bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2026-01-19 17:44:46 +01:00
commit 823af8b11d
8721 changed files with 1130846 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
application/Espo/Tools/DataPrivacy/Erasor.php Normal file
View File

@@ -0,0 +1,177 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Tools\DataPrivacy;
use Espo\Core\Acl\Permission;
use Espo\Core\Acl\Table;
use Espo\Core\Exceptions\Forbidden;
use Espo\Core\Exceptions\NotFound;
use Espo\Core\FieldProcessing\EmailAddress\AccessChecker as EmailAddressAccessChecker;
use Espo\Core\FieldProcessing\PhoneNumber\AccessChecker as PhoneNumberAccessChecker;
use Espo\Core\Name\Field;
use Espo\Core\ORM\Type\FieldType;
use Espo\Core\Record\ServiceContainer as RecordServiceContainer;
use Espo\Core\Di;
use Espo\Entities\Attachment;
class Erasor implements
Di\AclAware,
Di\AclManagerAware,
Di\MetadataAware,
Di\ServiceFactoryAware,
Di\EntityManagerAware,
Di\FieldUtilAware,
Di\UserAware
{
use Di\AclSetter;
use Di\AclManagerSetter;
use Di\MetadataSetter;
use Di\ServiceFactorySetter;
use Di\EntityManagerSetter;
use Di\FieldUtilSetter;
use Di\UserSetter;
public function __construct(
private RecordServiceContainer $recordServiceContainer,
private EmailAddressAccessChecker $emailAddressAccessChecker,
private PhoneNumberAccessChecker $phoneNumberAccessChecker
) {}
/**
* @param string[] $fieldList
* @throws Forbidden
* @throws NotFound
*/
public function erase(string $entityType, string $id, array $fieldList): void
{
if ($this->acl->getPermissionLevel(Permission::DATA_PRIVACY) === Table::LEVEL_NO) {
throw new Forbidden();
}
$service = $this->recordServiceContainer->get($entityType);
$entity = $this->entityManager->getEntityById($entityType, $id);
if (!$entity) {
throw new NotFound();
}
if (!$this->acl->check($entity, Table::ACTION_EDIT)) {
throw new Forbidden("No edit access.");
}
$forbiddenFieldList = $this->acl->getScopeForbiddenFieldList($entityType, Table::ACTION_EDIT);
foreach ($fieldList as $field) {
if (in_array($field, $forbiddenFieldList)) {
throw new Forbidden("Field '$field' is forbidden to edit.");
}
}
$service->loadAdditionalFields($entity);
$fieldUtil = $this->fieldUtil;
foreach ($fieldList as $field) {
$type = $this->metadata->get(['entityDefs', $entityType, 'fields', $field, 'type']);
$attributeList = $fieldUtil->getActualAttributeList($entityType, $field);
if ($type === FieldType::EMAIL) {
$emailAddressList = $entity->get('emailAddresses');
foreach ($emailAddressList as $emailAddress) {
if (
$this->emailAddressAccessChecker
->checkEdit($this->user, $emailAddress, $entity)
) {
$emailAddress->set(Field::NAME, 'ERASED:' . $emailAddress->getId());
$emailAddress->set('optOut', true);
$this->entityManager->saveEntity($emailAddress);
}
}
$entity->clear($field);
$entity->clear($field . 'Data');
continue;
} else if ($type === FieldType::PHONE) {
$phoneNumberList = $entity->get('phoneNumbers');
foreach ($phoneNumberList as $phoneNumber) {
if (
$this->phoneNumberAccessChecker
->checkEdit($this->user, $phoneNumber, $entity)
) {
$phoneNumber->set(Field::NAME, 'ERASED:' . $phoneNumber->getId());
$this->entityManager->saveEntity($phoneNumber);
}
}
$entity->clear($field);
$entity->clear($field . 'Data');
continue;
} else if ($type === FieldType::FILE || $type === FieldType::IMAGE) {
$attachmentId = $entity->get($field . 'Id');
if ($attachmentId) {
$attachment = $this->entityManager->getEntityById(Attachment::ENTITY_TYPE, $attachmentId);
if ($attachment) {
$this->entityManager->removeEntity($attachment);
}
}
} else if ($type === FieldType::ATTACHMENT_MULTIPLE) {
$attachmentList = $entity->get($field);
foreach ($attachmentList as $attachment) {
$this->entityManager->removeEntity($attachment);
}
}
foreach ($attributeList as $attribute) {
if (
in_array($entity->getAttributeType($attribute), [$entity::VARCHAR, $entity::TEXT]) &&
$entity->get($attribute)
) {
$entity->set($attribute, null);
} else {
$entity->set($attribute, null);
}
}
}
$this->entityManager->saveEntity($entity);
}
}