From cf8d675cb2dcf9c1a920fff86eb06e5b7f3d4cba Mon Sep 17 00:00:00 2001
From: jbostoen <6421683+jbostoen@users.noreply.github.com>
Date: Tue, 11 Apr 2023 18:04:48 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20N=C2=B06174=20Fix=20attachments?=
 =?UTF-8?q?=20to=20host=20objects=20without=20org=5Fid=20can=20not=20be=20?=
 =?UTF-8?q?downloaded=20from=20the=20portal=20(#303)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../portal/src/Controller/ObjectController.php              | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
index 1a1724e75..058a0303a 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php
@@ -1106,6 +1106,12 @@ class ObjectController extends BrickController
 			$oAttachment = MetaModel::GetObject($sObjectClass, $sObjectId, true, true);
 			$sHostClass = $oAttachment->Get('item_class');
 			$sHostId = $oAttachment->Get('item_id');
+			
+			// Attachments could be linked to host objects without an org_id. Retrieving the attachment would fail if enforced silos are based on org_id
+			if($oAttachment->Get('item_org_id') === 0 && ($sHostId > 0) && $oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId)) {
+				$bCheckSecurity = false;
+			}
+			
 		}
 		else
 		{