+\.[0-9]+/', $fullVersion, $match)) {
+            return $match[0];
+        }
+    }
+
     /**
      * Get table/database tables engine. If $tableName is empty get a value for all database tables
      *
@@ -240,7 +253,7 @@ class Helper
 
         switch ($tableEngine) {
             case 'InnoDB':
-                $version = $this->getDatabaseVersion();
+                $version = $this->getFullDatabaseVersion();
 
                 if (version_compare($version, '5.6.4') >= 0) {
                     return true; //InnoDB, MySQL 5.6.4+

application/Espo/Core/Utils/Database/Orm/Converter.php

@@ -92,6 +92,7 @@ class Converter
         'orderBy' => 'orderBy',
         'where' => 'where',
         'storeArrayValues' => 'storeArrayValues',
+        'binary' => 'binary',
     );
 
     protected $idParams = array(

application/Espo/Core/Utils/Database/Orm/Relations/Base.php

@@ -45,7 +45,8 @@ class Base extends \Espo\Core\Utils\Database\Orm\Base
         'conditions',
         'additionalColumns',
         'midKeys',
-        'noJoin'
+        'noJoin',
+        'indexes'
     );
 
     protected function getParams()

application/Espo/Core/Utils/Database/Schema/Converter.php

@@ -238,20 +238,7 @@ class Converter
             $tables[$entityName]->setPrimaryKey($primaryColumns);
 
             if (!empty($indexList[$entityName])) {
-                foreach($indexList[$entityName] as $indexName => $indexParams) {
-
-                    switch ($indexParams['type']) {
-                        case 'index':
-                        case 'fulltext':
-                            $indexFlagList = isset($indexParams['flags']) ? $indexParams['flags'] : array();
-                            $tables[$entityName]->addIndex($indexParams['columns'], $indexName, $indexFlagList);
-                            break;
-
-                        case 'unique':
-                            $tables[$entityName]->addUniqueIndex($indexParams['columns'], $indexName);
-                            break;
-                    }
-                }
+                $this->addIndexes($tables[$entityName], $indexList[$entityName]);
             }
         }
 
@@ -338,6 +325,13 @@ class Converter
             }
         } //END: add additionalColumns
 
+        $table->addColumn('deleted', 'bool', $this->getDbFieldParams(array(
+            'type' => 'bool',
+            'default' => false,
+        )));
+
+        $table->setPrimaryKey(array("id"));
+
         //add unique indexes
         if (!empty($relationParams['conditions'])) {
             foreach ($relationParams['conditions'] as $fieldName => $fieldParams) {
@@ -350,16 +344,41 @@ class Converter
         }
         //END: add unique indexes
 
-        $table->addColumn('deleted', 'bool', $this->getDbFieldParams(array(
-            'type' => 'bool',
-            'default' => false,
-        )));
+        //add defined indexes
+        if (!empty($relationParams['indexes'])) {
+            $normalizedIndexes = SchemaUtils::getIndexList([
+                $entityName => [
+                    'fields' => [],
+                    'indexes' => $relationParams['indexes'],
+                ]
+            ]);
 
-        $table->setPrimaryKey(array("id"));
+            $this->addIndexes($table, $normalizedIndexes[$entityName]);
+        }
+        //END: add defined indexes
 
         return $table;
     }
 
+    protected function addIndexes($table, array $indexes)
+    {
+        foreach($indexes as $indexName => $indexParams) {
+            $indexType = !empty($indexParams['type']) ? $indexParams['type'] : SchemaUtils::getIndexTypeByIndexDefs($indexParams);
+
+            switch ($indexType) {
+                case 'index':
+                case 'fulltext':
+                    $indexFlagList = isset($indexParams['flags']) ? $indexParams['flags'] : array();
+                    $table->addIndex($indexParams['columns'], $indexName, $indexFlagList);
+                    break;
+
+                case 'unique':
+                    $table->addUniqueIndex($indexParams['columns'], $indexName);
+                    break;
+            }
+        }
+    }
+
     protected function getDbFieldParams($fieldParams)
     {
         $dbFieldParams = array();
@@ -408,9 +427,15 @@ class Converter
             $dbFieldParams['unsigned'] = true;
         }
 
+        if (isset($fieldParams['binary']) && $fieldParams['binary']) {
+            $dbFieldParams['platformOptions'] = array(
+                'collation' => 'utf8mb4_bin',
+            );
+        }
+
         if (isset($fieldParams['utf8mb3']) && $fieldParams['utf8mb3']) {
             $dbFieldParams['platformOptions'] = array(
-                'collation' => 'utf8_unicode_ci',
+                'collation' => (isset($fieldParams['binary']) && $fieldParams['binary']) ? 'utf8_bin' : 'utf8_unicode_ci',
             );
         }
 

application/Espo/Core/Utils/Database/Schema/tables/subscription.php

@@ -3,13 +3,13 @@
  * This file is part of EspoCRM.
  *
  * EspoCRM - Open Source CRM application.
- * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Copyright (C] 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
  * Website: https://www.espocrm.com
  *
  * EspoCRM is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
+ * (at your option] any later version.
  *
  * EspoCRM is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -23,37 +23,39 @@
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
  *
- * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * In accordance with Section 7(b] of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
  ************************************************************************/
 
-return array(
-
-    'Subscription' => array(
-        'fields' => array(
-            'id' => array(
+return [
+    'Subscription' => [
+        'fields' => [
+            'id' => [
                 'type' => 'id',
                 'dbType' => 'int',
                 'len' => '11',
                 'autoincrement' => true,
-            ),
-            'entityId' => array(
+            ],
+            'entityId' => [
                 'type' => 'varchar',
                 'len' => '24',
                 'index' => 'entity',
-            ),
-            'entityType' => array(
+            ],
+            'entityType' => [
                 'type' => 'varchar',
                 'len' => '100',
                 'index' => 'entity',
-            ),
-            'userId' => array(
+            ],
+            'userId' => [
                 'type' => 'varchar',
                 'len' => '24',
                 'index' => true,
-            ),
-        ),
-    ),
-
-);
-
+            ],
+        ],
+        'indexes' => [
+            'userEntity' => [
+                'columns' => ['userId', 'entityId', 'entityType'],
+            ],
+        ],
+    ],
+];

application/Espo/Core/Utils/EntityManager.php

@@ -54,7 +54,7 @@ class EntityManager
 
     private $linkForbiddenNameList = ['posts', 'stream', 'subscription', 'followers', 'action', 'null', 'false', 'true'];
 
-    private $forbiddenEntityTypeNameList = ['PortalUser', 'ApiUser', 'Timeline', 'About', 'Admin', 'Null', 'False', 'True'];
+    private $forbiddenEntityTypeNameList = ['Common', 'PortalUser', 'ApiUser', 'Timeline', 'About', 'Admin', 'Null', 'False', 'True'];
 
     public function __construct(Metadata $metadata, Language $language, File\Manager $fileManager, Config $config, Container $container = null)
     {
@@ -454,6 +454,15 @@ class EntityManager
             $this->getMetadata()->set('entityDefs', $name, $entityDefsData);
         }
 
+        if (isset($data['countDisabled'])) {
+            $entityDefsData = [
+                'collection' => [
+                    'countDisabled' => !!$data['countDisabled']
+                ]
+            ];
+            $this->getMetadata()->set('entityDefs', $name, $entityDefsData);
+        }
+
         if (array_key_exists('kanbanStatusIgnoreList', $data)) {
             $scopeData['kanbanStatusIgnoreList'] = $data['kanbanStatusIgnoreList'];
             $this->getMetadata()->set('scopes', $name, $scopeData);

application/Espo/Core/Utils/FieldManager.php

@@ -271,7 +271,7 @@ class FieldManager
 
         $entityDefs = $this->normalizeDefs($scope, $name, $fieldDefs);
 
-        if (!empty($entityDefs)) {
+        if (!empty((array) $entityDefs)) {
             $result &= $this->saveCustomEntityDefs($scope, $entityDefs);
             $this->isChanged = true;
         }
@@ -430,13 +430,15 @@ class FieldManager
         return $this->getMetadata()->get('entityDefs'.'.'.$scope.'.fields.'.$name, $default);
     }
 
-    protected function getCustomFieldDefs($scope, $name)
+    protected function getCustomFieldDefs($scope, $name, $default = null)
     {
         $customDefs = $this->getMetadata()->getCustom('entityDefs', $scope, (object) []);
 
         if (isset($customDefs->fields->$name)) {
             return (array) $customDefs->fields->$name;
         }
+
+        return $default;
     }
 
     protected function saveCustomEntityDefs($scope, $newDefs)
@@ -529,43 +531,32 @@ class FieldManager
             }
         }
 
-        $actualCustomFieldDefs = $this->getCustomFieldDefs($scope, $name);
+        $actualCustomFieldDefs = $this->getCustomFieldDefs($scope, $name, []);
         $actualFieldDefs = $this->getFieldDefs($scope, $name, []);
         $permittedParamList = array_keys($params);
 
-        $filteredFieldDefs = $actualCustomFieldDefs ? $actualCustomFieldDefs : [];
+        $filteredFieldDefs = !empty($actualCustomFieldDefs) ? $actualCustomFieldDefs : [];
 
         foreach ($fieldDefs as $paramName => $paramValue) {
             if (in_array($paramName, $permittedParamList)) {
+
+                $defaultParamValue = null;
+
                 switch ($params[$paramName]['type']) {
                     case 'bool':
-                        $fieldDefsDefaultValue = array_key_exists('default', $params[$paramName]) ? $params[$paramName]['default'] : false;
-
-                        $actualValue = array_key_exists($paramName, $actualFieldDefs) ? $actualFieldDefs[$paramName] : $fieldDefsDefaultValue;
-
-                        if (!Util::areValuesEqual($actualValue, $paramValue)) {
-                            $filteredFieldDefs[$paramName] = $paramValue;
-                        }
+                        $defaultParamValue = false;
                         break;
+                }
 
-                    default:
-                        if (!array_key_exists('default', $params[$paramName]) && !array_key_exists($paramName, $actualFieldDefs)) {
-                            $filteredFieldDefs[$paramName] = $paramValue;
-                            break;
-                        }
+                $actualValue = array_key_exists($paramName, $actualFieldDefs) ? $actualFieldDefs[$paramName] : $defaultParamValue;
 
-                        if (array_key_exists('default', $params[$paramName])) {
-                            $actualValue = $params[$paramName]['default'];
-                        }
+                if (!array_key_exists($paramName, $actualCustomFieldDefs) && !Util::areValuesEqual($actualValue, $paramValue)) {
+                    $filteredFieldDefs[$paramName] = $paramValue;
+                    continue;
+                }
 
-                        if (array_key_exists($paramName, $actualFieldDefs)) {
-                            $actualValue = $actualFieldDefs[$paramName];
-                        }
-
-                        if (!Util::areValuesEqual($actualValue, $paramValue)) {
-                            $filteredFieldDefs[$paramName] = $paramValue;
-                        }
-                        break;
+                if (array_key_exists($paramName, $actualCustomFieldDefs)) {
+                    $filteredFieldDefs[$paramName] = $paramValue;
                 }
             }
         }
@@ -593,7 +584,7 @@ class FieldManager
      * @param string $scope
      * @param string $fieldName
      * @param array $fieldDefs
-     * @return array
+     * @return object
      */
     protected function normalizeDefs($scope, $fieldName, array $fieldDefs)
     {

application/Espo/Core/Utils/File/Manager.php

@@ -134,7 +134,7 @@ class Manager
             if (is_array($fileName)) {
                 $currentDir = Utils\Util::concatPath($parentDirName, $dirName);
 
-                if (!isset($onlyFileType) || $onlyFileType == $this->isFile($currentDir, $basePath)) {
+                if (!isset($onlyFileType) || $onlyFileType == $this->isFilenameIsFile($currentDir, $basePath)) {
                     $singleFileList[] = $currentDir;
                 }
 
@@ -143,7 +143,7 @@ class Manager
             } else {
                 $currentFileName = Utils\Util::concatPath($parentDirName, $fileName);
 
-                if (!isset($onlyFileType) || $onlyFileType == $this->isFile($currentFileName, $basePath)) {
+                if (!isset($onlyFileType) || $onlyFileType == $this->isFilenameIsFile($currentFileName, $basePath)) {
                     $singleFileList[] = $currentFileName;
                 }
             }
@@ -466,6 +466,7 @@ class Manager
 
             if (file_exists($sourceFile) && is_file($sourceFile)) {
                 $res &= copy($sourceFile, $destFile);
+                $this->getPermissionUtils()->setDefaultPermissions($destFile);
                 if (function_exists('opcache_invalidate')) {
                     @opcache_invalidate($destFile);
                 }
@@ -691,6 +692,15 @@ class Manager
         return is_dir($dirname);
     }
 
+    public function isFile($filename, $basePath = null)
+    {
+        if (!empty($basePath)) {
+            $filename = $this->concatPaths([$basePath, $filename]);
+        }
+
+        return is_file($filename);
+    }
+
     /**
      * Check if $filename is file. If $filename doesn'ot exist, check by pathinfo
      *
@@ -699,7 +709,7 @@ class Manager
      *
      * @return boolean
      */
-    public function isFile($filename, $basePath = null)
+    public function isFilenameIsFile($filename, $basePath = null)
     {
         if (!empty($basePath)) {
             $filename = $this->concatPaths([$basePath, $filename]);

application/Espo/Core/Utils/Hasher.php

@@ -0,0 +1,49 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Utils;
+
+class Hasher
+{
+    protected $config;
+
+    protected $secretKeyParam = 'hashSecretKey';
+
+    public function __construct(\Espo\Core\Utils\Config $config)
+    {
+        $this->config = $config;
+    }
+
+    public function hash(string $string) : string
+    {
+        $secretKey = $this->config->get($this->secretKeyParam) ?? '';
+
+        return md5(hash_hmac('sha256', $string, $secretKey, true));
+    }
+}

application/Espo/Core/Utils/Language.php

@@ -28,9 +28,10 @@
  ************************************************************************/
 
 namespace Espo\Core\Utils;
-use \Espo\Core\Utils\Util,
-    \Espo\Core\Exceptions\NotFound,
-    \Espo\Core\Exceptions\Error;
+
+use Espo\Core\Utils\Util,
+    Espo\Core\Exceptions\NotFound,
+    Espo\Core\Exceptions\Error;
 
 class Language
 {
@@ -40,22 +41,15 @@ class Language
 
     private $unifier;
 
-    /**
-     * Data of all languages
-     *
-     * @var array
-     */
-    private $data = array();
+    private $data = [];
 
-    private $deletedData = array();
+    private $deletedData = [];
 
-    private $changedData = array();
-
-    private $name = 'i18n';
+    private $changedData = [];
 
     private $currentLanguage = null;
 
-    protected $cacheFile = 'data/cache/application/languages/{*}.php';
+    protected $cacheFile = 'data/cache/application/languages/{language}.php';
 
     protected $defaultLanguage = 'en_US';
 
@@ -63,11 +57,11 @@ class Language
 
     protected $noCustom = false;
 
-    private $paths = array(
-        'corePath' => 'application/Espo/Resources/i18n',
-        'modulePath' => 'application/Espo/Modules/{*}/Resources/i18n',
-        'customPath' => 'custom/Espo/Custom/Resources/i18n',
-    );
+    protected $paths = [
+        'corePath' => 'application/Espo/Resources/i18n/{language}',
+        'modulePath' => 'application/Espo/Modules/{*}/Resources/i18n/{language}',
+        'customPath' => 'custom/Espo/Custom/Resources/i18n/{language}',
+    ];
 
     public function __construct($language = null, File\Manager $fileManager, Metadata $metadata, $useCache = false, $noCustom = false)
     {
@@ -106,7 +100,8 @@ class Language
         return $this->defaultLanguage;
     }
 
-    public static function detectLanguage($config, $preferences = null) {
+    public static function detectLanguage(\Espo\Core\Utils\Config $config, $preferences = null)
+    {
         $language = null;
         if ($preferences) {
             $language = $preferences->get('language');
@@ -127,9 +122,11 @@ class Language
         $this->currentLanguage = $language;
     }
 
-    protected function getLangCacheFile()
+    protected function getCacheFile(string $language = null) : string
     {
-        $langCacheFile = str_replace('{*}', $this->getLanguage(), $this->cacheFile);
+        $language = $language ?? $this->getLanguage();
+
+        $langCacheFile = str_replace('{language}', $language, $this->cacheFile);
 
         return $langCacheFile;
     }
@@ -149,7 +146,7 @@ class Language
     public function translate($label, $category = 'labels', $scope = 'Global', $requiredOptions = null)
     {
         if (is_array($label)) {
-            $translated = array();
+            $translated = [];
 
             foreach ($label as $subLabel) {
                 $translated[$subLabel] = $this->translate($subLabel, $category, $scope, $requiredOptions);
@@ -200,7 +197,7 @@ class Language
         $data = $this->getData();
 
         if (!isset($data) || $data === false) {
-            throw new Error('Language: current language ['.$this->getLanguage().'] does not found');
+            throw new Error('Language: current language '.$this->getLanguage().' not found');
         }
 
         return Util::getValueByKey($data, $key, $returns);
@@ -213,19 +210,19 @@ class Language
 
     /**
      * Save changes
-     *
-     * @return bool
      */
-    public function save()
+    public function save() : bool
     {
+        $language = $this->getLanguage();
+
         $path = $this->paths['customPath'];
-        $currentLanguage = $this->getLanguage();
+        $path = str_replace('{language}', $language, $path);
 
         $result = true;
         if (!empty($this->changedData)) {
             foreach ($this->changedData as $scope => $data) {
                 if (!empty($data)) {
-                    $result &= $this->getFileManager()->mergeContents(array($path, $currentLanguage, $scope.'.json'), $data, true);
+                    $result &= $this->getFileManager()->mergeContents([$path, $scope.'.json'], $data, true);
                 }
             }
         }
@@ -233,7 +230,7 @@ class Language
         if (!empty($this->deletedData)) {
             foreach ($this->deletedData as $scope => $unsetData) {
                 if (!empty($unsetData)) {
-                    $result &= $this->getFileManager()->unsetContents(array($path, $currentLanguage, $scope.'.json'), $unsetData, true);
+                    $result &= $this->getFileManager()->unsetContents([$path, $scope.'.json'], $unsetData, true);
                 }
             }
         }
@@ -250,19 +247,15 @@ class Language
      */
     public function clearChanges()
     {
-        $this->changedData = array();
-        $this->deletedData = array();
+        $this->changedData = [];
+        $this->deletedData = [];
         $this->init(true);
     }
 
-    /**
-     * Get data of Unifier language files
-     *
-     * @return array
-     */
     protected function getData()
     {
         $currentLanguage = $this->getLanguage();
+
         if (!isset($this->data[$currentLanguage])) {
             $this->init();
         }
@@ -345,40 +338,73 @@ class Language
         }
     }
 
-    protected function init($reload = false)
+    protected function init(bool $reload = false)
     {
-        if ($reload || !file_exists($this->getLangCacheFile()) || !$this->useCache) {
+        $this->data[$this->currentLanguage] = $this->getLanguageData($this->currentLanguage, $reload);
+    }
 
-            $paths = $this->paths;
-            if ($this->noCustom) {
-                unset($paths['customPath']);
-            }
+    protected function getDefaultLanguageData(bool $reload = false)
+    {
+        return $this->getLanguageData($this->defaultLanguage, $reload);
+    }
 
-            $fullData = $this->getUnifier()->unify($this->name, $paths, true);
+    protected function getLanguageData(string $language, bool $reload = false)
+    {
+        if ($reload || !isset($this->data[$language])) {
 
-            $result = true;
-            foreach ($fullData as $i18nName => $i18nData) {
+            $cacheFile = $this->getCacheFile($language);
 
-                if ($i18nName != $this->defaultLanguage) {
-                    $i18nData = Util::merge($fullData[$this->defaultLanguage], $i18nData);
+            if (!$this->useCache || !file_exists($cacheFile) || $reload) {
+
+                $paths = $this->paths;
+
+                foreach ($paths as $k => &$path) {
+                    $path = str_replace('{language}', $language, $path);
                 }
 
-                $this->data[$i18nName] = $i18nData;
+                if ($this->noCustom) {
+                    unset($paths['customPath']);
+                }
+
+                $data = $this->getUnifier()->unify('i18n', $paths, true);
+
+                if (is_array($data)) {
+                    $this->sanitizeData($data);
+                }
+
+                if ($language != $this->defaultLanguage) {
+                    $data = Util::merge($this->getDefaultLanguageData($reload), $data);
+                }
+
+                $this->data[$language] = $data;
 
                 if ($this->useCache) {
-                    $i18nCacheFile = str_replace('{*}', $i18nName, $this->cacheFile);
-                    $result &= $this->getFileManager()->putPhpContents($i18nCacheFile, $i18nData);
+                    $putResult = $this->getFileManager()->putPhpContents($cacheFile, $data);
+                    if (!$putResult) {
+                        $GLOBALS['log']->error("Language: Could not store cache file for {$language}");
+                    }
                 }
             }
 
-            if ($result == false) {
-                throw new Error('Language::init() - Cannot save data to a cache');
+            if ($this->useCache) {
+                $this->data[$language] = $this->getFileManager()->getPhpContents($cacheFile);
             }
         }
 
-        $currentLanguage = $this->getLanguage();
-        if (empty($this->data[$currentLanguage])) {
-            $this->data[$currentLanguage] = $this->getFileManager()->getPhpContents($this->getLangCacheFile());
+        return $this->data[$language] ?? [];
+    }
+
+    protected function sanitizeData(array &$data)
+    {
+        foreach ($data as $key => &$subData) {
+            if (is_array($subData)) {
+                $this->sanitizeData($subData);
+            } else {
+                if (is_string($subData)) {
+                    $subData = str_replace('<', '&lt;', $subData);
+                    $subData = str_replace('>', '&gt;', $subData);
+                }
+            }
         }
     }
 }

application/Espo/Core/Utils/Layout.php

@@ -37,22 +37,15 @@ class Layout
 
     private $user;
 
-    protected $changedData = array();
+    protected $changedData = [];
 
-    protected $params = array(
-        'defaultsPath' => 'application/Espo/Core/defaults',
-    );
+    protected $defaultsPath = 'application/Espo/Core/defaults';
 
-
-    /**
-     * @var array - path to layout files
-     */
-    protected $paths = array(
+    protected $paths = [
         'corePath' => 'application/Espo/Resources/layouts',
         'modulePath' => 'application/Espo/Modules/{*}/Resources/layouts',
         'customPath' => 'custom/Espo/Custom/Resources/layouts',
-    );
-
+    ];
 
     public function __construct(\Espo\Core\Utils\File\Manager $fileManager, \Espo\Core\Utils\Metadata $metadata, \Espo\Entities\User $user)
     {
@@ -82,14 +75,9 @@ class Layout
     }
 
     /**
-     * Get Layout context
-     *
-     * @param $scope
-     * @param $name
-     *
-     * @return json
+     * Get layout in string format
      */
-    public function get($scope, $name)
+    public function get(string $scope, string $name) : ?string
     {
         $scope = $this->sanitizeInput($scope);
         $name = $this->sanitizeInput($name);
@@ -98,21 +86,29 @@ class Layout
             return Json::encode($this->changedData[$scope][$name]);
         }
 
-        $fileFullPath = Util::concatPath($this->getLayoutPath($scope, true), $name . '.json');
-        if (!file_exists($fileFullPath)) {
-            $fileFullPath = Util::concatPath($this->getLayoutPath($scope), $name . '.json');
-        }
+        $filePath = Util::concatPath($this->getLayoutPath($scope, true), $name . '.json');
 
-        if (!file_exists($fileFullPath)) {
-            $defaultPath = $this->params['defaultsPath'];
-            $fileFullPath =  Util::concatPath(Util::concatPath($defaultPath, 'layouts'), $name . '.json' );
+        if (!file_exists($filePath))
+            $filePath = Util::concatPath($this->getLayoutPath($scope), $name . '.json');
 
-            if (!file_exists($fileFullPath)) {
-                return false;
+        if (!file_exists($filePath)) {
+            $defaultImplClassName = '\\Espo\\Custom\\Core\\Utils\\Layout\\Defaults\\' . ucfirst($name) . 'Type';
+            if (!class_exists($defaultImplClassName))
+                $defaultImplClassName = '\\Espo\\Core\\Utils\\Layout\\Defaults\\' . ucfirst($name) . 'Type';
+
+            if (class_exists($defaultImplClassName)) {
+                $defaultImpl = new $defaultImplClassName($this->metadata);
+                $data = $defaultImpl->get($scope);
+                return Json::encode($data);
             }
+
+            $defaultPath = $this->defaultsPath;
+            $filePath = Util::concatPath(Util::concatPath($defaultPath, 'layouts'), $name . '.json' );
+
+            if (!file_exists($filePath)) return null;
         }
 
-        return $this->getFileManager()->getContents($fileFullPath);
+        return $this->getFileManager()->getContents($filePath);
     }
 
     /**
@@ -189,7 +185,7 @@ class Layout
      */
     public function clearChanges()
     {
-        $this->changedData = array();
+        $this->changedData = [];
     }
 
     /**

application/Espo/Core/Utils/Layout/Defaults/DefaultSidePanelType.php

@@ -0,0 +1,67 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Utils\Layout\Defaults;
+
+class DefaultSidePanelType
+{
+    protected $metadata;
+
+    public function __construct(\Espo\Core\Utils\Metadata $metadata)
+    {
+        $this->metadata = $metadata;
+    }
+
+    public function get(string $scope) : array
+    {
+        $list = [];
+
+        if (
+            $this->metadata->get(['entityDefs', $scope, 'fields', 'assignedUser', 'type']) === 'link'
+            &&
+            $this->metadata->get(['entityDefs', $scope, 'links', 'assignedUser', 'entity']) === 'User'
+            ||
+            $this->metadata->get(['entityDefs', $scope, 'fields', 'assignedUsers', 'type']) === 'linkMultiple'
+            &&
+            $this->metadata->get(['entityDefs', $scope, 'links', 'assignedUsers', 'entity']) === 'User'
+        ) {
+            $list[] = (object) ['name' => ':assignedUser'];
+        }
+
+        if (
+            $this->metadata->get(['entityDefs', $scope, 'fields', 'teams', 'type']) === 'linkMultiple'
+            &&
+            $this->metadata->get(['entityDefs', $scope, 'links', 'teams', 'entity']) === 'Team'
+        ) {
+            $list[] = (object) ['name' => 'teams'];
+        }
+
+        return $list;
+    }
+}

application/Espo/Core/Utils/Metadata.php

@@ -63,13 +63,6 @@ class Metadata
 
     private $moduleList = null;
 
-    protected $frontendHiddenPathList = [
-        ['app', 'formula', 'functionClassNameMap'],
-        ['app', 'fileStorage', 'implementationClassNameMap'],
-        ['app', 'emailNotifications', 'handlerClassNameMap'],
-        ['app', 'client'],
-    ];
-
     /**
      * Default module order
      * @var integer
@@ -276,33 +269,47 @@ class Metadata
     {
         $data = $this->getAllObjects();
 
-        foreach ($this->frontendHiddenPathList as $row) {
-            $p =& $data;
-            $path = [&$p];
-            foreach ($row as $i => $item) {
-                if (is_array($item)) break;
-                if (!property_exists($p, $item)) break;
-                if ($i == count($row) - 1) {
-                    unset($p->$item);
-                    $o =& $p;
-                    for ($j = $i - 1; $j > 0; $j--) {
-                        if (is_object($o) && !count(get_object_vars($o))) {
-                            $o =& $path[$j];
-                            $k = $row[$j];
-                            unset($o->$k);
-                        } else {
-                            break;
-                        }
-                    }
-                } else {
-                    $p =& $p->$item;
-                    $path[] = &$p;
-                }
-            }
+        $frontendHiddenPathList = $this->get(['app', 'metadata', 'frontendHiddenPathList'], []);
+
+        foreach ($frontendHiddenPathList as $row) {
+            $this->removeDataByPath($row, $data);
         }
         return $data;
     }
 
+    private function removeDataByPath($row, &$data)
+    {
+        $p = &$data;
+        $path = [&$p];
+
+        foreach ($row as $i => $item) {
+            if (is_array($item)) break;
+            if ($item === '__ANY__') {
+                foreach (get_object_vars($p) as &$v) {
+                    $this->removeDataByPath(array_slice($row, $i + 1), $v);
+                }
+                return;
+            }
+            if (!property_exists($p, $item)) break;
+            if ($i == count($row) - 1) {
+                unset($p->$item);
+                $o = &$p;
+                for ($j = $i - 1; $j > 0; $j--) {
+                    if (is_object($o) && !count(get_object_vars($o))) {
+                        $o = &$path[$j];
+                        $k = $row[$j];
+                        unset($o->$k);
+                    } else {
+                        break;
+                    }
+                }
+            } else {
+                $p = &$p->$item;
+                $path[] = &$p;
+            }
+        }
+    }
+
     protected function addAdditionalFieldsObj($data)
     {
         if (!isset($data->entityDefs)) return $data;

application/Espo/Core/Utils/Util.php

@@ -568,6 +568,14 @@ class Util
         return bin2hex(random_bytes(16));
     }
 
+    public static function generateSecretKey()
+    {
+        if (!function_exists('random_bytes')) {
+            return self::generateId();
+        }
+        return bin2hex(random_bytes(16));
+    }
+
     public static function generateKey()
     {
         return md5(uniqid(rand(), true));
@@ -711,4 +719,157 @@ class Util
 
         return $v1 === $v2;
     }
+
+    public static function mbUpperCaseFirst(string $string)
+    {
+        if (!$string) return $string;
+
+        $length = mb_strlen($string);
+        $firstChar = mb_substr($string, 0, 1);
+        $then = mb_substr($string, 1, $length - 1);
+
+        return mb_strtoupper($firstChar) . $then;
+    }
+
+    public static function mbLowerCaseFirst(string $string)
+    {
+        if (!$string) return $string;
+
+        $length = mb_strlen($string);
+        $firstChar = mb_substr($string, 0, 1);
+        $then = mb_substr($string, 1, $length - 1);
+
+        return mb_strtolower($firstChar) . $then;
+    }
+
+    /**
+     * Sanitize Html code
+     * @param  string $text
+     * @param  array  $permittedHtmlTags - Allows only html tags without parameters like <p></p>, <br>, etc.
+     * @return string
+     */
+    public static function sanitizeHtml($text, $permittedHtmlTags = ['p', 'br', 'b', 'strong', 'pre'])
+    {
+        if (is_array($text)) {
+            foreach ($text as $key => &$value) {
+                $value = self::sanitizeHtml($value, $permittedHtmlTags);
+            }
+            return $text;
+        }
+
+        $sanitized = htmlspecialchars($text, \ENT_QUOTES | \ENT_HTML5, 'UTF-8');
+
+        foreach ($permittedHtmlTags as $htmlTag) {
+            $sanitized = preg_replace('/&lt;(\/)?(' . $htmlTag . ')&gt;/i', '<$1$2>', $sanitized);
+        }
+
+        return $sanitized;
+    }
+
+    public static function urlAddParam($url, $paramName, $paramValue)
+    {
+        $urlQuery = parse_url($url, \PHP_URL_QUERY);
+
+        if (!$urlQuery) {
+            $params = [
+                $paramName => $paramValue
+            ];
+
+            $url = trim($url);
+            $url = preg_replace('/\/\?$/', '', $url);
+            $url = preg_replace('/\/$/', '', $url);
+
+            return $url . '/?' . http_build_query($params);
+        }
+
+        parse_str($urlQuery, $params);
+
+        if (!isset($params[$paramName]) || $params[$paramName] != $paramValue) {
+            $params[$paramName] = $paramValue;
+
+            return str_replace($urlQuery, http_build_query($params), $url);
+        }
+
+        return $url;
+    }
+
+    public static function urlRemoveParam($url, $paramName, $suffix = '')
+    {
+        $urlQuery = parse_url($url, \PHP_URL_QUERY);
+
+        if ($urlQuery) {
+            parse_str($urlQuery, $params);
+
+            if (isset($params[$paramName])) {
+                unset($params[$paramName]);
+
+                $newUrl = str_replace($urlQuery, http_build_query($params), $url);
+
+                if (empty($params)) {
+                    $newUrl = preg_replace('/\/\?$/', '', $newUrl);
+                    $newUrl = preg_replace('/\/$/', '', $newUrl);
+                    $newUrl .= $suffix;
+                }
+
+                return $newUrl;
+            }
+        }
+
+        return $url;
+    }
+
+    public static function generatePassword(int $length = 8, int $letters = 5, int $numbers = 3, bool $bothCases = false)
+    {
+        $chars = [
+            'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz',
+            '0123456789',
+            'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
+            'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
+            'abcdefghijklmnopqrstuvwxyz',
+        ];
+
+        $shuffle = function ($array) {
+            $currentIndex = count($array);
+            while (0 !== $currentIndex) {
+                $rand = (0 + (1 - 0) * (mt_rand() / mt_getrandmax()));
+                $randomIndex = intval(floor($rand * $currentIndex));
+                $currentIndex -= 1;
+                $temporaryValue = $array[$currentIndex];
+                $array[$currentIndex] = $array[$randomIndex];
+                $array[$randomIndex] = $temporaryValue;
+            }
+            return $array;
+        };
+
+        $upperCase = 0;
+        $lowerCase = 0;
+        if ($bothCases) {
+            $upperCase = 1;
+            $lowerCase = 1;
+            if ($letters >= 2) $letters = $letters - 2;
+                else $letters = 0;
+        }
+
+        $either = $length - ($letters + $numbers + $upperCase + $lowerCase);
+        if ($either < 0) $either = 0;
+
+        $array = [];
+
+        foreach ([$letters, $numbers, $either, $upperCase, $lowerCase] as $i => $len) {
+            $set = $chars[$i];
+            $subArray = [];
+
+            $j = 0;
+            while ($j < $len) {
+                $rand = (0 + (1 - 0) * (mt_rand() / mt_getrandmax()));
+                $index = intval(floor($rand * strlen($set)));
+                $subArray[] = $set[$index];
+                $j++;
+            }
+
+            $array = array_merge($array, $subArray);
+        }
+
+        return implode('', $shuffle($array));
+    }
 }

application/Espo/Core/Webhook/Manager.php

@@ -0,0 +1,233 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2019 Yuri Kuznetsov, Taras Machyshyn, Oleksiy Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Webhook;
+
+use Espo\ORM\Entity;
+
+class Manager
+{
+    protected $config;
+    protected $fileManager;
+    protected $entityManager;
+    protected $fieldManager;
+
+    private $cacheFile = 'data/cache/application/webhooks.php';
+
+    protected $skipAttributeList = ['isFollowed', 'modifiedAt', 'modifiedBy'];
+
+    private $data = null;
+
+    public function __construct(
+        \Espo\Core\Utils\Config $config,
+        \Espo\Core\Utils\File\Manager $fileManager,
+        \Espo\ORM\EntityManager $entityManager,
+        \Espo\Core\Utils\FieldManagerUtil $fieldManager
+    ) {
+        $this->config = $config;
+        $this->fileManager = $fileManager;
+        $this->entityManager = $entityManager;
+        $this->fieldManager = $fieldManager;
+
+        $this->loadData();
+    }
+
+    private function loadData()
+    {
+        if ($this->config->get('useCache')) {
+            if ($this->fileManager->isFile($this->cacheFile)) {
+                if (file_exists($this->cacheFile)) {
+                    $this->data = $this->fileManager->getPhpContents($this->cacheFile);
+                }
+            }
+        }
+
+        if (is_null($this->data)) {
+            $this->data = $this->buildData();
+        }
+
+        if ($this->config->get('useCache')) {
+            $this->storeDataToCache();
+        }
+    }
+
+    private function storeDataToCache()
+    {
+        $this->fileManager->putPhpContents($this->cacheFile, $this->data);
+    }
+
+    private function buildData()
+    {
+        $data = [];
+
+        $list = $this->entityManager->getRepository('Webhook')
+            ->select(['event'])
+            ->groupBy(['event'])
+            ->where([
+                'isActive' => true,
+                'event!=' => null,
+            ])
+            ->find();
+
+        foreach ($list as $e) {
+            $data[$e->get('event')] = true;
+        }
+
+        return $data;
+    }
+
+    public function addEvent(string $event)
+    {
+        $this->data[$event] = true;
+
+        if ($this->config->get('useCache')) {
+            $this->storeDataToCache();
+        }
+    }
+
+    public function removeEvent(string $event)
+    {
+        $notExists = !$this->entityManager->getRepository('Webhook')->select(['id'])->where([
+            'event' => $event,
+            'isActive' => true,
+        ])->findOne();
+
+        if ($notExists) {
+            unset($this->data[$event]);
+            if ($this->config->get('useCache')) {
+                $this->storeDataToCache();
+            }
+        }
+    }
+
+    protected function eventExists(string $event) : bool
+    {
+        return isset($this->data[$event]);
+    }
+
+    protected function logDebugEvent(string $event, Entity $entity)
+    {
+        $GLOBALS['log']->debug("Webhook: {$event} on record {$entity->id}.");
+    }
+
+    public function processCreate(Entity $entity)
+    {
+        $event = $entity->getEntityType() . '.create';
+
+        if (!$this->eventExists($event)) return;
+
+        $this->entityManager->createEntity('WebhookEventQueueItem', [
+            'event' => $event,
+            'targetType' => $entity->getEntityType(),
+            'targetId' => $entity->id,
+            'data' => $entity->getValueMap(),
+        ]);
+
+        $this->logDebugEvent($event, $entity);
+    }
+
+    public function processDelete(Entity $entity)
+    {
+        $event = $entity->getEntityType() . '.delete';
+
+        if (!$this->eventExists($event)) return;
+
+        $this->entityManager->createEntity('WebhookEventQueueItem', [
+            'event' => $event,
+            'targetType' => $entity->getEntityType(),
+            'targetId' => $entity->id,
+            'data' => (object) [
+                'id' => $entity->id,
+            ],
+        ]);
+
+        $this->logDebugEvent($event, $entity);
+    }
+
+    public function processUpdate(Entity $entity)
+    {
+        $event = $entity->getEntityType() . '.update';
+
+        $data = (object) [];
+        foreach ($entity->getAttributeList() as $attribute) {
+            if (in_array($attribute, $this->skipAttributeList)) continue;
+            if ($entity->isAttributeChanged($attribute)) {
+                $data->$attribute = $entity->get($attribute);
+            }
+        }
+
+        if (!count(get_object_vars($data))) return;
+
+        $data->id = $entity->id;
+
+        if ($this->eventExists($event)) {
+            $this->entityManager->createEntity('WebhookEventQueueItem', [
+                'event' => $event,
+                'targetType' => $entity->getEntityType(),
+                'targetId' => $entity->id,
+                'data' => $data,
+            ]);
+            $this->logDebugEvent($event, $entity);
+        }
+
+        foreach ($this->fieldManager->getEntityTypeFieldList($entity->getEntityType()) as $field) {
+            $itemEvent = $entity->getEntityType() . '.fieldUpdate.' . $field;
+            if (!$this->eventExists($itemEvent)) continue;
+
+            $attributeList = $this->fieldManager->getActualAttributeList($entity->getEntityType(), $field);
+            $isChanged = false;
+            foreach ($attributeList as $attribute) {
+                if (in_array($attribute, $this->skipAttributeList)) continue;
+                if (property_exists($data, $attribute)) {
+                    $isChanged = true;
+                    break;
+                }
+            }
+
+            if ($isChanged) {
+                $itemData = (object) [];
+                $itemData->id = $entity->id;
+                $attributeList = $this->fieldManager->getAttributeList($entity->getEntityType(), $field);
+                foreach ($attributeList as $attribute) {
+                    if (in_array($attribute, $this->skipAttributeList)) continue;
+                    $itemData->$attribute = $entity->get($attribute);
+                }
+
+                $this->entityManager->createEntity('WebhookEventQueueItem', [
+                    'event' => $itemEvent,
+                    'targetType' => $entity->getEntityType(),
+                    'targetId' => $entity->id,
+                    'data' => $itemData,
+                ]);
+
+                $this->logDebugEvent($itemEvent, $entity);
+            }
+        }
+    }
+}