bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2026-01-19 17:44:46 +01:00
commit 823af8b11d
8721 changed files with 1130846 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
application/Espo/Core/Select/AccessControl/Applier.php Normal file
View File

@@ -0,0 +1,104 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl;
use Espo\Core\Select\OrmSelectBuilder;
use Espo\Core\Select\AccessControl\FilterFactory as AccessControlFilterFactory;
use Espo\Core\Select\AccessControl\FilterResolverFactory as AccessControlFilterResolverFactory;
use Espo\Core\Select\SelectManager;
use Espo\Entities\User;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
use RuntimeException;
class Applier
{
public function __construct(
private string $entityType,
private User $user,
private AccessControlFilterFactory $accessControlFilterFactory,
private AccessControlFilterResolverFactory $accessControlFilterResolverFactory,
private SelectManager $selectManager
) {}
public function apply(QueryBuilder $queryBuilder): void
{
// For backward compatibility.
if (
$this->selectManager->hasInheritedAccessMethod() &&
$queryBuilder instanceof OrmSelectBuilder
) {
$this->selectManager->applyAccessToQueryBuilder($queryBuilder);
return;
}
$this->applyMandatoryFilter($queryBuilder);
$accessControlFilterResolver = $this->accessControlFilterResolverFactory
->create($this->entityType, $this->user);
$filterName = $accessControlFilterResolver->resolve();
if (!$filterName) {
return;
}
// For backward compatibility.
if (
$this->selectManager->hasInheritedAccessFilterMethod($filterName) &&
$queryBuilder instanceof OrmSelectBuilder
) {
$this->selectManager->applyAccessFilterToQueryBuilder($queryBuilder, $filterName);
return;
}
if ($this->accessControlFilterFactory->has($this->entityType, $filterName)) {
$filter = $this->accessControlFilterFactory
->create($this->entityType, $this->user, $filterName);
$filter->apply($queryBuilder);
return;
}
throw new RuntimeException("No access filter '{$filterName}' for '{$this->entityType}'.");
}
private function applyMandatoryFilter(QueryBuilder $queryBuilder): void
{
$filter = $this->accessControlFilterFactory
->create($this->entityType, $this->user, 'mandatory');
$filter->apply($queryBuilder);
}
}

59
application/Espo/Core/Select/AccessControl/DefaultFilterResolver.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl;
use Espo\Core\Acl;
class DefaultFilterResolver implements FilterResolver
{
public function __construct(private string $entityType, private Acl $acl)
{}
public function resolve(): ?string
{
if ($this->acl->checkReadNo($this->entityType)) {
return 'no';
}
if ($this->acl->checkReadOnlyOwn($this->entityType)) {
return 'onlyOwn';
}
if ($this->acl->checkReadOnlyTeam($this->entityType)) {
return 'onlyTeam';
}
if ($this->acl->checkReadAll($this->entityType)) {
return 'all';
}
return 'no';
}
}

63
application/Espo/Core/Select/AccessControl/DefaultPortalFilterResolver.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl;
use Espo\Core\Portal\Acl;
class DefaultPortalFilterResolver implements FilterResolver
{
public function __construct(private string $entityType, private Acl $acl)
{}
public function resolve(): ?string
{
if ($this->acl->checkReadNo($this->entityType)) {
return 'no';
}
if ($this->acl->checkReadOnlyOwn($this->entityType)) {
return 'portalOnlyOwn';
}
if ($this->acl->checkReadOnlyAccount($this->entityType)) {
return 'portalOnlyAccount';
}
if ($this->acl->checkReadOnlyContact($this->entityType)) {
return 'portalOnlyContact';
}
if ($this->acl->checkReadAll($this->entityType)) {
return 'portalAll';
}
return 'no';
}
}

46
application/Espo/Core/Select/AccessControl/Filter.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
/**
* An access filter.
*
* Bindings:
* - `$entityType`
* - `Espo\Entities\User`
* - `Espo\Core\AclManager` as of v9.1.
* - `Espo\Core\Acl`
*/
interface Filter
{
public function apply(QueryBuilder $queryBuilder): void;
}

134
application/Espo/Core/Select/AccessControl/FilterFactory.php Normal file
View File

@@ -0,0 +1,134 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl;
use Espo\Core\Acl;
use Espo\Core\AclManager;
use Espo\Core\Binding\Binder;
use Espo\Core\Binding\BindingContainer;
use Espo\Core\Binding\BindingData;
use Espo\Core\InjectableFactory;
use Espo\Core\Portal\Acl as PortalAcl;
use Espo\Core\Portal\AclManager as PortalAclManager;
use Espo\Core\Select\Helpers\FieldHelper;
use Espo\Core\Utils\Metadata;
use Espo\Entities\User;
use RuntimeException;
class FilterFactory
{
public function __construct(
private InjectableFactory $injectableFactory,
private Metadata $metadata,
private AclManager $aclManager,
private Acl $acl,
) {}
public function create(string $entityType, User $user, string $name): Filter
{
$className = $this->getClassName($entityType, $name);
if (!$className) {
throw new RuntimeException("Access control filter '$name' for '$entityType' does not exist.");
}
$bindingData = new BindingData();
$binder = new Binder($bindingData);
$binder
->bindInstance(User::class, $user)
->bindInstance(AclManager::class, $this->aclManager)
->bindInstance(Acl::class, $this->acl);
if ($user->isPortal()) {
$binder->bindInstance(PortalAcl::class, $this->acl);
$binder->bindInstance(PortalAclManager::class, $this->aclManager);
}
$binder
->for($className)
->bindValue('$entityType', $entityType);
$binder
->for(FieldHelper::class)
->bindValue('$entityType', $entityType);
$bindingContainer = new BindingContainer($bindingData);
return $this->injectableFactory->createWithBinding($className, $bindingContainer);
}
public function has(string $entityType, string $name): bool
{
return (bool) $this->getClassName($entityType, $name);
}
/**
* @return class-string<Filter>
*/
private function getClassName(string $entityType, string $name): ?string
{
if (!$name) {
throw new RuntimeException("Empty access control filter name.");
}
/** @var ?class-string<Filter> $className */
$className = $this->metadata->get(
[
'selectDefs',
$entityType,
'accessControlFilterClassNameMap',
$name,
]
);
if ($className) {
return $className;
}
return $this->getDefaultClassName($name);
}
/**
* @return class-string<Filter>
*/
private function getDefaultClassName(string $name): ?string
{
$className = 'Espo\\Core\\Select\\AccessControl\\Filters\\' . ucfirst($name);
if (!class_exists($className)) {
return null;
}
/** @var class-string<Filter> */
return $className;
}
}

44
application/Espo/Core/Select/AccessControl/FilterResolver.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl;
/**
* Resolves an access filter. An entity type, acl and user to be passed to the constructor.
*
* Bindings:
* - `$entityType`
* - `Espo\Entities\User`
* - `Espo\Core\AclManager` as of v9.1.
* - `Espo\Core\Acl`
*/
interface FilterResolver
{
public function resolve(): ?string;
}

100
application/Espo/Core/Select/AccessControl/FilterResolverFactory.php Normal file
View File

@@ -0,0 +1,100 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl;
use Espo\Core\AclManager;
use Espo\Core\InjectableFactory;
use Espo\Core\Acl;
use Espo\Core\Portal\Acl as PortalAcl;
use Espo\Core\Portal\AclManager as PortalAclManager;
use Espo\Core\Utils\Metadata;
use Espo\Core\Binding\BindingContainer;
use Espo\Core\Binding\Binder;
use Espo\Core\Binding\BindingData;
use Espo\Entities\User;
class FilterResolverFactory
{
public function __construct(
private InjectableFactory $injectableFactory,
private Metadata $metadata,
private AclManager $aclManager,
private Acl $acl,
) {}
public function create(string $entityType, User $user): FilterResolver
{
$className = !$user->isPortal() ?
$this->getClassName($entityType) :
$this->getPortalClassName($entityType);
$bindingData = new BindingData();
$binder = new Binder($bindingData);
$binder
->bindInstance(User::class, $user)
->bindInstance(AclManager::class, $this->aclManager)
->bindInstance(Acl::class, $this->acl);
if ($user->isPortal()) {
$binder->bindInstance(PortalAcl::class, $this->acl);
$binder->bindInstance(PortalAclManager::class, $this->aclManager);
}
$binder
->for($className)
->bindValue('$entityType', $entityType);
$bindingContainer = new BindingContainer($bindingData);
return $this->injectableFactory->createWithBinding($className, $bindingContainer);
}
/**
* @return class-string<FilterResolver>
*/
private function getClassName(string $entityType): string
{
/** @var class-string<FilterResolver> */
return $this->metadata->get(['selectDefs', $entityType, 'accessControlFilterResolverClassName']) ??
DefaultFilterResolver::class;
}
/**
* @return class-string<FilterResolver>
*/
private function getPortalClassName(string $entityType): string
{
/** @var class-string<FilterResolver> */
return $this->metadata->get(['selectDefs', $entityType, 'portalAccessControlFilterResolverClassName']) ??
DefaultPortalFilterResolver::class;
}
}

55
application/Espo/Core/Select/AccessControl/FilterResolvers/Boolean.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\FilterResolvers;
use Espo\Core\Acl;
use Espo\Core\Select\AccessControl\FilterResolver;
class Boolean implements FilterResolver
{
private string $entityType;
private Acl $acl;
public function __construct(string $entityType, Acl $acl)
{
$this->entityType = $entityType;
$this->acl = $acl;
}
public function resolve(): ?string
{
if ($this->acl->checkScope($this->entityType)) {
return 'all';
}
return 'no';
}
}

61
application/Espo/Core/Select/AccessControl/FilterResolvers/BooleanOwn.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\FilterResolvers;
use Espo\Core\Acl;
use Espo\Core\Select\AccessControl\FilterResolver;
use Espo\Entities\User;
class BooleanOwn implements FilterResolver
{
private string $entityType;
private Acl $acl;
private User $user;
public function __construct(string $entityType, Acl $acl, User $user)
{
$this->entityType = $entityType;
$this->acl = $acl;
$this->user = $user;
}
public function resolve(): ?string
{
if (!$this->acl->checkScope($this->entityType)) {
return 'no';
}
if ($this->user->isAdmin()) {
return 'all';
}
return 'onlyOwn';
}
}

40
application/Espo/Core/Select/AccessControl/FilterResolvers/Bypass.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\FilterResolvers;
use Espo\Core\Select\AccessControl\FilterResolver;
class Bypass implements FilterResolver
{
public function resolve(): ?string
{
return null;
}
}

39
application/Espo/Core/Select/AccessControl/Filters/All.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Select\AccessControl\Filter;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
class All implements Filter
{
public function apply(QueryBuilder $queryBuilder): void
{}
}

88
application/Espo/Core/Select/AccessControl/Filters/ForeignOnlyOwn.php Normal file
View File

@@ -0,0 +1,88 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Name\Field;
use Espo\Core\Select\AccessControl\Filter;
use Espo\ORM\Defs;
use Espo\ORM\Name\Attribute;
use Espo\ORM\Query\SelectBuilder;
use Espo\Core\Utils\Metadata;
use Espo\Entities\User;
use LogicException;
class ForeignOnlyOwn implements Filter
{
public function __construct(
private string $entityType,
private User $user,
private Metadata $metadata,
private Defs $defs
) {}
public function apply(SelectBuilder $queryBuilder): void
{
$link = $this->metadata->get(['aclDefs', $this->entityType, 'link']);
if (!$link) {
throw new LogicException("No `link` in aclDefs for {$this->entityType}.");
}
$alias = $link . 'Access';
$queryBuilder->leftJoin($link, $alias);
$foreignEntityType = $this->defs
->getEntity($this->entityType)
->getRelation($link)
->getForeignEntityType();
$foreignEntityDefs = $this->defs->getEntity($foreignEntityType);
if ($foreignEntityDefs->hasField(Field::ASSIGNED_USER)) {
$queryBuilder->where([
"{$alias}.assignedUserId" => $this->user->getId(),
]);
return;
}
if ($foreignEntityDefs->hasField(Field::CREATED_BY)) {
$queryBuilder->where([
"{$alias}.createdById" => $this->user->getId(),
]);
return;
}
$queryBuilder->where([Attribute::ID => null]);
}
}

136
application/Espo/Core/Select/AccessControl/Filters/ForeignOnlyTeam.php Normal file
View File

@@ -0,0 +1,136 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Name\Field;
use Espo\Core\Select\AccessControl\Filter;
use Espo\Entities\Team;
use Espo\ORM\Name\Attribute;
use Espo\ORM\Query\Part\Condition;
use Espo\ORM\Query\Part\Expression;
use Espo\ORM\Query\Part\Where\OrGroup;
use Espo\ORM\Query\SelectBuilder;
use Espo\Core\Utils\Metadata;
use Espo\ORM\Defs;
use Espo\Entities\User;
use LogicException;
/**
* @noinspection PhpUnused
*/
class ForeignOnlyTeam implements Filter
{
public function __construct(
private string $entityType,
private User $user,
private Metadata $metadata,
private Defs $defs
) {}
public function apply(SelectBuilder $queryBuilder): void
{
$link = $this->metadata->get(['aclDefs', $this->entityType, 'link']);
if (!$link) {
throw new LogicException("No `link` in aclDefs for $this->entityType.");
}
$alias = "{$link}Access";
$ownerAttribute = $this->getOwnerAttribute($link);
if (!$ownerAttribute) {
$queryBuilder->where([Attribute::ID => null]);
return;
}
$teamIdList = $this->user->getTeamIdList();
if (count($teamIdList) === 0) {
$queryBuilder
->leftJoin($link, $alias)
->where(["$alias.$ownerAttribute" => $this->user->getId()]);
return;
}
$foreignEntityType = $this->getForeignEntityType($link);
$orGroup = OrGroup::create(
Condition::equal(
Expression::column("$alias.$ownerAttribute"),
$this->user->getId()
),
Condition::in(
Expression::column("$alias.id"),
SelectBuilder::create()
->from(Team::RELATIONSHIP_ENTITY_TEAM)
->select('entityId')
->where([
'teamId' => $teamIdList,
'entityType' => $foreignEntityType,
])
->build()
)
);
$queryBuilder
->leftJoin($link, $alias)
->where($orGroup)
->where(["$alias.id!=" => null]);
}
private function getOwnerAttribute(string $link): ?string
{
$foreignEntityType = $this->getForeignEntityType($link);
$foreignEntityDefs = $this->defs->getEntity($foreignEntityType);
if ($foreignEntityDefs->hasField(Field::ASSIGNED_USER)) {
return 'assignedUserId';
}
if ($foreignEntityDefs->hasField(Field::CREATED_BY)) {
return 'createdById';
}
return null;
}
private function getForeignEntityType(string $link): string
{
return $this->defs
->getEntity($this->entityType)
->getRelation($link)
->getForeignEntityType();
}
}

39
application/Espo/Core/Select/AccessControl/Filters/Mandatory.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Select\AccessControl\Filter;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
class Mandatory implements Filter
{
public function apply(QueryBuilder $queryBuilder): void
{}
}

42
application/Espo/Core/Select/AccessControl/Filters/No.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Select\AccessControl\Filter;
use Espo\ORM\Name\Attribute;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
class No implements Filter
{
public function apply(QueryBuilder $queryBuilder): void
{
$queryBuilder->where([Attribute::ID => null]);
}
}

101
application/Espo/Core/Select/AccessControl/Filters/OnlyOwn.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Select\AccessControl\Filter;
use Espo\Core\Select\Helpers\RelationQueryHelper;
use Espo\Core\Select\Helpers\FieldHelper;
use Espo\Entities\User;
use Espo\ORM\Name\Attribute;
use Espo\ORM\Query\Part\Where\OrGroup;
use Espo\ORM\Query\Part\WhereClause;
use Espo\ORM\Query\Part\WhereItem;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
class OnlyOwn implements Filter
{
public function __construct(
private User $user,
private FieldHelper $fieldHelper,
private string $entityType,
private RelationQueryHelper $relationQueryHelper,
) {}
public function apply(QueryBuilder $queryBuilder): void
{
$ownItem = $this->getOwnWhereItem();
if ($this->fieldHelper->hasCollaboratorsField()) {
$this->applyCollaborators($queryBuilder, $ownItem);
return;
}
if (!$ownItem) {
$queryBuilder->where([Attribute::ID => null]);
return;
}
$queryBuilder->where($ownItem);
}
private function applyCollaborators(QueryBuilder $queryBuilder, ?WhereItem $ownItem): void
{
$sharedItem = $this->relationQueryHelper->prepareCollaboratorsWhere($this->entityType, $this->user->getId());
$orBuilder = OrGroup::createBuilder();
if ($ownItem) {
$orBuilder->add($ownItem);
}
$orBuilder->add($sharedItem);
$queryBuilder->where($orBuilder->build());
}
private function getOwnWhereItem(): ?WhereItem
{
if ($this->fieldHelper->hasAssignedUsersField()) {
return $this->relationQueryHelper->prepareAssignedUsersWhere($this->entityType, $this->user->getId());
}
if ($this->fieldHelper->hasAssignedUserField()) {
return WhereClause::fromRaw(['assignedUserId' => $this->user->getId()]);
}
if ($this->fieldHelper->hasCreatedByField()) {
return WhereClause::fromRaw(['createdById' => $this->user->getId()]);
}
return null;
}
}

117
application/Espo/Core/Select/AccessControl/Filters/OnlyTeam.php Normal file
View File

@@ -0,0 +1,117 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Name\Field;
use Espo\Core\Select\AccessControl\Filter;
use Espo\Core\Select\Helpers\FieldHelper;
use Espo\Entities\Team;
use Espo\Entities\User;
use Espo\ORM\Defs;
use Espo\ORM\Name\Attribute;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
/**
* @noinspection PhpUnused
*/
class OnlyTeam implements Filter
{
public function __construct(
private User $user,
private FieldHelper $fieldHelper,
private string $entityType,
private Defs $defs
) {}
public function apply(QueryBuilder $queryBuilder): void
{
if (!$this->fieldHelper->hasTeamsField()) {
$queryBuilder->where([Attribute::ID => null]);
return;
}
$subQueryBuilder = QueryBuilder::create()
->select(Attribute::ID)
->from($this->entityType)
->leftJoin(Team::RELATIONSHIP_ENTITY_TEAM, 'entityTeam', [
'entityTeam.entityId:' => Attribute::ID,
'entityTeam.entityType' => $this->entityType,
'entityTeam.deleted' => false,
]);
// Empty list is converted to false statement by ORM.
$orGroup = ['entityTeam.teamId' => $this->user->getTeamIdList()];
if ($this->fieldHelper->hasAssignedUsersField()) {
$relationDefs = $this->defs
->getEntity($this->entityType)
->getRelation(Field::ASSIGNED_USERS);
$middleEntityType = ucfirst($relationDefs->getRelationshipName());
$key1 = $relationDefs->getMidKey();
$key2 = $relationDefs->getForeignMidKey();
$subQueryBuilder->leftJoin($middleEntityType, 'assignedUsersMiddle', [
"assignedUsersMiddle.$key1:" => Attribute::ID,
'assignedUsersMiddle.deleted' => false,
]);
$orGroup["assignedUsersMiddle.$key2"] = $this->user->getId();
} else if ($this->fieldHelper->hasAssignedUserField()) {
$orGroup['assignedUserId'] = $this->user->getId();
} else if ($this->fieldHelper->hasCreatedByField()) {
$orGroup['createdById'] = $this->user->getId();
}
if ($this->fieldHelper->hasCollaboratorsField()) {
$relationDefs = $this->defs
->getEntity($this->entityType)
->getRelation(Field::COLLABORATORS);
$middleEntityType = ucfirst($relationDefs->getRelationshipName());
$key1 = $relationDefs->getMidKey();
$key2 = $relationDefs->getForeignMidKey();
$subQueryBuilder->leftJoin($middleEntityType, 'collaboratorsMiddle', [
"collaboratorsMiddle.$key1:" => Attribute::ID,
'collaboratorsMiddle.deleted' => false,
]);
$orGroup["collaboratorsMiddle.$key2"] = $this->user->getId();
}
$subQuery = $subQueryBuilder
->where(['OR' => $orGroup])
->build();
$queryBuilder->where(['id=s' => $subQuery]);
}
}

39
application/Espo/Core/Select/AccessControl/Filters/PortalAll.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Select\AccessControl\Filter;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
class PortalAll implements Filter
{
public function apply(QueryBuilder $queryBuilder): void
{}
}

120
application/Espo/Core/Select/AccessControl/Filters/PortalOnlyAccount.php Normal file
View File

@@ -0,0 +1,120 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Name\Field;
use Espo\Core\Portal\Acl\OwnershipChecker\MetadataProvider;
use Espo\Core\Select\AccessControl\Filter;
use Espo\Core\Select\Helpers\FieldHelper;
use Espo\Core\Select\Helpers\RelationQueryHelper;
use Espo\Entities\User;
use Espo\Modules\Crm\Entities\Account;
use Espo\Modules\Crm\Entities\Contact;
use Espo\ORM\Name\Attribute;
use Espo\ORM\Query\Part\Where\OrGroup;
use Espo\ORM\Query\Part\WhereClause;
use Espo\ORM\Query\Part\WhereItem;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
class PortalOnlyAccount implements Filter
{
public function __construct(
private string $entityType,
private User $user,
private FieldHelper $fieldHelper,
private MetadataProvider $metadataProvider,
private RelationQueryHelper $relationQueryHelper,
) {}
public function apply(QueryBuilder $queryBuilder): void
{
$orBuilder = OrGroup::createBuilder();
$accountIds = $this->user->getAccounts()->getIdList();
$contactId = $this->user->getContactId();
if ($accountIds !== []) {
$or = $this->prepareAccountWhere($queryBuilder, $accountIds);
if ($or) {
$orBuilder->add($or);
}
}
if ($contactId) {
$or = $this->prepareContactWhere($queryBuilder, $contactId);
if ($or) {
$orBuilder->add($or);
}
}
if ($this->fieldHelper->hasCreatedByField()) {
$orBuilder->add(
WhereClause::fromRaw([Field::CREATED_BY . 'Id' => $this->user->getId()])
);
}
$orGroup = $orBuilder->build();
if ($orGroup->getItemCount() === 0) {
$queryBuilder->where([Attribute::ID => null]);
return;
}
$queryBuilder->where($orGroup);
}
/**
* @param string[] $ids
*/
private function prepareAccountWhere(QueryBuilder $queryBuilder, array $ids): ?WhereItem
{
$defs = $this->metadataProvider->getAccountLink($this->entityType);
if (!$defs) {
return null;
}
return $this->relationQueryHelper->prepareLinkWhere($defs, Account::ENTITY_TYPE, $ids, $queryBuilder);
}
private function prepareContactWhere(QueryBuilder $queryBuilder, string $id): ?WhereItem
{
$defs = $this->metadataProvider->getContactLink($this->entityType);
if (!$defs) {
return null;
}
return $this->relationQueryHelper->prepareLinkWhere($defs, Contact::ENTITY_TYPE, $id, $queryBuilder);
}
}

96
application/Espo/Core/Select/AccessControl/Filters/PortalOnlyContact.php Normal file
View File

@@ -0,0 +1,96 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Name\Field;
use Espo\Core\Portal\Acl\OwnershipChecker\MetadataProvider;
use Espo\Core\Select\AccessControl\Filter;
use Espo\Core\Select\Helpers\FieldHelper;
use Espo\Core\Select\Helpers\RelationQueryHelper;
use Espo\Entities\User;
use Espo\Modules\Crm\Entities\Contact;
use Espo\ORM\Name\Attribute;
use Espo\ORM\Query\Part\Where\OrGroup;
use Espo\ORM\Query\Part\WhereClause;
use Espo\ORM\Query\Part\WhereItem;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
class PortalOnlyContact implements Filter
{
public function __construct(
private string $entityType,
private User $user,
private FieldHelper $fieldHelper,
private MetadataProvider $metadataProvider,
private RelationQueryHelper $relationQueryHelper,
) {}
public function apply(QueryBuilder $queryBuilder): void
{
$orBuilder = OrGroup::createBuilder();
$contactId = $this->user->getContactId();
if ($contactId) {
$or = $this->prepareContactWhere($queryBuilder, $contactId);
if ($or) {
$orBuilder->add($or);
}
}
if ($this->fieldHelper->hasCreatedByField()) {
$orBuilder->add(
WhereClause::fromRaw([Field::CREATED_BY . 'Id' => $this->user->getId()])
);
}
$orGroup = $orBuilder->build();
if ($orGroup->getItemCount() === 0) {
$queryBuilder->where([Attribute::ID => null]);
return;
}
$queryBuilder->where($orGroup);
}
private function prepareContactWhere(QueryBuilder $queryBuilder, string $id): ?WhereItem
{
$defs = $this->metadataProvider->getContactLink($this->entityType);
if (!$defs) {
return null;
}
return $this->relationQueryHelper->prepareLinkWhere($defs, Contact::ENTITY_TYPE, $id, $queryBuilder);
}
}

55
application/Espo/Core/Select/AccessControl/Filters/PortalOnlyOwn.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\Select\AccessControl\Filters;
use Espo\Core\Select\AccessControl\Filter;
use Espo\Core\Select\Helpers\FieldHelper;
use Espo\Entities\User;
use Espo\ORM\Name\Attribute;
use Espo\ORM\Query\SelectBuilder as QueryBuilder;
class PortalOnlyOwn implements Filter
{
public function __construct(private User $user, private FieldHelper $fieldHelper)
{}
public function apply(QueryBuilder $queryBuilder): void
{
if ($this->fieldHelper->hasCreatedByField()) {
$queryBuilder->where([
'createdById' => $this->user->getId(),
]);
return;
}
$queryBuilder->where([Attribute::ID => null]);
}
}