bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2026-01-19 17:44:46 +01:00
commit 823af8b11d
8721 changed files with 1130846 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
application/Espo/Core/Acl/Map/CacheKeyProvider.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Acl\Map;
interface CacheKeyProvider
{
public function get(): string;
}

189
application/Espo/Core/Acl/Map/DataBuilder.php Normal file
View File

@@ -0,0 +1,189 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Acl\Map;
use Espo\Core\Acl\Table;
use Espo\Core\Utils\FieldUtil;
use stdClass;
class DataBuilder
{
/** @var string[] */
private $actionList = [
Table::ACTION_READ,
Table::ACTION_STREAM,
Table::ACTION_EDIT,
Table::ACTION_DELETE,
Table::ACTION_CREATE,
];
/** @var string[] */
private $fieldActionList = [
Table::ACTION_READ,
Table::ACTION_EDIT,
];
/** @var string[] */
private $fieldLevelList = [
Table::LEVEL_YES,
Table::LEVEL_NO,
];
public function __construct(private MetadataProvider $metadataProvider, private FieldUtil $fieldUtil)
{}
/**
* @return stdClass&object{table: stdClass, fieldTable: stdClass}
*/
public function build(Table $table): stdClass
{
$data = (object) [
'table' => (object) [],
'fieldTable' => (object) [],
];
foreach ($this->metadataProvider->getScopeList() as $scope) {
$data->table->$scope = $this->getScopeRawData($table, $scope);
$fieldData = $this->getScopeFieldData($table, $scope);
if ($fieldData !== null) {
$data->fieldTable->$scope = $fieldData;
}
}
foreach ($this->metadataProvider->getPermissionList() as $permission) {
$data->{$permission . 'Permission'} = $table->getPermissionLevel($permission);
}
$data->fieldTableQuickAccess = $this->buildFieldTableQuickAccess($data->fieldTable);
return $data;
}
/**
* @return bool|stdClass
*/
private function getScopeRawData(Table $table, string $scope)
{
$data = $table->getScopeData($scope);
if ($data->isBoolean()) {
return $data->isTrue();
}
$rawData = (object) [];
foreach ($this->actionList as $action) {
$rawData->$action = $data->get($action);
}
return $rawData;
}
private function getScopeFieldData(Table $table, string $scope): ?stdClass
{
if (!$this->metadataProvider->isScopeEntity($scope)) {
return null;
}
$fieldList = $this->metadataProvider->getScopeFieldList($scope);
$rawData = (object) [];
foreach ($fieldList as $field) {
$data = $table->getFieldData($scope, $field);
if (
$data->getRead() === Table::LEVEL_YES &&
$data->getEdit() === Table::LEVEL_YES
) {
continue;
}
$rawData->$field = (object) [
Table::ACTION_READ => $data->getRead(),
Table::ACTION_EDIT => $data->getEdit(),
];
}
return $rawData;
}
protected function buildFieldTableQuickAccess(stdClass $fieldTable): stdClass
{
$quickAccess = (object) [];
foreach (get_object_vars($fieldTable) as $scope => $scopeData) {
$quickAccess->$scope = $this->buildFieldTableQuickAccessScope($scope, $scopeData);
}
return $quickAccess;
}
private function buildFieldTableQuickAccessScope(string $scope, stdClass $data): stdClass
{
$quickAccess = (object) [
'attributes' => (object) [],
'fields' => (object) [],
];
foreach ($this->fieldActionList as $action) {
$quickAccess->attributes->$action = (object) [];
$quickAccess->fields->$action = (object) [];
foreach ($this->fieldLevelList as $level) {
$quickAccess->attributes->$action->$level = [];
$quickAccess->fields->$action->$level = [];
}
}
foreach (get_object_vars($data) as $field => $fieldData) {
$attributeList = $this->fieldUtil->getAttributeList($scope, $field);
foreach ($this->fieldActionList as $action) {
if (!isset($fieldData->$action)) {
continue;
}
foreach ($this->fieldLevelList as $level) {
if ($fieldData->$action === $level) {
$quickAccess->fields->$action->{$level}[] = $field;
foreach ($attributeList as $attribute) {
$quickAccess->attributes->$action->{$level}[] = $attribute;
}
}
}
}
}
return $quickAccess;
}
}

43
application/Espo/Core/Acl/Map/DefaultCacheKeyProvider.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Acl\Map;
use Espo\Entities\User;
class DefaultCacheKeyProvider implements CacheKeyProvider
{
public function __construct(private User $user)
{}
public function get(): string
{
return 'aclMap/' . $this->user->getId();
}
}

232
application/Espo/Core/Acl/Map/Map.php Normal file
View File

@@ -0,0 +1,232 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Acl\Map;
use Espo\Core\Acl\Table;
use Espo\Core\Utils\Config;
use Espo\Core\Utils\DataCache;
use Espo\Core\Utils\ObjectUtil;
use stdClass;
use RuntimeException;
/**
* Provides quick access to ACL data.
*/
class Map
{
private stdClass $data;
private string $cacheKey;
/** @var array<string, string[]> */
private $forbiddenFieldsCache = [];
/** @var array<string, string[]> */
private $forbiddenAttributesCache;
/** @var string[] */
private $fieldLevelList = [
Table::LEVEL_YES,
Table::LEVEL_NO,
];
public function __construct(
Table $table,
private DataBuilder $dataBuilder,
private DataCache $dataCache,
CacheKeyProvider $cacheKeyProvider,
Config\SystemConfig $systemConfig,
) {
$this->cacheKey = $cacheKeyProvider->get();
if ($systemConfig->useCache() && $this->dataCache->has($this->cacheKey)) {
/** @var stdClass $cachedData */
$cachedData = $this->dataCache->get($this->cacheKey);
$this->data = $cachedData;
} else {
$this->data = $this->dataBuilder->build($table);
if ($systemConfig->useCache()) {
$this->dataCache->store($this->cacheKey, $this->data);
}
}
}
/**
* Get raw data (for front-end).
*/
public function getData(): stdClass
{
return ObjectUtil::clone($this->data);
}
/**
* Get a list of forbidden attributes for a scope and action.
*
* @param string $scope A scope.
* @param string $action An action.
* @param string $thresholdLevel An attribute will be treated as forbidden if the level is
* equal to or lower than the threshold.
* @return string[]
*/
public function getScopeForbiddenAttributeList(
string $scope,
string $action = Table::ACTION_READ,
string $thresholdLevel = Table::LEVEL_NO
): array {
if (
!in_array($thresholdLevel, $this->fieldLevelList) ||
$thresholdLevel === Table::LEVEL_YES
) {
throw new RuntimeException("Bad threshold level.");
}
$key = $scope . '_'. $action . '_' . $thresholdLevel;
if (isset($this->forbiddenAttributesCache[$key])) {
return $this->forbiddenAttributesCache[$key];
}
$fieldTableQuickAccess = $this->data->fieldTableQuickAccess;
if (
!isset($fieldTableQuickAccess->$scope) ||
!isset($fieldTableQuickAccess->$scope->attributes) ||
!isset($fieldTableQuickAccess->$scope->attributes->$action)
) {
$this->forbiddenAttributesCache[$key] = [];
return [];
}
$levelList = [];
foreach ($this->fieldLevelList as $level) {
if (
array_search($level, $this->fieldLevelList) >=
array_search($thresholdLevel, $this->fieldLevelList)
) {
$levelList[] = $level;
}
}
$attributeList = [];
foreach ($levelList as $level) {
if (!isset($fieldTableQuickAccess->$scope->attributes->$action->$level)) {
continue;
}
foreach ($fieldTableQuickAccess->$scope->attributes->$action->$level as $attribute) {
if (in_array($attribute, $attributeList)) {
continue;
}
$attributeList[] = $attribute;
}
}
$this->forbiddenAttributesCache[$key] = $attributeList;
return $attributeList;
}
/**
* Get a list of forbidden fields for a scope and action.
*
* @param string $scope A scope.
* @param string $action An action.
* @param string $thresholdLevel An attribute will be treated as forbidden if the level is
* equal to or lower than the threshold.
* @return string[]
*/
public function getScopeForbiddenFieldList(
string $scope,
string $action = Table::ACTION_READ,
string $thresholdLevel = Table::LEVEL_NO
): array {
if (
!in_array($thresholdLevel, $this->fieldLevelList) ||
$thresholdLevel === Table::LEVEL_YES
) {
throw new RuntimeException("Bad threshold level.");
}
$key = $scope . '_'. $action . '_' . $thresholdLevel;
if (isset($this->forbiddenFieldsCache[$key])) {
return $this->forbiddenFieldsCache[$key];
}
$fieldTableQuickAccess = $this->data->fieldTableQuickAccess;
if (
!isset($fieldTableQuickAccess->$scope) ||
!isset($fieldTableQuickAccess->$scope->fields) ||
!isset($fieldTableQuickAccess->$scope->fields->$action)
) {
$this->forbiddenFieldsCache[$key] = [];
return [];
}
$levelList = [];
foreach ($this->fieldLevelList as $level) {
if (
array_search($level, $this->fieldLevelList) >=
array_search($thresholdLevel, $this->fieldLevelList)
) {
$levelList[] = $level;
}
}
$fieldList = [];
foreach ($levelList as $level) {
if (!isset($fieldTableQuickAccess->$scope->fields->$action->$level)) {
continue;
}
foreach ($fieldTableQuickAccess->$scope->fields->$action->$level as $field) {
if (in_array($field, $fieldList)) {
continue;
}
$fieldList[] = $field;
}
}
$this->forbiddenFieldsCache[$key] = $fieldList;
return $fieldList;
}
}

64
application/Espo/Core/Acl/Map/MapFactory.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Acl\Map;
use Espo\Entities\User;
use Espo\Core\Acl\Table;
use Espo\Core\Binding\Binder;
use Espo\Core\Binding\BindingContainer;
use Espo\Core\Binding\BindingData;
use Espo\Core\InjectableFactory;
class MapFactory
{
public function __construct(private InjectableFactory $injectableFactory)
{}
public function create(User $user, Table $table): Map
{
$bindingContainer = $this->createBindingContainer($user, $table);
return $this->injectableFactory->createWithBinding(Map::class, $bindingContainer);
}
private function createBindingContainer(User $user, Table $table): BindingContainer
{
$bindingData = new BindingData();
$binder = new Binder($bindingData);
$binder
->bindInstance(User::class, $user)
->bindInstance(Table::class, $table)
->bindImplementation(CacheKeyProvider::class, DefaultCacheKeyProvider::class);
return new BindingContainer($bindingData);
}
}

82
application/Espo/Core/Acl/Map/MetadataProvider.php Normal file
View File

@@ -0,0 +1,82 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Acl\Map;
use Espo\Core\Utils\Metadata;
class MetadataProvider
{
protected string $type = 'acl';
public function __construct(private Metadata $metadata)
{}
/**
* @return string[]
*/
public function getScopeList(): array
{
/** @var string[] */
return array_keys($this->metadata->get('scopes') ?? []);
}
public function isScopeEntity(string $scope): bool
{
return (bool) $this->metadata->get(['scopes', $scope, 'entity']);
}
/**
* @return string[]
*/
public function getScopeFieldList(string $scope): array
{
/** @var string[] */
return array_keys($this->metadata->get(['entityDefs', $scope, 'fields']) ?? []);
}
/**
* @return array<int, string>
*/
public function getPermissionList(): array
{
$itemList = $this->metadata->get(['app', $this->type, 'valuePermissionList']) ?? [];
return array_map(
function (string $item): string {
if (str_ends_with($item, 'Permission')) {
return substr($item, 0, -10);
}
return $item;
},
$itemList
);
}
}