bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2026-01-19 17:44:46 +01:00
commit 823af8b11d
8721 changed files with 1130846 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
application/Espo/Controllers/ActionHistoryRecord.php Normal file
View File

@@ -0,0 +1,50 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Controllers\RecordBase;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use stdClass;
class ActionHistoryRecord extends RecordBase
{
public function postActionCreate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
}

50
application/Espo/Controllers/AddressCountry.php Normal file
View File

@@ -0,0 +1,50 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\RecordBase;
use Espo\Tools\Address\CountryDefaultsPopulator;
class AddressCountry extends RecordBase
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
public function postActionPopulateDefaults(): bool
{
$populate = $this->injectableFactory->create(CountryDefaultsPopulator::class);
$populate->populate();
return true;
}
}

193
application/Espo/Controllers/Admin.php Normal file
View File

@@ -0,0 +1,193 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Container;
use Espo\Core\DataManager;
use Espo\Core\Api\Request;
use Espo\Core\Utils\Config;
use Espo\Tools\AdminNotifications\Manager;
use Espo\Core\Utils\SystemRequirements;
use Espo\Core\Utils\ScheduledJob;
use Espo\Core\Upgrades\UpgradeManager;
use Espo\Entities\User;
class Admin
{
/**
* @throws Forbidden
*/
public function __construct(
private Container $container,
private Config $config,
private User $user,
private Manager $adminNotificationManager,
private SystemRequirements $systemRequirements,
private ScheduledJob $scheduledJob,
private DataManager $dataManager,
private Config\SystemConfig $systemConfig,
) {
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
}
/**
* @throws Error
*/
public function postActionRebuild(): bool
{
$this->dataManager->rebuild();
return true;
}
/**
* @throws Error
*/
public function postActionClearCache(): bool
{
$this->dataManager->clearCache();
return true;
}
/**
* @return string[]
*/
public function getActionJobs(): array
{
return $this->scheduledJob->getAvailableList();
}
/**
* @return object{
* id: string,
* version: string,
* }
* @throws Forbidden
* @throws Error
* @throws BadRequest
*/
public function postActionUploadUpgradePackage(Request $request): object
{
if (
$this->config->get('restrictedMode') &&
!$this->user->isSuperAdmin()
) {
throw new Forbidden();
}
if ($this->config->get('adminUpgradeDisabled')) {
throw new Forbidden("Disabled with 'adminUpgradeDisabled' parameter.");
}
$data = $request->getBodyContents();
if (!$data) {
throw new BadRequest();
}
$upgradeManager = new UpgradeManager($this->container);
$upgradeId = $upgradeManager->upload($data);
$manifest = $upgradeManager->getManifest();
return (object) [
'id' => $upgradeId,
'version' => $manifest['version'],
];
}
/**
* @throws Forbidden
* @throws Error
*/
public function postActionRunUpgrade(Request $request): bool
{
$data = $request->getParsedBody();
if (
$this->config->get('restrictedMode') &&
!$this->user->isSuperAdmin()
) {
throw new Forbidden();
}
$upgradeManager = new UpgradeManager($this->container);
$upgradeManager->install(get_object_vars($data));
return true;
}
/**
* @return object{
* message: string,
* command: string,
* }
*/
public function getActionCronMessage(): object
{
return (object) $this->scheduledJob->getSetupMessage();
}
/**
* @return array<int, array{
* id: string,
* type: string,
* message: string,
* }>
*/
public function getActionAdminNotificationList(): array
{
return $this->adminNotificationManager->getNotificationList();
}
/**
* @return object{
* php: array<string, array<string, mixed>>,
* database: array<string, array<string, mixed>>,
* permission: array<string, array<string, mixed>>,
* }
* @throws Forbidden
*/
public function getActionSystemRequirementList(): object
{
if (!$this->user->isSuperAdmin() && $this->systemConfig->isRestrictedMode()) {
throw new Forbidden();
}
return (object) $this->systemRequirements->getAllRequiredList();
}
}

42
application/Espo/Controllers/ApiIndex.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Utils\Json;
class ApiIndex
{
public function getActionIndex(Request $request, Response $response): void
{
$response->writeBody(Json::encode("EspoCRM REST API"));
}
}

76
application/Espo/Controllers/AppLogRecord.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Controllers\Record;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use stdClass;
class AppLogRecord extends Record
{
protected function checkAccess(): bool
{
if (!$this->user->isAdmin()) {
return false;
}
if (!$this->config->get('restrictedMode')) {
return true;
}
if ($this->config->get('appLogAdminAllowed')) {
return true;
}
return $this->user->isSuperAdmin();
}
public function postActionCreate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function postActionCreateLink(Request $request): bool
{
throw new Forbidden();
}
public function deleteActionRemoveLink(Request $request): bool
{
throw new Forbidden();
}
}

43
application/Espo/Controllers/AppSecret.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\Record;
/**
* @noinspection PhpUnused
*/
class AppSecret extends Record
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
}

49
application/Espo/Controllers/Attachment.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\RecordBase;
use Espo\Core\Exceptions\Forbidden;
use stdClass;
class Attachment extends RecordBase
{
public function getActionList(Request $request, Response $response): stdClass
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
return parent::getActionList($request, $response);
}
}

65
application/Espo/Controllers/AuthLogRecord.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Controllers\Record;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use stdClass;
class AuthLogRecord extends Record
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
public function postActionCreate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function postActionCreateLink(Request $request): bool
{
throw new Forbidden();
}
public function deleteActionRemoveLink(Request $request): bool
{
throw new Forbidden();
}
}

52
application/Espo/Controllers/AuthToken.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Controllers\Record;
use Espo\Core\Api\Request;
class AuthToken extends Record
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
public function postActionCreateLink(Request $request): bool
{
throw new Forbidden();
}
public function deleteActionRemoveLink(Request $request): bool
{
throw new Forbidden();
}
}

44
application/Espo/Controllers/AuthenticationProvider.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\RecordBase;
class AuthenticationProvider extends RecordBase
{
protected function checkAccess(): bool
{
if (!$this->user->isAdmin()) {
return false;
}
return true;
}
}

103
application/Espo/Controllers/DashboardTemplate.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\NotFound;
use Espo\Tools\Dashboard\Service;
use Espo\Core\Api\Request;
use Espo\Core\Controllers\Record;
class DashboardTemplate extends Record
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function postActionDeployToUsers(Request $request): bool
{
$data = $request->getParsedBody();
if (empty($data->id)) {
throw new BadRequest();
}
if (empty($data->userIdList)) {
throw new BadRequest();
}
$this->getDashboardTemplateService()->deployTemplateToUsers(
$data->id,
$data->userIdList,
!empty($data->append)
);
return true;
}
/**
* @throws BadRequest
* @throws NotFound
*/
public function postActionDeployToTeam(Request $request): bool
{
$data = $request->getParsedBody();
if (empty($data->id)) {
throw new BadRequest();
}
if (empty($data->teamId)) {
throw new BadRequest();
}
$this->getDashboardTemplateService()->deployTemplateToTeam(
$data->id,
$data->teamId,
!empty($data->append)
);
return true;
}
private function getDashboardTemplateService(): Service
{
return $this->injectableFactory->create(Service::class);
}
}

76
application/Espo/Controllers/DataPrivacy.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Acl;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Exceptions\NotFound;
use Espo\Tools\DataPrivacy\Erasor;
class DataPrivacy
{
/**
* @throws Forbidden
*/
public function __construct(private Erasor $erasor, private Acl $acl)
{
if ($this->acl->getPermissionLevel(Acl\Permission::DATA_PRIVACY) === Acl\Table::LEVEL_NO) {
throw new Forbidden();
}
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function postActionErase(Request $request, Response $response): void
{
$data = $request->getParsedBody();
if (
empty($data->entityType) ||
empty($data->id) ||
empty($data->fieldList) ||
!is_array($data->fieldList)
) {
throw new BadRequest();
}
$this->erasor->erase($data->entityType, $data->id, $data->fieldList);
$response->writeBody('true');
}
}

35
application/Espo/Controllers/Email.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\Record;
class Email extends Record
{}

99
application/Espo/Controllers/EmailAccount.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Mail\Account\PersonalAccount\Service;
use Espo\Core\Mail\Account\Storage\Params as StorageParams;
use Espo\Core\Controllers\Record;
use Espo\Core\Api\Request;
class EmailAccount extends Record
{
protected function checkAccess(): bool
{
return $this->acl->check('EmailAccountScope');
}
/**
* @return string[]
* @throws Forbidden
* @throws Error
*/
public function postActionGetFolders(Request $request): array
{
$data = $request->getParsedBody();
$params = StorageParams::createBuilder()
->setHost($data->host ?? null)
->setPort($data->port ?? null)
->setSecurity($data->security ?? null)
->setUsername($data->username ?? null)
->setPassword($data->password ?? null)
->setId($data->id ?? null)
->setEmailAddress($data->emailAddress ?? null)
->setUserId($data->userId ?? null)
->build();
return $this->getEmailAccountService()->getFolderList($params);
}
/**
* @throws Error
* @throws Forbidden
*/
public function postActionTestConnection(Request $request): bool
{
$data = $request->getParsedBody();
$params = StorageParams::createBuilder()
->setHost($data->host ?? null)
->setPort($data->port ?? null)
->setSecurity($data->security ?? null)
->setUsername($data->username ?? null)
->setPassword($data->password ?? null)
->setId($data->id ?? null)
->setEmailAddress($data->emailAddress ?? null)
->setUserId($data->userId ?? null)
->build();
$this->getEmailAccountService()->testConnection($params);
return true;
}
private function getEmailAccountService(): Service
{
/** @var Service */
return $this->injectableFactory->create(Service::class);
}
}

35
application/Espo/Controllers/EmailAddress.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\RecordBase;
class EmailAddress extends RecordBase
{}

34
application/Espo/Controllers/EmailFilter.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class EmailFilter extends \Espo\Core\Controllers\Record
{
}

98
application/Espo/Controllers/EmailFolder.php Normal file
View File

@@ -0,0 +1,98 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Controllers\RecordBase;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\NotFound;
use Espo\Tools\EmailFolder\Service;
use stdClass;
class EmailFolder extends RecordBase
{
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
* @throws NotFound
*/
public function postActionMoveUp(Request $request): bool
{
$data = $request->getParsedBody();
if (empty($data->id)) {
throw new BadRequest();
}
$this->getEmailFolderService()->moveUp($data->id);
return true;
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
* @throws NotFound
*/
public function postActionMoveDown(Request $request): bool
{
$data = $request->getParsedBody();
if (empty($data->id)) {
throw new BadRequest();
}
$this->getEmailFolderService()->moveDown($data->id);
return true;
}
/**
* @throws Forbidden
* @throws NotFound
*/
public function getActionListAll(Request $request): stdClass
{
$userId = $request->getQueryParam('userId');
$list = $this->getEmailFolderService()->listAll($userId);
return (object) ['list' => $list];
}
private function getEmailFolderService(): Service
{
return $this->injectableFactory->create(Service::class);
}
}

35
application/Espo/Controllers/EmailTemplate.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\Record;
class EmailTemplate extends Record
{}

34
application/Espo/Controllers/EmailTemplateCategory.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class EmailTemplateCategory extends \Espo\Core\Templates\Controllers\CategoryTree
{
}

575
application/Espo/Controllers/EntityManager.php Normal file
View File

@@ -0,0 +1,575 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Conflict;
use Espo\Core\Exceptions\Error;
use Espo\Core\InjectableFactory;
use Espo\Entities\User;
use Espo\Tools\EntityManager\EntityManager as EntityManagerTool;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Forbidden;
use Espo\Tools\ExportCustom\ExportCustom;
use Espo\Tools\ExportCustom\Params as ExportCustomParams;
use Espo\Tools\ExportCustom\Service as ExportCustomService;
use Espo\Tools\LinkManager\LinkManager;
use stdClass;
class EntityManager
{
/**
* @throws Forbidden
*/
public function __construct(
private User $user,
private EntityManagerTool $entityManagerTool,
private LinkManager $linkManager,
private InjectableFactory $injectableFactory
) {
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
}
/**
* @throws BadRequest
* @throws Error
* @throws Conflict
*/
public function postActionCreateEntity(Request $request): stdClass
{
$data = $request->getParsedBody();
$data = get_object_vars($data);
if (empty($data['name']) || empty($data['type'])) {
throw new BadRequest();
}
$name = $data['name'];
$type = $data['type'];
if (!is_string($name) || !is_string($type)) {
throw new BadRequest();
}
$params = [];
if (!empty($data['labelSingular'])) {
$params['labelSingular'] = $data['labelSingular'];
}
if (!empty($data['labelPlural'])) {
$params['labelPlural'] = $data['labelPlural'];
}
if (!empty($data['stream'])) {
$params['stream'] = $data['stream'];
}
if (!empty($data['disabled'])) {
$params['disabled'] = $data['disabled'];
}
if (!empty($data['sortBy'])) {
$params['sortBy'] = $data['sortBy'];
}
if (!empty($data['sortDirection'])) {
$params['asc'] = $data['sortDirection'] === 'asc';
}
if (isset($data['textFilterFields']) && is_array($data['textFilterFields'])) {
$params['textFilterFields'] = $data['textFilterFields'];
}
if (!empty($data['color'])) {
$params['color'] = $data['color'];
}
if (!empty($data['iconClass'])) {
$params['iconClass'] = $data['iconClass'];
}
if (isset($data['fullTextSearch'])) {
$params['fullTextSearch'] = $data['fullTextSearch'];
}
if (isset($data['countDisabled'])) {
$params['countDisabled'] = $data['countDisabled'];
}
if (isset($data['optimisticConcurrencyControl'])) {
$params['optimisticConcurrencyControl'] = $data['optimisticConcurrencyControl'];
}
$params['kanbanViewMode'] = !empty($data['kanbanViewMode']);
if (!empty($data['kanbanStatusIgnoreList'])) {
$params['kanbanStatusIgnoreList'] = $data['kanbanStatusIgnoreList'];
}
$name = $this->entityManagerTool->create($name, $type, $params);
return (object) ['name' => $name];
}
/**
* @throws BadRequest
* @throws Error
*/
public function postActionUpdateEntity(Request $request): bool
{
$data = $request->getParsedBody();
$data = get_object_vars($data);
if (empty($data['name'])) {
throw new BadRequest();
}
$name = $data['name'];
if (!is_string($name)) {
throw new BadRequest();
}
$this->entityManagerTool->update($name, $data);
return true;
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
*/
public function postActionRemoveEntity(Request $request): bool
{
$data = $request->getParsedBody();
$data = get_object_vars($data);
if (empty($data['name'])) {
throw new BadRequest();
}
$name = $data['name'];
if (!is_string($name)) {
throw new BadRequest();
}
$this->entityManagerTool->delete($name);
return true;
}
/**
* @throws BadRequest
* @throws Error
* @throws Conflict
*/
public function postActionCreateLink(Request $request): bool
{
$data = $request->getParsedBody();
$data = get_object_vars($data);
$paramList = [
'entity',
'link',
'linkForeign',
'label',
'linkType',
];
$additionalParamList = [
'entityForeign',
'relationName',
'labelForeign',
];
$params = [];
foreach ($paramList as $item) {
if (empty($data[$item])) {
throw new BadRequest();
}
$params[$item] = htmlspecialchars($data[$item]);
}
foreach ($additionalParamList as $item) {
$params[$item] = $data[$item];
if (is_string($params[$item])) {
$params[$item] = htmlspecialchars($params[$item]);
}
}
$params['labelForeign'] = $params['labelForeign'] ?? $params['linkForeign'];
if (array_key_exists('linkMultipleField', $data)) {
$params['linkMultipleField'] = $data['linkMultipleField'];
}
if (array_key_exists('linkMultipleFieldForeign', $data)) {
$params['linkMultipleFieldForeign'] = $data['linkMultipleFieldForeign'];
}
if (array_key_exists('audited', $data)) {
$params['audited'] = $data['audited'];
}
if (array_key_exists('auditedForeign', $data)) {
$params['auditedForeign'] = $data['auditedForeign'];
}
if (array_key_exists('parentEntityTypeList', $data)) {
$params['parentEntityTypeList'] = $data['parentEntityTypeList'];
}
if (array_key_exists('foreignLinkEntityTypeList', $data)) {
$params['foreignLinkEntityTypeList'] = $data['foreignLinkEntityTypeList'];
}
if (array_key_exists('layout', $data)) {
$params['layout'] = $data['layout'];
}
if (array_key_exists('layoutForeign', $data)) {
$params['layoutForeign'] = $data['layoutForeign'];
}
if (array_key_exists('selectFilter', $data)) {
$params['selectFilter'] = $data['selectFilter'];
}
if (array_key_exists('selectFilterForeign', $data)) {
$params['selectFilterForeign'] = $data['selectFilterForeign'];
}
/** @var array{
* linkType: string,
* entity: string,
* link: string,
* entityForeign: string,
* linkForeign: string,
* label: string,
* labelForeign: string,
* relationName?: ?string,
* linkMultipleField?: bool,
* linkMultipleFieldForeign?: bool,
* audited?: bool,
* auditedForeign?: bool,
* layout?: string,
* layoutForeign?: string,
* selectFilter?: string,
* selectFilterForeign?: string,
* } $params
*/
$this->linkManager->create($params);
return true;
}
/**
* @throws BadRequest
* @throws Error
*/
public function postActionUpdateLink(Request $request): bool
{
$data = $request->getParsedBody();
$data = get_object_vars($data);
$paramList = [
'entity',
'entityForeign',
'link',
'linkForeign',
'label',
'labelForeign',
];
$params = [];
foreach ($paramList as $item) {
if (array_key_exists($item, $data)) {
$params[$item] = htmlspecialchars($data[$item]);
}
}
if (array_key_exists('linkMultipleField', $data)) {
$params['linkMultipleField'] = $data['linkMultipleField'];
}
if (array_key_exists('linkMultipleFieldForeign', $data)) {
$params['linkMultipleFieldForeign'] = $data['linkMultipleFieldForeign'];
}
if (array_key_exists('audited', $data)) {
$params['audited'] = $data['audited'];
}
if (array_key_exists('auditedForeign', $data)) {
$params['auditedForeign'] = $data['auditedForeign'];
}
if (array_key_exists('parentEntityTypeList', $data)) {
$params['parentEntityTypeList'] = $data['parentEntityTypeList'];
}
if (array_key_exists('foreignLinkEntityTypeList', $data)) {
$params['foreignLinkEntityTypeList'] = $data['foreignLinkEntityTypeList'];
}
if (array_key_exists('layout', $data)) {
$params['layout'] = $data['layout'];
}
if (array_key_exists('layoutForeign', $data)) {
$params['layoutForeign'] = $data['layoutForeign'];
}
if (array_key_exists('selectFilter', $data)) {
$params['selectFilter'] = $data['selectFilter'];
}
if (array_key_exists('selectFilterForeign', $data)) {
$params['selectFilterForeign'] = $data['selectFilterForeign'];
}
/**
* @var array{
* entity: string,
* link: string,
* entityForeign?: ?string,
* linkForeign?: ?string,
* label?: string,
* labelForeign?: string,
* linkMultipleField?: bool,
* linkMultipleFieldForeign?: bool,
* audited?: bool,
* auditedForeign?: bool,
* parentEntityTypeList?: string[],
* foreignLinkEntityTypeList?: string[],
* layout?: string,
* layoutForeign?: string,
* selectFilter?: string,
* selectFilterForeign?: string,
* } $params
*/
$this->linkManager->update($params);
return true;
}
/**
* @throws BadRequest
* @throws Error
*/
public function postActionRemoveLink(Request $request): bool
{
$data = $request->getParsedBody();
$data = get_object_vars($data);
$paramList = [
'entity',
'link',
];
$params = [];
foreach ($paramList as $item) {
$params[$item] = htmlspecialchars($data[$item]);
}
/**
* @var array{
* entity?: string,
* link?: string,
* } $params
*/
$this->linkManager->delete($params);
return true;
}
/**
* @throws BadRequest
* @throws Error
*/
public function postActionUpdateLinkParams(Request $request): bool
{
$entityType = $request->getParsedBody()->entityType ?? throw new BadRequest("No entityType.");
$link = $request->getParsedBody()->link ?? throw new BadRequest("No link.");
$rawParams = $request->getParsedBody()->params ?? throw new BadRequest("No params.");
if (!is_string($entityType) || !is_string($link) || !$rawParams instanceof stdClass) {
throw new BadRequest();
}
/** @var array{readOnly?: bool} $params */
$params = [];
if (property_exists($rawParams, 'readOnly')) {
$params['readOnly'] = (bool) $rawParams->readOnly;
}
$this->linkManager->updateParams($entityType, $link, $params);
return true;
}
/**
* @throws BadRequest
* @throws Error
*/
public function postActionResetLinkParamsToDefault(Request $request): bool
{
$entityType = $request->getParsedBody()->entityType ?? throw new BadRequest("No entityType.");
$link = $request->getParsedBody()->link ?? throw new BadRequest("No link.");
if (!is_string($entityType) || !is_string($link)) {
throw new BadRequest();
}
$this->linkManager->resetToDefault($entityType, $link);
return true;
}
/**
* @throws BadRequest
* @throws Error
*/
public function postActionFormula(Request $request): bool
{
$data = $request->getParsedBody();
if (empty($data->scope)) {
throw new BadRequest();
}
if (!property_exists($data, 'data')) {
throw new BadRequest();
}
$formulaData = get_object_vars($data->data);
$this->entityManagerTool->setFormulaData($data->scope, $formulaData);
return true;
}
/**
* @throws BadRequest
*/
public function postActionResetFormulaToDefault(Request $request): bool
{
$data = $request->getParsedBody();
$scope = $data->scope ?? null;
$type = $data->type ?? null;
if (!$scope || !$type) {
throw new BadRequest();
}
$this->entityManagerTool->resetFormulaToDefault($scope, $type);
return true;
}
/**
* @throws BadRequest
* @throws Error
*/
public function postActionResetToDefault(Request $request): bool
{
$data = $request->getParsedBody();
if (empty($data->scope)) {
throw new BadRequest();
}
$this->entityManagerTool->resetToDefaults($data->scope);
return true;
}
/**
* @throws BadRequest
*/
public function postActionExportCustom(Request $request): stdClass
{
$data = $request->getParsedBody();
$name = $data->name ?? null;
$version = $data->version ?? null;
$author = $data->author ?? null;
$module = $data->module ?? null;
$description = $data->description ?? null;
if (
!is_string($name) ||
!is_string($version) ||
!is_string($author) ||
!is_string($module) ||
!is_string($description) && !is_null($description)
) {
throw new BadRequest();
}
$params = new ExportCustomParams(
name: $name,
module: $module,
version: $version,
author: $author,
description: $description
);
$export = $this->injectableFactory->create(ExportCustom::class);
$service = $this->injectableFactory->create(ExportCustomService::class);
$service->storeToConfig($params);
$result = $export->process($params);
return (object) ['id' => $result->getAttachmentId()];
}
}

151
application/Espo/Controllers/Extension.php Normal file
View File

@@ -0,0 +1,151 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\RecordBase;
use Espo\Core\Upgrades\ExtensionManager;
use stdClass;
class Extension extends RecordBase
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
*/
public function postActionUpload(Request $request): stdClass
{
if ($this->config->get('restrictedMode') && !$this->user->isSuperAdmin()) {
throw new Forbidden();
}
if ($this->config->get('adminUpgradeDisabled')) {
throw new Forbidden("Disabled with 'adminUpgradeDisabled' parameter.");
}
$body = $request->getBodyContents();
if ($body === null) {
throw new BadRequest();
}
$manager = new ExtensionManager($this->getContainer());
$id = $manager->upload($body);
$manifest = $manager->getManifest();
return (object) [
'id' => $id,
'version' => $manifest['version'],
'name' => $manifest['name'],
'description' => $manifest['description'],
];
}
/**
* @throws Forbidden
* @throws Error
*/
public function postActionInstall(Request $request): bool
{
$data = $request->getParsedBody();
if ($this->config->get('restrictedMode') && !$this->user->isSuperAdmin()) {
throw new Forbidden();
}
$manager = new ExtensionManager($this->getContainer());
$manager->install(get_object_vars($data));
return true;
}
/**
* @throws Forbidden
* @throws Error
*/
public function postActionUninstall(Request $request): bool
{
$data = $request->getParsedBody();
if ($this->config->get('restrictedMode') && !$this->user->isSuperAdmin()) {
throw new Forbidden();
}
$manager = new ExtensionManager($this->getContainer());
$manager->uninstall(get_object_vars($data));
return true;
}
/**
* @throws Forbidden
* @throws Error
*/
public function deleteActionDelete(Request $request, Response $response): bool
{
$params = $request->getRouteParams();
if ($this->config->get('restrictedMode') && !$this->user->isSuperAdmin()) {
throw new Forbidden();
}
$manager = new ExtensionManager($this->getContainer());
$manager->delete($params);
return true;
}
public function postActionCreate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
}

186
application/Espo/Controllers/ExternalAccount.php Normal file
View File

@@ -0,0 +1,186 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\NotFound;
use Espo\Entities\ExternalAccount as ExternalAccountEntity;
use Espo\Entities\Integration as IntegrationEntity;
use Espo\Services\ExternalAccount as Service;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\RecordBase;
use Espo\Core\Record\ReadParams;
use stdClass;
class ExternalAccount extends RecordBase
{
public static $defaultAction = 'list';
protected function checkAccess(): bool
{
return $this->acl->checkScope(ExternalAccountEntity::ENTITY_TYPE);
}
public function getActionList(Request $request, Response $response): stdClass
{
$integrations = $this->entityManager
->getRDBRepository(IntegrationEntity::ENTITY_TYPE)
->find();
$list = [];
foreach ($integrations as $entity) {
if (
$entity->get('enabled') &&
$this->metadata->get('integrations.' . $entity->getId() .'.allowUserAccounts')
) {
/** @var string $id */
$id = $entity->getId();
$userAccountAclScope = $this->metadata
->get(['integrations', $id, 'userAccountAclScope']);
if ($userAccountAclScope) {
if (!$this->acl->checkScope($userAccountAclScope)) {
continue;
}
}
$list[] = [
'id' => $id,
];
}
}
return (object) [
'list' => $list
];
}
public function getActionGetOAuth2Info(Request $request): ?stdClass
{
$id = $request->getQueryParam('id');
if ($id === null) {
throw new BadRequest();
}
list($integration, $userId) = explode('__', $id);
if ($this->user->getId() != $userId && !$this->user->isAdmin()) {
throw new Forbidden();
}
$entity = $this->entityManager->getEntityById(IntegrationEntity::ENTITY_TYPE, $integration);
if ($entity) {
return (object) [
'clientId' => $entity->get('clientId'),
'redirectUri' => $this->config->get('siteUrl') . '?entryPoint=oauthCallback',
'isConnected' => $this->getExternalAccount()->ping($integration, $userId)
];
}
return null;
}
public function getActionRead(Request $request, Response $response): stdClass
{
/** @var string $id */
$id = $request->getRouteParam('id');
if ($id === '') {
throw new BadRequest();
}
return $this->getRecordService()
->read($id, ReadParams::create())
->getValueMap();
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
/** @var string $id */
$id = $request->getRouteParam('id');
$data = $request->getParsedBody();
list($integration, $userId) = explode('__', $id);
if ($this->user->getId() !== $userId && !$this->user->isAdmin()) {
throw new Forbidden();
}
if (isset($data->enabled) && !$data->enabled) {
$data->data = null;
}
$entity = $this->entityManager->getEntityById(ExternalAccountEntity::ENTITY_TYPE, $id);
if (!$entity) {
throw new NotFound();
}
$entity->set($data);
$this->entityManager->saveEntity($entity);
return $entity->getValueMap();
}
public function postActionAuthorizationCode(Request $request): bool
{
$data = $request->getParsedBody();
$id = $data->id;
$code = $data->code;
list ($integration, $userId) = explode('__', $id);
if ($this->user->getId() != $userId && !$this->user->isAdmin()) {
throw new Forbidden();
}
$this->getExternalAccount()->authorizationCode($integration, $userId, $code);
return true;
}
private function getExternalAccount(): Service
{
/** @var Service */
return $this->getRecordService();
}
}

209
application/Espo/Controllers/FieldManager.php Normal file
View File

@@ -0,0 +1,209 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Entities\User;
use Espo\Tools\FieldManager\FieldManager as FieldManagerTool;
use Espo\Core\Api\Request;
use Espo\Core\DataManager;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Conflict;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
/**
* @noinspection PhpUnused
*/
class FieldManager
{
/**
* @throws Forbidden
*/
public function __construct(
private User $user,
private DataManager $dataManager,
private FieldManagerTool $fieldManagerTool,
) {
$this->checkControllerAccess();
}
/**
* @throws Forbidden
*/
protected function checkControllerAccess(): void
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
}
/**
* @return array<string, mixed>
* @throws BadRequest
* @throws Error
*/
public function getActionRead(Request $request): array
{
$scope = $request->getRouteParam('scope');
$name = $request->getRouteParam('name');
if (!$scope || !$name) {
throw new BadRequest();
}
return $this->fieldManagerTool->read($scope, $name);
}
/**
* @return array<string, mixed>
* @throws BadRequest
* @throws Conflict
* @throws Error
*/
public function postActionCreate(Request $request): array
{
$data = $request->getParsedBody();
$scope = $request->getRouteParam('scope');
$name = $data->name ?? null;
if (!$scope || !$name) {
throw new BadRequest();
}
$fieldManagerTool = $this->fieldManagerTool;
$name = $fieldManagerTool->create($scope, $name, get_object_vars($data));
try {
$this->rebuild($scope);
} catch (Error $e) {
$fieldManagerTool->delete($scope, $name);
throw new Error($e->getMessage());
}
return $fieldManagerTool->read($scope, $name);
}
/**
* @return array<string, mixed>
* @throws BadRequest
* @throws Error
*/
public function patchActionUpdate(Request $request): array
{
return $this->putActionUpdate($request);
}
/**
* @return array<string, mixed>
* @throws BadRequest
* @throws Error
*/
public function putActionUpdate(Request $request): array
{
$data = $request->getParsedBody();
$scope = $request->getRouteParam('scope');
$name = $request->getRouteParam('name');
if (!$scope || !$name) {
throw new BadRequest();
}
$fieldManagerTool = $this->fieldManagerTool;
$fieldManagerTool->update($scope, $name, get_object_vars($data));
if ($fieldManagerTool->isChanged()) {
$this->rebuild($scope);
} else {
$this->dataManager->clearCache();
}
return $fieldManagerTool->read($scope, $name);
}
/**
* @throws BadRequest
* @throws Error
*/
public function deleteActionDelete(Request $request): bool
{
$scope = $request->getRouteParam('scope');
$name = $request->getRouteParam('name');
if (!$scope || !$name) {
throw new BadRequest();
}
$this->fieldManagerTool->delete($scope, $name);
$this->dataManager->clearCache();
$this->dataManager->rebuildMetadata();
return true;
}
/**
* @throws BadRequest
* @throws Error
*/
public function postActionResetToDefault(Request $request): bool
{
$data = $request->getParsedBody();
$scope = $data->scope ?? null;
$name = $data->name ?? null;
if (!$scope || !$name) {
throw new BadRequest();
}
if (!is_string($scope) || !is_string($name)) {
throw new BadRequest();
}
$this->fieldManagerTool->resetToDefault($scope, $name);
$this->rebuild($scope);
return true;
}
/**
* @throws Error
*/
private function rebuild(string $scope): void
{
$this->dataManager->rebuild([$scope]);
}
}

93
application/Espo/Controllers/Formula.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\NotFoundSilent;
use Espo\Tools\Formula\Service;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\ForbiddenSilent;
use Espo\Entities\User;
use Espo\Core\Field\LinkParent;
use stdClass;
class Formula
{
/**
* @throws ForbiddenSilent
*/
public function __construct(
private Service $service,
User $user,
) {
if (!$user->isAdmin()) {
throw new ForbiddenSilent();
}
}
/**
* @throws BadRequest
*/
public function postActionCheckSyntax(Request $request): stdClass
{
$expression = $request->getParsedBody()->expression ?? null;
if (!$expression || !is_string($expression)) {
throw new BadRequest("No or non-string expression.");
}
return $this->service->checkSyntax($expression)->toStdClass();
}
/**
* @throws BadRequest
* @throws NotFoundSilent
*/
public function postActionRun(Request $request): stdClass
{
$expression = $request->getParsedBody()->expression ?? null;
$targetType = $request->getParsedBody()->targetType ?? null;
$targetId = $request->getParsedBody()->targetId ?? null;
if (!$expression || !is_string($expression)) {
throw new BadRequest("No or non-string expression.");
}
$targetLink = null;
if ($targetType && $targetId) {
$targetLink = LinkParent::create($targetType, $targetId);
}
return $this->service->run($expression, $targetLink)->toStdClass();
}
}

76
application/Espo/Controllers/GroupEmailFolder.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Controllers\Record;
use Espo\Core\Api\Request;
use Espo\Tools\EmailFolder\GroupFolderService as Service;
class GroupEmailFolder extends Record
{
/**
* @throws BadRequest
*/
public function postActionMoveUp(Request $request): bool
{
$data = $request->getParsedBody();
if (empty($data->id)) {
throw new BadRequest();
}
$this->getEmailFolderService()->moveUp($data->id);
return true;
}
/**
* @throws BadRequest
*/
public function postActionMoveDown(Request $request): bool
{
$data = $request->getParsedBody();
if (empty($data->id)) {
throw new BadRequest();
}
$this->getEmailFolderService()->moveDown($data->id);
return true;
}
private function getEmailFolderService(): Service
{
/** @var Service */
return $this->injectableFactory->create(Service::class);
}
}

54
application/Espo/Controllers/I18n.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Tools\App\LanguageService as Service;
use Espo\Core\Api\Request;
class I18n
{
private Service $service;
public function __construct(Service $service)
{
$this->service = $service;
}
/**
* @return array<string, mixed>
*/
public function getActionRead(Request $request): array
{
$default = $request->getQueryParam('default') === 'true';
return $this->service->getDataForFrontend($default);
}
}

74
application/Espo/Controllers/Import.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\NotFound;
use Espo\Tools\Import\Params as ImportParams;
use Espo\Tools\Import\Service as Service;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\Record;
use Espo\Core\Di\InjectableFactoryAware;
use Espo\Core\Di\InjectableFactorySetter;
use stdClass;
class Import extends Record
implements InjectableFactoryAware
{
use InjectableFactorySetter;
protected function checkAccess(): bool
{
return $this->acl->check('Import');
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function postActionCreateLink(Request $request): bool
{
throw new Forbidden();
}
public function deleteActionRemoveLink(Request $request): bool
{
throw new Forbidden();
}
}

36
application/Espo/Controllers/ImportError.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\Record;
class ImportError extends Record
{
}

94
application/Espo/Controllers/InboundEmail.php Normal file
View File

@@ -0,0 +1,94 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Error;
use Espo\Core\Mail\Account\GroupAccount\Service;
use Espo\Core\Mail\Account\Storage\Params as StorageParams;
use Espo\Core\Controllers\Record;
use Espo\Core\Api\Request;
use Espo\Core\Mail\Exceptions\ImapError;
class InboundEmail extends Record
{
protected function checkAccess(): bool
{
return $this->getUser()->isAdmin();
}
/**
* @return string[]
* @throws Error
* @throws ImapError
*/
public function postActionGetFolders(Request $request): array
{
$data = $request->getParsedBody();
$params = StorageParams::createBuilder()
->setHost($data->host ?? null)
->setPort($data->port ?? null)
->setSecurity($data->security ?? null)
->setUsername($data->username ?? null)
->setPassword($data->password ?? null)
->setId($data->id ?? null)
->build();
return $this->getInboundEmailService()->getFolderList($params);
}
/**
* @throws Error
*/
public function postActionTestConnection(Request $request): bool
{
$data = $request->getParsedBody();
$params = StorageParams::createBuilder()
->setHost($data->host ?? null)
->setPort($data->port ?? null)
->setSecurity($data->security ?? null)
->setUsername($data->username ?? null)
->setPassword($data->password ?? null)
->setId($data->id ?? null)
->build();
$this->getInboundEmailService()->testConnection($params);
return true;
}
private function getInboundEmailService(): Service
{
/** @var Service */
return $this->injectableFactory->create(Service::class);
}
}

84
application/Espo/Controllers/Integration.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\NotFound;
use Espo\Services\Integration as Service;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Api\Request;
use Espo\Entities\User;
use stdClass;
class Integration
{
/**
* @throws Forbidden
*/
public function __construct(
private Service $service,
private User $user,
) {
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
}
/**
* @throws Forbidden
* @throws NotFound
*/
public function getActionRead(Request $request): stdClass
{
/** @var string $id */
$id = $request->getRouteParam('id');
$entity = $this->service->read($id);
return $entity->getValueMap();
}
/**
* @throws Forbidden
* @throws NotFound
*/
public function putActionUpdate(Request $request): stdClass
{
/** @var string $id */
$id = $request->getRouteParam('id');
$data = $request->getParsedBody();
$entity = $this->service->update($id, $data);
return $entity->getValueMap();
}
}

55
application/Espo/Controllers/Job.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\RecordBase;
use stdClass;
class Job extends RecordBase
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
public function postActionCreate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
}

92
application/Espo/Controllers/LabelManager.php Normal file
View File

@@ -0,0 +1,92 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\DataManager;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Forbidden;
use Espo\Entities\User;
use Espo\Tools\LabelManager\LabelManager as LabelManagerTool;
use stdClass;
class LabelManager
{
/**
* @throws Forbidden
*/
public function __construct(
private User $user,
private DataManager $dataManager,
private LabelManagerTool $labelManagerTool
) {
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
}
/**
* @return string[]
*/
public function postActionGetScopeList(): array
{
return $this->labelManagerTool->getScopeList();
}
public function postActionGetScopeData(Request $request): stdClass
{
$data = $request->getParsedBody();
if (empty($data->scope) || empty($data->language)) {
throw new BadRequest();
}
return $this->labelManagerTool->getScopeData($data->language, $data->scope);
}
public function postActionSaveLabels(Request $request): stdClass
{
$data = $request->getParsedBody();
if (empty($data->scope) || empty($data->language) || !isset($data->labels)) {
throw new BadRequest();
}
$labels = get_object_vars($data->labels);
$returnData = $this->labelManagerTool->saveLabels($data->language, $data->scope, $labels);
$this->dataManager->clearCache();
return $returnData;
}
}

63
application/Espo/Controllers/LastViewed.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Record\SearchParamsFetcher;
use Espo\Tools\ActionHistory\Service as Service;
use stdClass;
/**
* @noinspection PhpUnused
*/
class LastViewed
{
public function __construct(private SearchParamsFetcher $searchParamsFetcher, private Service $service)
{}
/**
* @throws BadRequest
* @throws Forbidden
*/
public function getActionIndex(Request $request): stdClass
{
$searchParams = $this->searchParamsFetcher->fetch($request);
$offset = $searchParams->getOffset();
$maxSize = $searchParams->getMaxSize();
$result = $this->service->getLastViewed($maxSize, $offset);
return $result->toApiOutput();
}
}

222
application/Espo/Controllers/Layout.php Normal file
View File

@@ -0,0 +1,222 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Conflict;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\NotFound;
use Espo\Core\InjectableFactory;
use Espo\Tools\Layout\CustomLayoutService;
use Espo\Tools\Layout\LayoutDefs;
use Espo\Tools\Layout\Service as Service;
use Espo\Entities\User;
use stdClass;
class Layout
{
public function __construct(
private User $user,
private Service $service,
private InjectableFactory $injectableFactory
) {}
/**
* @return mixed
* @throws Forbidden
* @throws NotFound
* @throws Error
* @throws BadRequest
*/
public function getActionRead(Request $request)
{
$params = $request->getRouteParams();
$scope = $params['scope'] ?? null;
$name = $params['name'] ?? null;
if (!$scope || !$name) {
throw new BadRequest();
}
return $this->service->getForFrontend($scope, $name);
}
/**
* @return mixed
* @throws Forbidden
* @throws BadRequest
* @throws NotFound
* @throws Error
*/
public function putActionUpdate(Request $request)
{
$params = $request->getRouteParams();
$data = json_decode($request->getBodyContents() ?? 'null');
if (is_object($data)) {
$data = get_object_vars($data);
}
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
$scope = $params['scope'] ?? null;
$name = $params['name'] ?? null;
$setId = $params['setId'] ?? null;
if (!$scope || !$name) {
throw new BadRequest();
}
return $this->service->update($scope, $name, $setId, $data);
}
/**
* @return array<int, mixed>|stdClass|null
* @throws Forbidden
* @throws BadRequest
* @throws NotFound
* @throws Error
*/
public function postActionResetToDefault(Request $request)
{
$data = $request->getParsedBody();
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
if (empty($data->scope) || empty($data->name)) {
throw new BadRequest();
}
return $this->service->resetToDefault($data->scope, $data->name, $data->setId ?? null);
}
/**
* @return array<int, mixed>|stdClass|null
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
* @throws Error
*/
public function getActionGetOriginal(Request $request)
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
$scope = $request->getQueryParam('scope');
$name = $request->getQueryParam('name');
$setId = $request->getQueryParam('setId');
if (!$scope || !$name) {
throw new BadRequest("No `scope` or `name` parameter.");
}
return $this->service->getOriginal($scope, $name, $setId);
}
/**
* @throws Forbidden
* @throws BadRequest
* @throws Conflict
*/
public function postActionCreate(Request $request): bool
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
$body = $request->getParsedBody();
$scope = $body->scope ?? null;
$name = $body->name ?? null;
$type = $body->type ?? null;
$label = $body->label ?? null;
if (
!is_string($scope) ||
!is_string($name) ||
!is_string($type) ||
!is_string($label) ||
!$scope ||
!$name ||
!$type ||
!$label
) {
throw new BadRequest();
}
$defs = new LayoutDefs($scope, $name, $type, $label);
$service = $this->injectableFactory->create(CustomLayoutService::class);
$service->create($defs);
return true;
}
/**
* @throws Forbidden
* @throws BadRequest
*/
public function postActionDelete(Request $request): bool
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
$body = $request->getParsedBody();
$scope = $body->scope ?? null;
$name = $body->name ?? null;
if (
!is_string($scope) ||
!is_string($name) ||
!$scope ||
!$name
) {
throw new BadRequest();
}
$service = $this->injectableFactory->create(CustomLayoutService::class);
$service->delete($scope, $name);
return true;
}
}

40
application/Espo/Controllers/LayoutSet.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\Record;
class LayoutSet extends Record
{
protected function checkAccess(): bool
{
return $this->getUser()->isAdmin();
}
}

84
application/Espo/Controllers/Ldap.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Authentication\Ldap\Utils as LDAPUtils;
use Espo\Core\Authentication\Ldap\Client as LDAPClient;
use Espo\Core\Api\Request;
use Espo\Core\Utils\Config;
use Espo\Entities\User;
use Laminas\Ldap\Exception\LdapException;
class Ldap
{
private User $user;
private Config $config;
public function __construct(
User $user,
Config $config
) {
$this->user = $user;
$this->config = $config;
}
/**
* @throws Forbidden
* @throws LdapException
*/
public function postActionTestConnection(Request $request): bool
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
$data = $request->getParsedBody();
if (!isset($data->password)) {
$data->password = $this->config->get('ldapPassword');
}
$ldapUtils = new LDAPUtils();
$options = $ldapUtils->normalizeOptions(
get_object_vars($data)
);
$ldapClient = new LDAPClient($options);
// An exception thrown if no connection.
$ldapClient->bind();
return true;
}
}

153
application/Espo/Controllers/LeadCapture.php Normal file
View File

@@ -0,0 +1,153 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\NotFound;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\Record;
use Espo\Core\Exceptions\Error;
use Espo\Tools\LeadCapture\Service;
use Espo\Tools\LeadCapture\CaptureService as CaptureService;
use stdClass;
class LeadCapture extends Record
{
/**
* @throws BadRequest
* @throws NotFound
* @throws Error
*/
public function postActionLeadCapture(Request $request, Response $response): bool
{
$data = $request->getParsedBody();
$apiKey = $request->getRouteParam('apiKey');
if (!$apiKey) {
throw new BadRequest('No API key provided.');
}
$allowOrigin = $this->config->get('leadCaptureAllowOrigin', '*');
$response->setHeader('Access-Control-Allow-Origin', $allowOrigin);
$this->getCaptureService()->capture($apiKey, $data);
return true;
}
/**
* @throws BadRequest
* @throws NotFound
*/
public function optionsActionLeadCapture(Request $request, Response $response): bool
{
$apiKey = $request->getRouteParam('apiKey');
if (!$apiKey) {
throw new BadRequest('No API key provided.');
}
if (!$this->getLeadCaptureService()->isApiKeyValid($apiKey)) {
throw new NotFound();
}
$allowOrigin = $this->config->get('leadCaptureAllowOrigin', '*');
$response->setHeader('Access-Control-Allow-Headers', 'Content-Type, Accept');
$response->setHeader('Access-Control-Allow-Origin', $allowOrigin);
$response->setHeader('Access-Control-Allow-Methods', 'POST');
return true;
}
/**
* @throws BadRequest
* @throws NotFound
* @throws Forbidden
*/
public function postActionGenerateNewApiKey(Request $request): stdClass
{
$data = $request->getParsedBody();
if (empty($data->id)) {
throw new BadRequest();
}
return $this->getLeadCaptureService()
->generateNewApiKeyForEntity($data->id)
->getValueMap();
}
/**
* @throws BadRequest
* @throws NotFound
* @throws Forbidden
*/
public function postActionGenerateNewFormId(Request $request): stdClass
{
$data = $request->getParsedBody();
if (empty($data->id)) {
throw new BadRequest();
}
return $this->getLeadCaptureService()
->generateNewFormIdForEntity($data->id)
->getValueMap();
}
/**
* @return stdClass[]
* @throws Forbidden
*/
public function getActionSmtpAccountDataList(): array
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
return $this->getLeadCaptureService()->getSmtpAccountDataList();
}
private function getCaptureService(): CaptureService
{
return $this->injectableFactory->create(CaptureService::class);
}
private function getLeadCaptureService(): Service
{
return $this->injectableFactory->create(Service::class);
}
}

35
application/Espo/Controllers/LeadCaptureLogRecord.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class LeadCaptureLogRecord extends \Espo\Core\Controllers\Record
{
}

84
application/Espo/Controllers/Metadata.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Response;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Api\Request;
use Espo\Core\Utils\Json;
use Espo\Core\Utils\Metadata as MetadataUtil;
use Espo\Entities\User as UserEntity;
use Espo\Tools\App\MetadataService as Service;
use stdClass;
class Metadata
{
private Service $service;
private MetadataUtil $metadata;
private UserEntity $user;
public function __construct(
Service $service,
MetadataUtil $metadata,
UserEntity $user
) {
$this->service = $service;
$this->metadata = $metadata;
$this->user = $user;
}
public function getActionRead(Request $request): mixed
{
$key = $request->getQueryParam('key');
if (is_string($key)) {
return $this->service->getDataForFrontendByKey($key);
}
return $this->service->getDataForFrontend();
}
/**
* @throws Forbidden
*/
public function getActionGet(Request $request, Response $response): void
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
$key = $request->getQueryParam('key');
$value = $this->metadata->get($key);
$response->writeBody(Json::encode($value));
}
}

37
application/Espo/Controllers/Note.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\RecordBase;
class Note extends RecordBase
{
}

107
application/Espo/Controllers/Notification.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Name\Field;
use Espo\Tools\Notification\RecordService as Service;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\RecordBase;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Select\SearchParams;
use Espo\Core\Select\Where\Item as WhereItem;
use stdClass;
class Notification extends RecordBase
{
public static $defaultAction = 'list';
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
*/
public function getActionList(Request $request, Response $response): stdClass
{
$searchParamsAux = $this->searchParamsFetcher->fetch($request);
$offset = $searchParamsAux->getOffset();
$maxSize = $searchParamsAux->getMaxSize();
$after = $request->getQueryParam('after');
$searchParams = SearchParams
::create()
->withOffset($offset)
->withMaxSize($maxSize);
if ($after) {
$searchParams = $searchParams
->withWhereAdded(
WhereItem
::createBuilder()
->setAttribute(Field::CREATED_AT)
->setType(WhereItem\Type::AFTER)
->setValue($after)
->build()
);
}
$recordCollection = $this->getNotificationService()->get($this->user, $searchParams);
return $recordCollection->toApiOutput();
}
public function getActionNotReadCount(): int
{
$userId = $this->user->getId();
return $this->getNotificationService()->getNotReadCount($userId);
}
public function postActionMarkAllRead(Request $request): bool
{
$userId = $this->user->getId();
$this->getNotificationService()->markAllRead($userId);
return true;
}
private function getNotificationService(): Service
{
return $this->injectableFactory->create(Service::class);
}
}

47
application/Espo/Controllers/OAuthAccount.php Normal file
View File

@@ -0,0 +1,47 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\RecordBase;
/**
* @noinspection PhpUnused
*/
class OAuthAccount extends RecordBase
{
protected function checkAccess(): bool
{
if (!$this->user->isAdmin()) {
return false;
}
return true;
}
}

47
application/Espo/Controllers/OAuthProvider.php Normal file
View File

@@ -0,0 +1,47 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\Record;
/**
* @noinspection PhpUnused
*/
class OAuthProvider extends Record
{
protected function checkAccess(): bool
{
if (!$this->user->isAdmin()) {
return false;
}
return true;
}
}

78
application/Espo/Controllers/Oidc.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\ForbiddenSilent;
use Espo\Core\Utils\Json;
use Espo\Tools\Oidc\Service;
class Oidc
{
private Service $service;
public function __construct(Service $service)
{
$this->service = $service;
}
/**
* @throws Forbidden
* @throws Error
*/
public function getActionAuthorizationData(Request $request, Response $response): void
{
$data = $this->service->getAuthorizationData();
$response->writeBody(Json::encode($data));
}
/**
* @throws BadRequest
* @throws Forbidden
*/
public function postActionBackchannelLogout(Request $request, Response $response): void
{
$token = $request->getParsedBody()->logout_token ?? null;
if (!$token || !is_string($token)) {
throw new BadRequest();
}
$this->service->backchannelLogout($token);
$response->writeBody('true');
}
}

92
application/Espo/Controllers/Pdf.php Normal file
View File

@@ -0,0 +1,92 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Acl;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\NotFound;
use Espo\Entities\Template as TemplateEntity;
use Espo\Tools\Pdf\MassService;
use stdClass;
class Pdf
{
private MassService $service;
private Acl $acl;
public function __construct(MassService $service, Acl $acl)
{
$this->service = $service;
$this->acl = $acl;
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
* @throws NotFound
*/
public function postActionMassPrint(Request $request): stdClass
{
$data = $request->getParsedBody();
if (empty($data->idList) || !is_array($data->idList)) {
throw new BadRequest();
}
if (empty($data->entityType)) {
throw new BadRequest();
}
if (empty($data->templateId)) {
throw new BadRequest();
}
if (!$this->acl->checkScope(TemplateEntity::ENTITY_TYPE)) {
throw new Forbidden();
}
if (!$this->acl->checkScope($data->entityType)) {
throw new Forbidden();
}
$id = $this->service->generate($data->entityType, $data->idList, $data->templateId);
return (object) [
'id' => $id,
];
}
}

35
application/Espo/Controllers/PhoneNumber.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class PhoneNumber extends \Espo\Core\Controllers\RecordBase
{
}

66
application/Espo/Controllers/PopupNotification.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Tools\PopupNotification\Service as Service;
use stdClass;
class PopupNotification
{
private Service $service;
public function __construct(Service $service)
{
$this->service = $service;
}
public function getActionGrouped(): stdClass
{
$grouped = $this->service->getGrouped();
$result = (object) [];
foreach ($grouped as $type => $itemList) {
$rawList = array_map(
function ($item) {
return (object) [
'id' => $item->getId(),
'data' => $item->getData(),
];
},
$itemList
);
$result->$type = $rawList;
}
return $result;
}
}

44
application/Espo/Controllers/Portal.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Acl\Permission;
use Espo\Core\Acl\Table;
use Espo\Core\Controllers\Record;
class Portal extends Record
{
protected function checkAccess(): bool
{
$level = $this->acl->getPermissionLevel(Permission::PORTAL);
return $level === Table::LEVEL_YES;
}
}

34
application/Espo/Controllers/PortalRole.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class PortalRole extends \Espo\Core\Controllers\Record
{
}

123
application/Espo/Controllers/Preferences.php Normal file
View File

@@ -0,0 +1,123 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\NotFound;
use Espo\Tools\App\PreferencesService as Service;
use stdClass;
class Preferences
{
private Service $service;
public function __construct(Service $service)
{
$this->service = $service;
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function getActionRead(Request $request): stdClass
{
$userId = $request->getRouteParam('id');
if (!$userId) {
throw new BadRequest();
}
return $this->service->read($userId)->getValueMap();
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function deleteActionDelete(Request $request): stdClass
{
$userId = $request->getRouteParam('id');
if (!$userId) {
throw new BadRequest();
}
$this->service->resetToDefaults($userId);
return $this->service
->read($userId)
->getValueMap();
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function putActionUpdate(Request $request): stdClass
{
$userId = $request->getRouteParam('id');
if (!$userId) {
throw new BadRequest();
}
$data = $request->getParsedBody();
return $this->service
->update($userId, $data)
->getValueMap();
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function postActionResetDashboard(Request $request): stdClass
{
$data = $request->getParsedBody();
$userId = $data->id ?? null;
if (!$userId) {
throw new BadRequest();
}
return $this->service->resetDashboard($userId);
}
}

34
application/Espo/Controllers/Role.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class Role extends \Espo\Core\Controllers\Record
{
}

40
application/Espo/Controllers/ScheduledJob.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Controllers\Record;
class ScheduledJob extends Record
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
}

38
application/Espo/Controllers/ScheduledJobLogRecord.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class ScheduledJobLogRecord extends \Espo\Core\Controllers\Record
{
protected function checkAccess(): bool
{
return $this->user->isAdmin();
}
}

82
application/Espo/Controllers/Settings.php Normal file
View File

@@ -0,0 +1,82 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Api\Request;
use Espo\Tools\App\SettingsService as Service;
use Espo\Entities\User;
use stdClass;
class Settings
{
public function __construct(
private Service $service,
private User $user,
) {}
public function getActionRead(): stdClass
{
return $this->getConfigData();
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
*/
public function putActionUpdate(Request $request): stdClass
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
$data = $request->getParsedBody();
$this->service->setConfigData($data);
return $this->getConfigData();
}
private function getConfigData(): stdClass
{
$data = $this->service->getConfigData();
$metadataData = $this->service->getMetadataConfigData();
foreach (get_object_vars($metadataData) as $key => $value) {
$data->$key = $value;
}
return $data;
}
}

218
application/Espo/Controllers/Stream.php Normal file
View File

@@ -0,0 +1,218 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\NotFound;
use Espo\Core\Field\DateTime;
use Espo\Core\Name\Field;
use Espo\Core\Record\SearchParamsFetcher;
use Espo\Core\Select\SearchParams;
use Espo\Core\Select\Where\Item as WhereItem;
use Espo\Entities\User as UserEntity;
use Espo\Tools\Stream\RecordService;
use Espo\Tools\Stream\UserRecordService;
use Espo\Tools\UserReaction\ReactionStreamService;
use stdClass;
class Stream
{
public static string $defaultAction = 'list';
public function __construct(
private RecordService $service,
private UserRecordService $userRecordService,
private SearchParamsFetcher $searchParamsFetcher,
private ReactionStreamService $reactionStreamService,
) {}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function getActionList(Request $request): stdClass
{
$id = $request->getRouteParam('id');
$scope = $request->getRouteParam('scope');
if ($scope === null) {
throw new BadRequest();
}
$searchParams = $this->fetchSearchParams($request);
if ($scope === UserEntity::ENTITY_TYPE) {
$collection = $this->userRecordService->find($id, $searchParams);
$reactionsCheckDate = DateTime::createNow();
$output = $collection->toApiOutput();
$output->reactionsCheckDate = $reactionsCheckDate->toString();
$output->updatedReactions = $this->getReactionUpdates($request, $id);
return $output;
}
if ($id === null) {
throw new BadRequest();
}
$collection = $this->service->find($scope, $id, $searchParams);
$pinnedCollection = $this->service->getPinned($scope, $id);
$output = $collection->toApiOutput();
$output->pinnedList = $pinnedCollection->getValueMapList();
return $output;
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function getActionListPosts(Request $request): stdClass
{
$id = $request->getRouteParam('id');
$scope = $request->getRouteParam('scope');
if ($scope === null) {
throw new BadRequest();
}
if ($id === null && $scope !== UserEntity::ENTITY_TYPE) {
throw new BadRequest("No ID.");
}
$searchParams = $this->fetchSearchParams($request)
->withPrimaryFilter('posts');
$result = $scope === UserEntity::ENTITY_TYPE ?
$this->userRecordService->find($id, $searchParams) :
$this->service->find($scope, $id ?? '', $searchParams);
return $result->toApiOutput();
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function getActionListUpdates(Request $request): stdClass
{
$id = $request->getRouteParam('id');
$scope = $request->getRouteParam('scope');
if ($scope === null || $id === null) {
throw new BadRequest();
}
$searchParams = $this->fetchSearchParams($request);
$result = $this->service->findUpdates($scope, $id, $searchParams);
return $result->toApiOutput();
}
/**
* @throws BadRequest
* @throws Forbidden
*/
private function fetchSearchParams(Request $request): SearchParams
{
$searchParams = $this->searchParamsFetcher->fetch($request);
$after = $request->getQueryParam('after');
$filter = $request->getQueryParam('filter');
if ($after) {
$searchParams = $searchParams
->withWhereAdded(
WhereItem
::createBuilder()
->setAttribute(Field::CREATED_AT)
->setType(WhereItem\Type::AFTER)
->setValue($after)
->build()
);
}
if ($filter) {
$searchParams = $searchParams->withPrimaryFilter($filter);
}
if ($request->getQueryParam('skipOwn') === 'true') {
$searchParams = $searchParams->withBoolFilterAdded('skipOwn');
}
$beforeNumber = $request->getQueryParam('beforeNumber');
if ($beforeNumber) {
$searchParams = $searchParams
->withWhereAdded(
WhereItem
::createBuilder()
->setAttribute('number')
->setType(WhereItem\Type::LESS_THAN)
->setValue($beforeNumber)
->build()
);
}
return $searchParams;
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
* @return stdClass[]
*/
private function getReactionUpdates(Request $request, ?string $id): array
{
$reactionsAfter = $request->getQueryParam('reactionsAfter');
$noteIds = explode(',', $request->getQueryParam('reactionsCheckNoteIds') ?? '');
if (!$reactionsAfter || !$noteIds) {
return [];
}
return $this->reactionStreamService->getReactionUpdates(DateTime::fromString($reactionsAfter), $noteIds, $id);
}
}

34
application/Espo/Controllers/Team.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class Team extends \Espo\Core\Controllers\Record
{
}

35
application/Espo/Controllers/Template.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class Template extends \Espo\Core\Controllers\Record
{
}

170
application/Espo/Controllers/TemplateManager.php Normal file
View File

@@ -0,0 +1,170 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Utils\Config;
use Espo\Core\Utils\Metadata;
use Espo\Core\Utils\TemplateFileManager;
use Espo\Core\ApplicationState;
use Espo\Core\Api\Request;
use stdClass;
/**
* @noinspection PhpUnused
* @todo Move to a service class.
*/
class TemplateManager
{
/**
* @throws Forbidden
*/
public function __construct(
private Metadata $metadata,
private TemplateFileManager $templateFileManager,
private ApplicationState $applicationState,
private Config $config
) {
if (!$this->applicationState->isAdmin()) {
throw new Forbidden();
}
}
/**
* @throws BadRequest
*/
public function getActionGetTemplate(Request $request): stdClass
{
$name = $request->getQueryParam('name');
if (empty($name)) {
throw new BadRequest();
}
$scope = $request->getQueryParam('scope');
$module = $this->metadata->get(['app', 'templates', $name, 'module']);
$hasSubject = !$this->metadata->get(['app', 'templates', $name, 'noSubject']);
$templateFileManager = $this->templateFileManager;
$returnData = (object) [];
$returnData->body = $templateFileManager->getTemplate($name, 'body', $scope, $module);
if ($hasSubject) {
$returnData->subject = $templateFileManager->getTemplate($name, 'subject', $scope, $module);
}
return $returnData;
}
/**
* @throws BadRequest
* @throws Forbidden
*/
public function postActionSaveTemplate(Request $request): bool
{
$data = $request->getParsedBody();
$scope = null;
if (empty($data->name)) {
/** @noinspection PhpUnhandledExceptionInspection */
throw new BadRequest();
}
if (
$data->name === 'passwordChangeLink' &&
$this->config->get('restrictedMode') &&
!$this->applicationState->getUser()->isSuperAdmin()
) {
throw new Forbidden();
}
if (!empty($data->scope)) {
$scope = $data->scope;
}
$templateFileManager = $this->templateFileManager;
if (isset($data->subject)) {
$templateFileManager->saveTemplate($data->name, 'subject', $data->subject, $scope);
}
if (isset($data->body)) {
$templateFileManager->saveTemplate($data->name, 'body', $data->body, $scope);
}
return true;
}
/**
* @throws BadRequest
*/
public function postActionResetTemplate(Request $request): stdClass
{
$data = $request->getParsedBody();
$scope = null;
if (empty($data->name)) {
throw new BadRequest();
}
if (!empty($data->scope)) {
$scope = $data->scope;
}
$module = $this->metadata->get(['app', 'templates', $data->name, 'module']);
$hasSubject = !$this->metadata->get(['app', 'templates', $data->name, 'noSubject']);
$templateFileManager = $this->templateFileManager;
if ($hasSubject) {
$templateFileManager->resetTemplate($data->name, 'subject', $scope);
}
$templateFileManager->resetTemplate($data->name, 'body', $scope);
$returnData = (object) [];
$returnData->body = $templateFileManager->getTemplate($data->name, 'body', $scope, $module);
if ($hasSubject) {
$returnData->subject = $templateFileManager->getTemplate($data->name, 'subject', $scope, $module);
}
return $returnData;
}
}

94
application/Espo/Controllers/TwoFactorEmail.php Normal file
View File

@@ -0,0 +1,94 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\NotFound;
use Espo\Tools\UserSecurity\TwoFactor\EmailService as Service;
use Espo\Entities\User;
class TwoFactorEmail
{
private Service $service;
private User $user;
/**
* @throws Forbidden
*/
public function __construct(Service $service, User $user)
{
$this->service = $service;
$this->user = $user;
if (
!$this->user->isAdmin() &&
!$this->user->isRegular() &&
!$this->user->isPortal()
) {
throw new Forbidden();
}
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
* @throws NotFound
*/
public function postActionSendCode(Request $request): bool
{
$data = $request->getParsedBody();
$id = $data->id ?? null;
$emailAddress = $data->emailAddress ?? null;
if (!$id) {
throw new BadRequest("No 'id'.");
}
if (!$emailAddress) {
throw new BadRequest("No 'emailAddress'.");
}
if (!$this->user->isAdmin() && $id !== $this->user->getId()) {
throw new Forbidden();
}
$this->service->sendCode($id, $emailAddress);
return true;
}
}

94
application/Espo/Controllers/TwoFactorSms.php Normal file
View File

@@ -0,0 +1,94 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\NotFound;
use Espo\Tools\UserSecurity\TwoFactor\SmsService as Service;
use Espo\Entities\User;
class TwoFactorSms
{
private Service $service;
private User $user;
/**
* @throws Forbidden
*/
public function __construct(Service $service, User $user)
{
$this->service = $service;
$this->user = $user;
if (
!$this->user->isAdmin() &&
!$this->user->isRegular() &&
!$this->user->isPortal()
) {
throw new Forbidden();
}
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
* @throws NotFound
*/
public function postActionSendCode(Request $request): bool
{
$data = $request->getParsedBody();
$id = $data->id ?? null;
$phoneNumber = $data->phoneNumber ?? null;
if (!$id) {
throw new BadRequest("No 'id'.");
}
if (!$phoneNumber) {
throw new BadRequest("No 'phoneNumber'.");
}
if (!$this->user->isAdmin() && $id !== $this->user->getId()) {
throw new Forbidden();
}
$this->service->sendCode($id, $phoneNumber);
return true;
}
}

88
application/Espo/Controllers/User.php Normal file
View File

@@ -0,0 +1,88 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Response;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Api\Request;
use Espo\Core\Controllers\Record;
use Espo\Core\Select\SearchParams;
use Espo\Core\Select\Where\Item as WhereItem;
use stdClass;
class User extends Record
{
public function postActionCreate(Request $request, Response $response): stdClass
{
if ($request->getHeader('Content-Type') !== 'application/json') {
throw new BadRequest("Not supported content type.");
}
return parent::postActionCreate($request, $response);
}
public function postActionCreateLink(Request $request): bool
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
return parent::postActionCreateLink($request);
}
public function deleteActionRemoveLink(Request $request): bool
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
return parent::deleteActionRemoveLink($request);
}
protected function fetchSearchParamsFromRequest(Request $request): SearchParams
{
$searchParams = parent::fetchSearchParamsFromRequest($request);
$userType = $request->getQueryParam('userType');
if (!$userType) {
return $searchParams;
}
return $searchParams->withWhereAdded(
WhereItem::fromRaw([
'type' => 'isOfType',
'attribute' => 'id',
'value' => $userType,
])
);
}
}

131
application/Espo/Controllers/UserSecurity.php Normal file
View File

@@ -0,0 +1,131 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\NotFound;
use Espo\Tools\UserSecurity\Service as Service;
use Espo\Entities\User;
use stdClass;
class UserSecurity
{
private Service $service;
private User $user;
/**
* @throws Forbidden
*/
public function __construct(Service $service, User $user)
{
$this->service = $service;
$this->user = $user;
if (
!$this->user->isAdmin() &&
!$this->user->isRegular() &&
!$this->user->isPortal()
) {
throw new Forbidden();
}
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function getActionRead(Request $request): stdClass
{
$id = $request->getRouteParam('id');
if (!$id) {
throw new BadRequest();
}
if (!$this->user->isAdmin() && $id !== $this->user->getId()) {
throw new Forbidden();
}
return $this->service->read($id);
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws Error
* @throws NotFound
*/
public function postActionGetTwoFactorUserSetupData(Request $request): stdClass
{
$data = $request->getParsedBody();
$id = $data->id ?? null;
if (!$id) {
throw new BadRequest("No 'id'.");
}
if (!$this->user->isAdmin() && $id !== $this->user->getId()) {
throw new Forbidden();
}
return $this->service->getTwoFactorUserSetupData($id, $data);
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function putActionUpdate(Request $request): stdClass
{
$id = $request->getRouteParam('id');
$data = $request->getParsedBody();
if (!$id) {
throw new BadRequest();
}
if (!$this->user->isAdmin() && $id !== $this->user->getId()) {
throw new Forbidden();
}
return $this->service->update($id, $data);
}
}

56
application/Espo/Controllers/Webhook.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\Record;
use stdClass;
class Webhook extends Record
{
protected function checkAccess(): bool
{
if (!$this->user->isAdmin() && !$this->user->isApi()) {
return false;
}
return true;
}
public function postActionCreate(Request $request, Response $response): stdClass
{
$result = parent::postActionCreate($request, $response);
$response->setStatus(201);
return $result;
}
}

61
application/Espo/Controllers/WebhookEventQueueItem.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\RecordBase;
use Espo\Core\Exceptions\Forbidden;
use stdClass;
/**
* @noinspection PhpUnused
*/
class WebhookEventQueueItem extends RecordBase
{
protected function checkAccess(): bool
{
if (!$this->user->isAdmin()) {
return false;
}
return true;
}
public function postActionCreate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
}

61
application/Espo/Controllers/WebhookQueueItem.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Controllers\RecordBase;
use Espo\Core\Exceptions\Forbidden;
use stdClass;
/**
* @noinspection PhpUnused
*/
class WebhookQueueItem extends RecordBase
{
protected function checkAccess(): bool
{
if (!$this->user->isAdmin()) {
return false;
}
return true;
}
public function postActionCreate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
public function putActionUpdate(Request $request, Response $response): stdClass
{
throw new Forbidden();
}
}

32
application/Espo/Controllers/WorkingTimeCalendar.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class WorkingTimeCalendar extends \Espo\Core\Controllers\Record {}

32
application/Espo/Controllers/WorkingTimeRange.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Controllers;
class WorkingTimeRange extends \Espo\Core\Controllers\Record {}