N°8528 - ignore silo not applied on 1:n linkedset displayed in form in portal #761

Copilot · 2026-02-04T14:05:56Z

OptimizeColumnLoad() expects an array keyed by class alias (see DBObjectSet::OptimizeColumnLoad()), but this uses $this->sClass (class name). If the underlying filter alias was renamed (eg to Link in indirect linkedsets), this optimization won’t apply and the set may still load all columns. Use the original filter’s class alias (eg $this->oOriginalSet->GetFilter()->GetClassAlias()) as the key.

Suggested change

$this->oOriginalSet->OptimizeColumnLoad([$this->sClass => []]);

$oFilter = $this->oOriginalSet->GetFilter();

$sClassAlias = $oFilter->GetClassAlias();

$this->oOriginalSet->OptimizeColumnLoad([$sClassAlias => []]);

Copilot · 2026-02-04T14:05:55Z

MetaModel::GetObject($this->sClass, $sId, true, true) sets $bAllowAllData=true, which bypasses user-rights filtering for every ormLinkSet iteration. As ormLinkSet is a core structure used outside the portal, this can expose objects/fields a user is not allowed to read. Instead, pass the AllowAllData flag from the original set/search (eg based on $this->oOriginalSet->GetFilter()->IsAllDataAllowed()), so ignoring silos only happens when the underlying query explicitly allows it.

Suggested change

$oRet = MetaModel::GetObject($this->sClass, $sId, true, true);

$bAllowAllData = false;

if ($this->oOriginalSet !== null)

{

$bAllowAllData = $this->oOriginalSet->GetFilter()->IsAllDataAllowed();

}

$oRet = MetaModel::GetObject($this->sClass, $sId, true, $bAllowAllData);

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,6 +9,7 @@ @@
     use CMDBSource;
     use Combodo\iTop\Application\UI\Links\Set\BlockLinkSetDisplayAsProperty;
     use Combodo\iTop\Form\Field\LinkedSetField;
+    use Combodo\iTop\Portal\Helper\ScopeValidatorHelper;
     use Combodo\iTop\Renderer\Console\ConsoleBlockRenderer;
     use Combodo\iTop\Service\Links\LinkSetModel;
     use CoreException;
@@ Expand All / @@ -21,6 +22,7 @@ @@
     use ExceptionLog;
     use IssueLog;
     use MetaModel;
+    use ModuleDesign;
     use ormLinkSet;
     use ValueSetObjects;
@@ Expand Down Expand Up @@
     				$oLinkSearch->AddCondition_PointingTo($oRemoteSearch, $this->GetExtKeyToRemote());
     			}
     		}
+    		//Add silo in portal context
+    		if (defined('PORTAL_ID'))
+    		{
+    			$oModuleDesign = new ModuleDesign(PORTAL_ID);
+    			$oScopeValidatorHelper = new ScopeValidatorHelper($oModuleDesign, PORTAL_ID);
+    			$oScopeValidatorHelper->AddScopeToQuery($oLinkSearch, $oLinkSearch->GetClass());
+    		}
     		$oLinks = new DBObjectSet($oLinkSearch);
     		$oLinkSet = new ormLinkSet($this->GetHostClass(), $this->GetCode(), $oLinks);
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

N°8528 - ignore silo not applied on 1:n linkedset displayed in form in portal #761

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Copilot AI Feb 4, 2026

Uh oh!

Copilot AI Feb 4, 2026

Uh oh!

N°8528 - ignore silo not applied on 1:n linkedset displayed in form in portal #761

Are you sure you want to change the base?

Uh oh!

N°8528 - ignore silo not applied on 1:n linkedset displayed in form in portal #761

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

Uh oh!