bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2026-01-19 17:44:46 +01:00
commit 823af8b11d
8721 changed files with 1130846 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

265
application/Espo/Core/Controllers/Base.php Normal file
View File

@@ -0,0 +1,265 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Controllers;
use Espo\Core\Acl;
use Espo\Core\AclManager;
use Espo\Core\Container;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\ServiceFactory;
use Espo\Core\Utils\Config;
use Espo\Core\Utils\Metadata;
use Espo\Entities\Preferences;
use Espo\Entities\User;
/**
* @deprecated Don't extend.
* @todo Remove in v10.0.
*/
abstract class Base
{
/**
* @var string
*/
protected $name;
/**
* @var string
*/
public static $defaultAction = 'index';
/**
* @deprecated
* @var Container
*/
private $container;
/**
* @var User
*/
protected $user;
/**
* @var Acl
*/
protected $acl;
/**
* @deprecated
* @var AclManager
*/
protected $aclManager;
/**
* @var Config
*/
protected $config;
/**
* @deprecated
* @var Preferences
*/
protected $preferences;
/**
* @deprecated
* @var Metadata
*/
protected $metadata;
/**
* @deprecated
* @var ServiceFactory
*/
protected $serviceFactory;
/**
* @throws Forbidden
* @internal Most dependencies are for backward compatibility.
*/
public function __construct(
Container $container,
User $user,
Acl $acl,
AclManager $aclManager,
Config $config,
Preferences $preferences,
Metadata $metadata,
ServiceFactory $serviceFactory
) {
$this->container = $container;
$this->user = $user;
$this->acl = $acl;
$this->aclManager = $aclManager;
$this->config = $config;
$this->preferences = $preferences;
$this->metadata = $metadata;
$this->serviceFactory = $serviceFactory;
if (empty($this->name)) {
$name = get_class($this);
$matches = null;
if (preg_match('@\\\\([\w]+)$@', $name, $matches)) {
$name = $matches[1];
}
$this->name = $name;
}
$this->checkControllerAccess();
if (!$this->checkAccess()) {
throw new Forbidden("No access to '{$this->name}'.");
}
}
/**
* @deprecated
*/
protected function getName(): string
{
/** @var string */
return $this->name;
}
/**
* Check access to controller.
*/
protected function checkAccess(): bool
{
return true;
}
/**
* @return void
* @deprecated
*/
protected function checkControllerAccess()
{
}
/**
* @deprecated
* @param string $name
*/
protected function getService($name): object
{
return $this->serviceFactory->create($name);
}
/**
* @deprecated Use Aware interfaces to inject dependencies.
*
* @return Container
*/
protected function getContainer()
{
return $this->container;
}
/**
* @deprecated
*
* @return User
*/
protected function getUser()
{
/** @var User */
return $this->container->get('user');
}
/**
* @deprecated
*
* @return Acl
*/
protected function getAcl()
{
/** @var Acl */
return $this->container->get('acl');
}
/**
* @deprecated
*
* @return AclManager
*/
protected function getAclManager()
{
/** @var AclManager */
return $this->container->get('aclManager');
}
/**
* @deprecated
*
* @return Config
*/
protected function getConfig()
{
/** @var Config */
return $this->container->get('config');
}
/**
* @deprecated
* @return Preferences
*/
protected function getPreferences()
{
/** @var Preferences */
return $this->container->get('preferences');
}
/**
* @deprecated
*
* @return Metadata
*/
protected function getMetadata()
{
/** @var Metadata */
return $this->container->get('metadata');
}
/**
* @deprecated
*
* @return ServiceFactory
*/
protected function getServiceFactory()
{
/** @var ServiceFactory */
return $this->container->get('serviceFactory');
}
}

236
application/Espo/Core/Controllers/Record.php Normal file
View File

@@ -0,0 +1,236 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Controllers;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Api\Request;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\NotFound;
use Espo\Core\Exceptions\NotFoundSilent;
use Espo\Core\Select\SearchParams;
use Espo\Core\Utils\Json;
use stdClass;
class Record extends RecordBase
{
/**
* List related records.
*
* @throws BadRequest
* @throws NotFound
* @throws Forbidden
* @noinspection PhpUnused
*/
public function getActionListLinked(Request $request): stdClass
{
$id = $request->getRouteParam('id');
$link = $request->getRouteParam('link');
if (!$id) {
throw new BadRequest("No ID.");
}
if (!$link) {
throw new BadRequest("No link.");
}
$searchParams = $this->fetchSearchParamsFromRequest($request);
$result = $this->getRecordService()->findLinked($id, $link, $searchParams);
return $result->toApiOutput();
}
/**
* Relate records.
*
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function postActionCreateLink(Request $request): bool
{
$id = $request->getRouteParam('id');
$link = $request->getRouteParam('link');
$data = $request->getParsedBody();
if (!$id || !$link) {
throw new BadRequest();
}
if (!empty($data->massRelate)) {
$searchParams = $this->fetchMassLinkSearchParamsFromRequest($request);
return $this->getRecordService()->massLink($id, $link, $searchParams);
}
$foreignIdList = [];
if (isset($data->id)) {
$foreignIdList[] = $data->id;
}
if (isset($data->ids) && is_array($data->ids)) {
foreach ($data->ids as $foreignId) {
$foreignIdList[] = $foreignId;
}
}
$result = false;
foreach ($foreignIdList as $foreignId) {
$this->getRecordService()->link($id, $link, $foreignId);
$result = true;
}
return $result;
}
/**
* Un-relate records.
*
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
*/
public function deleteActionRemoveLink(Request $request): bool
{
$id = $request->getRouteParam('id');
$link = $request->getRouteParam('link');
$data = $request->getParsedBody();
if (!$id || !$link) {
throw new BadRequest();
}
$foreignIdList = [];
if (isset($data->id)) {
$foreignIdList[] = $data->id;
}
if (isset($data->ids) && is_array($data->ids)) {
foreach ($data->ids as $foreignId) {
$foreignIdList[] = $foreignId;
}
}
$result = false;
foreach ($foreignIdList as $foreignId) {
$this->getRecordService()->unlink($id, $link, $foreignId);
$result = true;
}
return $result;
}
/**
* Follow a record.
*
* @throws BadRequest
* @throws NotFoundSilent
* @throws Forbidden
* @noinspection PhpUnused
*/
public function putActionFollow(Request $request): bool
{
$id = $request->getRouteParam('id');
if (!$id) {
throw new BadRequest("No ID.");
}
$this->getRecordService()->follow($id);
return true;
}
/**
* Unfollow a record.
*
* @throws NotFoundSilent
* @throws BadRequest
* @noinspection PhpUnused
*/
public function deleteActionUnfollow(Request $request): bool
{
$id = $request->getRouteParam('id');
if (!$id) {
throw new BadRequest("No ID.");
}
$this->getRecordService()->unfollow($id);
return true;
}
/**
* @throws BadRequest
*/
private function fetchMassLinkSearchParamsFromRequest(Request $request): SearchParams
{
$data = $request->getParsedBody();
$where = $data->where ?? null;
if ($where !== null) {
$where = json_decode(Json::encode($where), true);
}
$params = json_decode(
Json::encode(
$data->searchParams ?? $data->selectData ?? (object) []
),
true
);
if ($where !== null && !is_array($where)) {
throw new BadRequest("Bad 'where.");
}
if ($where !== null) {
$params['where'] = array_merge(
$params['where'] ?? [],
$where
);
}
unset($params['select']);
return SearchParams::fromRaw($params);
}
}

348
application/Espo/Core/Controllers/RecordBase.php Normal file
View File

@@ -0,0 +1,348 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Controllers;
use Espo\Core\Exceptions\Conflict;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\ForbiddenSilent;
use Espo\Core\Exceptions\NotFound;
use Espo\Core\Exceptions\NotFoundSilent;
use Espo\Core\Record\ServiceContainer as RecordServiceContainer;
use Espo\Core\Record\SearchParamsFetcher;
use Espo\Core\Record\CreateParamsFetcher;
use Espo\Core\Record\ReadParamsFetcher;
use Espo\Core\Record\UpdateContext;
use Espo\Core\Record\UpdateParamsFetcher;
use Espo\Core\Record\DeleteParamsFetcher;
use Espo\Core\Record\FindParamsFetcher;
use Espo\Core\Record\Service as RecordService;
use Espo\Core\Container;
use Espo\Core\Acl;
use Espo\Core\AclManager;
use Espo\Core\Utils\Config;
use Espo\Core\Utils\Metadata;
use Espo\Core\ServiceFactory;
use Espo\Core\Api\Request;
use Espo\Core\Api\Response;
use Espo\Core\Select\SearchParams;
use Espo\Core\Di;
use Espo\Entities\User;
use Espo\Entities\Preferences;
use Espo\ORM\Entity;
use Espo\ORM\EntityManager;
use stdClass;
class RecordBase extends Base implements
Di\EntityManagerAware,
Di\InjectableFactoryAware
{
use Di\EntityManagerSetter;
use Di\InjectableFactorySetter;
/** @var string */
public static $defaultAction = 'list';
/** @var RecordServiceContainer */
protected $recordServiceContainer;
/** @var Config */
protected $config;
/** @var User */
protected $user;
/** @var Acl */
protected $acl;
/**
* @deprecated
* @var EntityManager
*/
protected $entityManager;
public function __construct(
protected SearchParamsFetcher $searchParamsFetcher,
protected CreateParamsFetcher $createParamsFetcher,
protected ReadParamsFetcher $readParamsFetcher,
protected UpdateParamsFetcher $updateParamsFetcher,
protected DeleteParamsFetcher $deleteParamsFetcher,
RecordServiceContainer $recordServiceContainer,
protected FindParamsFetcher $findParamsFetcher,
Config $config,
User $user,
Acl $acl,
// Parameters below are for backward compatibility.
Container $container,
AclManager $aclManager,
Preferences $preferences,
Metadata $metadata,
ServiceFactory $serviceFactory
) {
$this->recordServiceContainer = $recordServiceContainer;
$this->config = $config;
$this->user = $user;
$this->acl = $acl;
parent::__construct(
$container,
$user,
$acl,
$aclManager,
$config,
$preferences,
$metadata,
$serviceFactory
);
}
protected function getEntityType(): string
{
return $this->name;
}
/**
* @return RecordService<Entity>
*/
protected function getRecordService(?string $entityType = null): RecordService
{
return $this->recordServiceContainer->get($entityType ?? $this->getEntityType());
}
/**
* Read a record.
*
* @throws NotFoundSilent
* @throws ForbiddenSilent
* @throws BadRequest
* @throws Forbidden
* @noinspection PhpUnusedParameterInspection
*/
public function getActionRead(Request $request, Response $response): stdClass
{
if (method_exists($this, 'actionRead')) {
// For backward compatibility.
return (object) $this->actionRead($request->getRouteParams(), $request->getParsedBody(), $request);
}
$id = $request->getRouteParam('id');
$params = $this->readParamsFetcher->fetch($request);
if (!$id) {
throw new BadRequest("No ID.");
}
$entity = $this->getRecordService()->read($id, $params);
return $entity->getValueMap();
}
/**
* Create a record.
*
* @throws Forbidden
* @throws Conflict
* @throws BadRequest
*/
public function postActionCreate(Request $request, Response $response): stdClass
{
if (method_exists($this, 'actionCreate')) {
// For backward compatibility.
return (object) $this->actionCreate($request->getRouteParams(), $request->getParsedBody(), $request);
}
$data = $request->getParsedBody();
$params = $this->createParamsFetcher->fetch($request);
$entity = $this->getRecordService()->create($data, $params);
return $entity->getValueMap();
}
/**
* @throws BadRequest
* @throws NotFound
* @throws Forbidden
* @throws Conflict
* @noinspection PhpUnused
*/
public function patchActionUpdate(Request $request, Response $response): stdClass
{
return $this->putActionUpdate($request, $response);
}
/**
* Update a record.
*
* @throws BadRequest
* @throws NotFound
* @throws Forbidden
* @throws Conflict
* @noinspection PhpUnusedParameterInspection
*/
public function putActionUpdate(Request $request, Response $response): stdClass
{
if (method_exists($this, 'actionUpdate')) {
// For backward compatibility.
return (object) $this->actionUpdate($request->getRouteParams(), $request->getParsedBody(), $request);
}
$id = $request->getRouteParam('id');
$data = $request->getParsedBody();
if (!$id) {
throw new BadRequest("No ID.");
}
$params = $this->updateParamsFetcher->fetch($request);
$context = new UpdateContext();
$params = $params->withContext($context);
$entity = $this->getRecordService()->update($id, $data, $params);
if ($context->linkUpdated) {
$response->setHeader('X-Record-Link-Updated', 'true');
}
return $entity->getValueMap();
}
/**
* List records.
*
* @throws Forbidden
* @throws BadRequest
* @throws Error
*/
public function getActionList(Request $request, Response $response): stdClass
{
if (method_exists($this, 'actionList')) {
// For backward compatibility.
return (object) $this->actionList($request->getRouteParams(), $request->getParsedBody(), $request);
}
$searchParams = $this->fetchSearchParamsFromRequest($request);
$findParams = $this->findParamsFetcher->fetch($request);
$recordCollection = $this->getRecordService()->find($searchParams, $findParams);
return $recordCollection->toApiOutput();
}
/**
* Delete a record.
*
* @throws Forbidden
* @throws BadRequest
* @throws NotFound
* @throws Conflict
* @noinspection PhpUnusedParameterInspection
*/
public function deleteActionDelete(Request $request, Response $response): bool
{
if (method_exists($this, 'actionDelete')) {
// For backward compatibility.
return $this->actionDelete($request->getRouteParams(), $request->getParsedBody(), $request);
}
$id = $request->getRouteParam('id');
$params = $this->deleteParamsFetcher->fetch($request);
if (!$id) {
throw new BadRequest("No ID.");
}
$this->getRecordService()->delete($id, $params);
return true;
}
/**
* @throws BadRequest
* @throws Forbidden
*/
protected function fetchSearchParamsFromRequest(Request $request): SearchParams
{
return $this->searchParamsFetcher->fetch($request);
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
* @throws ForbiddenSilent
* @noinspection PhpUnused
*/
public function postActionGetDuplicateAttributes(Request $request): stdClass
{
$id = $request->getParsedBody()->id ?? null;
if (!$id) {
throw new BadRequest();
}
return $this->getRecordService()->getDuplicateAttributes($id);
}
/**
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
* @throws Conflict
* @noinspection PhpUnused
*/
public function postActionRestoreDeleted(Request $request): bool
{
if (!$this->user->isAdmin()) {
throw new Forbidden();
}
$id = $request->getParsedBody()->id ?? null;
if (!$id) {
throw new BadRequest();
}
$this->getRecordService()->restoreDeleted($id);
return true;
}
/**
* @deprecated
* @return EntityManager
*/
protected function getEntityManager()
{
return $this->entityManager;
}
}

201
application/Espo/Core/Controllers/RecordTree.php Normal file
View File

@@ -0,0 +1,201 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Controllers;
use Espo\Core\Acl\Table;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\BadRequest;
use Espo\Core\Exceptions\Error;
use Espo\Core\Exceptions\NotFound;
use Espo\Core\ORM\Entity;
use Espo\Core\Templates\Entities\CategoryTree;
use Espo\Services\RecordTree as Service;
use Espo\Core\Api\Request;
use Espo\Tools\CategoryTree\Move\MoveParams;
use Espo\Tools\CategoryTree\MoveService;
use Espo\Tools\CategoryTree\Record\ReadTreeParams;
use RuntimeException;
use stdClass;
class RecordTree extends Record
{
/**
* @var string
*/
public static $defaultAction = 'list';
/**
* Get a category tree.
*
* @throws BadRequest
* @throws Forbidden
* @throws NotFound
* @noinspection PhpUnused
*/
public function getActionListTree(Request $request): stdClass
{
$selectParams = $this->fetchSearchParamsFromRequest($request);
$parentId = $request->getQueryParam('parentId');
$currentId = $request->getQueryParam('currentId');
$maxDepth = $request->getQueryParam('maxDepth');
$onlyNotEmpty = (bool) $request->getQueryParam('onlyNotEmpty');
if ($parentId && $currentId) {
throw new BadRequest("Cannot have both parentId and currentId set.");
}
if ($maxDepth !== null) {
$maxDepth = (int) $maxDepth;
}
$params = new ReadTreeParams(
where: $selectParams->getWhere(),
onlyNotEmpty: $onlyNotEmpty,
currentId: $currentId,
maxDepth: $maxDepth,
parentId: $parentId,
);
$service = $this->getRecordTreeService();
$collection = $service->getTree($params);
if (!$collection) {
throw new RuntimeException();
}
$openPath = null;
if ($params->currentId) {
$openPath = $service->getTreeItemPath($params->currentId);
}
return (object) [
'list' => $collection->getValueMapList(),
'path' => $service->getTreeItemPath($parentId),
'data' => $service->getCategoryData($parentId),
'openPath' => $openPath,
];
}
/**
* @return string[]
* @throws Forbidden
* @throws BadRequest
* @noinspection PhpUnused
*/
public function getActionLastChildrenIdList(Request $request): array
{
if (!$this->acl->check($this->name, Table::ACTION_READ)) {
throw new Forbidden();
}
$parentId = $request->getQueryParam('parentId');
return $this->getRecordTreeService()->getLastChildrenIdList($parentId);
}
/**
* @throws Forbidden
* @throws BadRequest
* @throws NotFound
* @throws Error
* @noinspection PhpUnused
*/
public function postActionMove(Request $request): bool
{
if (!$this->acl->check($this->name, Table::ACTION_EDIT)) {
throw new Forbidden();
}
$id = $request->getParsedBody()->id ?? null;
$referenceId = $request->getParsedBody()->referenceId ?? null;
$type = $request->getParsedBody()->type ?? null;
if (!is_string($id)) {
throw new BadRequest("Bad id.");
}
if (!is_string($referenceId)) {
throw new BadRequest("Bad referenceId.");
}
$typeInternal = match ($type) {
'into' => MoveParams::TYPE_INTO,
'before' => MoveParams::TYPE_BEFORE,
'after' => MoveParams::TYPE_AFTER,
default => null,
};
if ($typeInternal === null) {
throw new BadRequest("Bad type.");
}
$entity = $this->getRecordService()->getEntity($id);
if (!$entity) {
throw new NotFound("Record not found.");
}
if (!$entity instanceof CategoryTree) {
throw new RuntimeException("Non-tree entity.");
}
if (!$this->acl->checkEntityEdit($entity)) {
throw new Forbidden("No edit access.");
}
$params = new MoveParams(
type: $typeInternal,
referenceId: $referenceId,
);
$service = $this->injectableFactory->create(MoveService::class);
$service->move($entity, $params);
return true;
}
/**
* @return Service<Entity>
*/
protected function getRecordTreeService(): Service
{
$service = $this->getRecordService();
if (!$service instanceof Service) {
throw new RuntimeException();
}
return $service;
}
}