bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2026-01-19 17:44:46 +01:00
commit 823af8b11d
8721 changed files with 1130846 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
application/Espo/Classes/RecordHooks/User/AfterUpdate.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Classes\RecordHooks\User;
use Espo\Core\Acl\Cache\Clearer;
use Espo\Core\DataManager;
use Espo\Core\Record\Hook\SaveHook;
use Espo\Modules\Crm\Entities\Contact;
use Espo\ORM\Entity;
use Espo\Entities\User;
use Espo\ORM\EntityManager;
/**
* @implements SaveHook<User>
* @noinspection PhpUnused
*/
class AfterUpdate implements SaveHook
{
public function __construct(
private EntityManager $entityManager,
private Clearer $clearer,
private DataManager $dataManager
) {}
public function process(Entity $entity): void
{
$this->processCache($entity);
$this->processContactName($entity);
}
private function processCache(User $entity): void
{
if (
$entity->isAttributeChanged('rolesIds') ||
$entity->isAttributeChanged('teamsIds') ||
$entity->isAttributeChanged('type') ||
$entity->isAttributeChanged('portalRolesIds') ||
$entity->isAttributeChanged('portalsIds')
) {
$this->clearer->clearForUser($entity);
$this->dataManager->updateCacheTimestamp();
}
if (
$entity->isAttributeChanged('portalRolesIds') ||
$entity->isAttributeChanged('portalsIds') ||
$entity->isAttributeChanged('contactId') ||
$entity->isAttributeChanged('accountsIds')
) {
$this->clearer->clearForAllPortalUsers();
$this->dataManager->updateCacheTimestamp();
}
}
private function processContactName(User $entity): void
{
if (
!$entity->isPortal() ||
!$entity->getContactId() ||
!$entity->isAttributeChanged('firstName') &&
!$entity->isAttributeChanged('lastName') &&
!$entity->isAttributeChanged('salutationName')
) {
return;
}
$contact = $this->entityManager->getEntityById(Contact::ENTITY_TYPE, $entity->getContactId());
if (!$contact) {
return;
}
if ($entity->isAttributeChanged('firstName')) {
$contact->set('firstName', $entity->get('firstName'));
}
if ($entity->isAttributeChanged('lastName')) {
$contact->set('lastName', $entity->get('lastName'));
}
if ($entity->isAttributeChanged('salutationName')) {
$contact->set('salutationName', $entity->get('salutationName'));
}
$this->entityManager->saveEntity($contact);
}
}

135
application/Espo/Classes/RecordHooks/User/BeforeCreate.php Normal file
View File

@@ -0,0 +1,135 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Classes\RecordHooks\User;
use Espo\Core\Authentication\Logins\Hmac;
use Espo\Core\Exceptions\Conflict;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Record\Hook\SaveHook;
use Espo\Core\Utils\Config;
use Espo\Core\Utils\Util;
use Espo\ORM\Entity;
use Espo\Entities\User;
use Espo\Tools\User\UserUtil;
/**
* @implements SaveHook<User>
* @noinspection PhpUnused
*/
class BeforeCreate implements SaveHook
{
public function __construct(
private Config $config,
private User $user,
private UserUtil $util
) {}
public function process(Entity $entity): void
{
$this->processLimitChecking($entity);
$this->processUserExistsChecking($entity);
$this->processApi($entity);
$this->processTypeChecking($entity);
}
/**
* @throws Conflict
*/
private function processUserExistsChecking(User $entity): void
{
if ($this->util->checkExists($entity)) {
throw new Conflict('userNameExists');
}
}
/**
* @throws Forbidden
*/
private function processLimitChecking(User $entity): void
{
$userLimit = $this->config->get('userLimit');
$portalUserLimit = $this->config->get('portalUserLimit');
if (
$userLimit &&
!$this->user->isSuperAdmin() &&
!$entity->isPortal() && !$entity->isApi()
) {
$userCount = $this->util->getInternalCount();
if ($userCount >= $userLimit) {
throw new Forbidden("User limit $userLimit is reached.");
}
}
if (
$portalUserLimit &&
!$this->user->isSuperAdmin() &&
$entity->isPortal()
) {
$portalUserCount = $this->util->getPortalCount();
if ($portalUserCount >= $portalUserLimit) {
throw new Forbidden("Portal user limit $portalUserLimit is reached.");
}
}
}
private function processApi(User $entity): void
{
if (!$entity->isApi()) {
return;
}
$entity->set('apiKey', Util::generateApiKey());
if ($entity->getAuthMethod() === Hmac::NAME) {
$secretKey = Util::generateSecretKey();
$entity->set('secretKey', $secretKey);
}
}
/**
* @throws Forbidden
*/
private function processTypeChecking(User $entity): void
{
if (
$entity->isSuperAdmin() ||
!$entity->getType() ||
in_array($entity->getType(), $this->util->getAllowedUserTypeList())
) {
return;
}
throw new Forbidden("Not allowed 'type'.");
}
}

53
application/Espo/Classes/RecordHooks/User/BeforeDelete.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Classes\RecordHooks\User;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Record\DeleteParams;
use Espo\Core\Record\Hook\DeleteHook;
use Espo\Entities\User;
use Espo\ORM\Entity;
/**
* @implements DeleteHook<User>
*/
class BeforeDelete implements DeleteHook
{
public function __construct(
private User $user,
) {}
public function process(Entity $entity, DeleteParams $params): void
{
if ($entity->getId() === $this->user->getId()) {
throw new Forbidden("Can't delete own user.");
}
}
}

171
application/Espo/Classes/RecordHooks/User/BeforeUpdate.php Normal file
View File

@@ -0,0 +1,171 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Classes\RecordHooks\User;
use Espo\Core\Authentication\Logins\Hmac;
use Espo\Core\Exceptions\Conflict;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Record\Hook\SaveHook;
use Espo\Core\Utils\Config;
use Espo\Core\Utils\Util;
use Espo\Entities\User as UserEntity;
use Espo\ORM\Entity;
use Espo\Entities\User;
use Espo\Tools\User\UserUtil;
/**
* @implements SaveHook<User>
* @noinspection PhpUnused
*/
class BeforeUpdate implements SaveHook
{
public function __construct(
private Config $config,
private User $user,
private UserUtil $util
) {}
public function process(Entity $entity): void
{
$this->processLimitChecking($entity);
$this->processUserExistsChecking($entity);
$this->processApi($entity);
$this->processTypeChecking($entity);
}
/**
* @throws Conflict
*/
private function processUserExistsChecking(User $entity): void
{
if (!$entity->isAttributeChanged('userName')) {
return;
}
if ($this->util->checkExists($entity)) {
throw new Conflict('userNameExists');
}
}
/**
* @throws Forbidden
*/
private function processLimitChecking(User $entity): void
{
$userLimit = $this->config->get('userLimit');
$portalUserLimit = $this->config->get('portalUserLimit');
if (
$userLimit &&
!$this->user->isSuperAdmin() &&
(
(
$entity->isActive() &&
$entity->isAttributeChanged('isActive') &&
!$entity->isPortal() &&
!$entity->isApi()
) ||
(
!$entity->isPortal() &&
!$entity->isApi() &&
$entity->isAttributeChanged('type') &&
(
$entity->isRegular() ||
$entity->isAdmin()
) &&
(
$entity->getFetched('type') == UserEntity::TYPE_PORTAL ||
$entity->getFetched('type') == UserEntity::TYPE_API
)
)
)
) {
$userCount = $this->util->getInternalCount();
if ($userCount >= $userLimit) {
throw new Forbidden("User limit $userLimit is reached.");
}
}
if (
$portalUserLimit &&
!$this->user->isSuperAdmin() &&
(
(
$entity->isActive() &&
$entity->isAttributeChanged('isActive') &&
$entity->isPortal()
) ||
(
$entity->isPortal() &&
$entity->isAttributeChanged('type')
)
)
) {
$portalUserCount = $this->util->getPortalCount();
if ($portalUserCount >= $portalUserLimit) {
throw new Forbidden("Portal user limit $portalUserLimit is reached.");
}
}
}
private function processApi(User $entity): void
{
if (
!$entity->isApi() ||
!$entity->isAttributeChanged('authMethod') ||
$entity->getAuthMethod() !== Hmac::NAME
) {
return;
}
$secretKey = Util::generateSecretKey();
$entity->set('secretKey', $secretKey);
}
/**
* @throws Forbidden
*/
private function processTypeChecking(User $entity): void
{
if (
$entity->isSuperAdmin() ||
!$entity->isAttributeChanged('type') ||
!$entity->getType() ||
in_array($entity->getType(), $this->util->getAllowedUserTypeList())
) {
return;
}
throw new Forbidden("Can't change type.");
}
}