Security hardening

datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php

@@ -1228,8 +1228,6 @@ class ObjectController extends BrickController
 		$oRequestManipulator = $this->get('request_manipulator');
 		/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
 		$oScopeValidator = $this->get('scope_validator');
-        /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
-        $oSecurityHelper = $this->get('security_helper');
 
 		$aData = array();
 
@@ -1266,12 +1264,6 @@ class ObjectController extends BrickController
 		// Retrieving objects
 		while ($oObject = $oSet->Fetch())
 		{
-            $sObjectId = $oObject->Get('id');
-            if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId))
-            {
-                IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to read '.$sObjectClass.'::'.$sObjectId.' object.');
-                throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
-            }
 			$aData['items'][] = $this->PrepareObjectInformation($oObject, $aObjectAttCodes);
 		}