composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 02:28:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°3203 - Portal: Fix image attribute of an object not authorized if object out of scope

Browse Source
This commit is contained in:
Molkobain
2021-07-15 11:38:57 +02:00
parent a4104d4315
commit 1a79dcd773
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
View File

@@ -1055,12 +1055,11 @@ class ObjectController extends BrickController
}
// Retrieving object
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* Must not be found */,
$oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sHostClass));
$bAllowAllDataFlag = ($bCheckSecurity === false) ? true : $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sHostClass);
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* Must not be found */, $bAllowAllDataFlag);
if ($oObject === null)
{
// We should never be there as the security helper makes sure that the object exists, but just in case.
IssueLog::Info(__METHOD__.' at line '.__LINE__.' : Could not load object '.$sObjectClass.'::'.$sObjectId.'.');
IssueLog::Info(__METHOD__.' at line '.__LINE__.': Could not load object '.$sObjectClass.'::'.$sObjectId.'.');
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
}