8 years ago · 0d8325117a
--- a/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php
@@ -207,6 +207,11 @@ class ManageBrickController extends BrickController
 
				 				if ($oDistinctScopeQuery != null)

			
 
				 				{

			
 
				 					$oDistinctQuery = $oDistinctQuery->Intersect($oDistinctScopeQuery);

			
 
				+					// - Allowing all data if necessary

			
 
				+					if ($oDistinctScopeQuery->IsAllDataAllowed())

			
 
				+					{

			
 
				+						$oDistinctQuery->AllowAllData();

			
 
				+					}

			
 
				 				}

			
 
				 				// Adding grouping conditions

			
 
				 				$oFieldExp = new FieldExpression($sGroupingAreaAttCode, $sParentAlias);

			
@@ -261,7 +266,19 @@ class ManageBrickController extends BrickController
 
				 			// Note : Will need to moved the scope restriction on queries elsewhere when we consider grouping on something else than finalclass

			
 
				 			// Note : We now get view scope instead of edit scope as we allowed users to view/edit objects in the brick regarding their rights

			
 
				 			$oScopeQuery = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $aGroupingAreasValue['value'], UR_ACTION_READ);

			
 
				-			$oAreaQuery = ($oScopeQuery !== null) ? $oAreaQuery->Intersect($oScopeQuery) : null;

			
 
				+			if ($oScopeQuery !== null)

			
 
				+			{

			
 
				+				$oAreaQuery = $oAreaQuery->Intersect($oScopeQuery);

			
 
				+				// - Allowing all data if necessary

			
 
				+				if ($oScopeQuery->IsAllDataAllowed())

			
 
				+				{

			
 
				+					$oAreaQuery->AllowAllData();

			
 
				+				}

			
 
				+			}

			
 
				+			else

			
 
				+			{

			
 
				+				$oAreaQuery = null;

			
 
				+			}

			
 
				 

			
 
				 			$aQueries[$sKey] = $oAreaQuery;

			
 
				 		}

			
--- a/datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
@@ -739,7 +739,13 @@ class ObjectController extends AbstractController
 
				 		// It is the responsability of the template designer to write the right query so the user see only what he should.

			
 
				 		if ($oTargetAttDef->GetEditClass() !== 'CustomFields')

			
 
				 		{

			
 
				-			$oSearch = $oSearch->Intersect($oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ));

			
 
				+			$oScopeSearch = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ);

			
 
				+			$oSearch = $oSearch->Intersect($oScopeSearch);

			
 
				+			// - Allowing all data if necessary

			
 
				+			if ($oScopeSearch->IsAllDataAllowed())

			
 
				+			{

			
 
				+				$oSearch->AllowAllData();

			
 
				+			}

			
 
				 		}

			
 
				 

			
 
				 		// Retrieving results

			
@@ -991,6 +997,11 @@ class ObjectController extends AbstractController
 
				 		if (($oScopeSearch !== null) && ($oTargetAttDef->GetEditClass() !== 'CustomFields'))

			
 
				 		{

			
 
				 			$oSearch = $oSearch->Intersect($oScopeSearch);

			
 
				+			// - Allowing all data if necessary

			
 
				+			if ($oScopeSearch->IsAllDataAllowed())

			
 
				+			{

			
 
				+				$oSearch->AllowAllData();

			
 
				+			}

			
 
				 		}

			
 
				 

			
 
				 		// Retrieving results

			
@@ -1216,6 +1227,11 @@ class ObjectController extends AbstractController
 
				 //		}

			
 
				 		// - Intersecting with scope constraints

			
 
				 		$oSearch = $oSearch->Intersect($oScopeSearch);

			
 
				+		// - Allowing all data if necessary

			
 
				+		if ($oScopeSearch->IsAllDataAllowed())

			
 
				+		{

			
 
				+			$oSearch->AllowAllData();

			
 
				+		}

			
 
				 

			
 
				 		// Retrieving results

			
 
				 		// - Preparing object set