From 8024801355bc417792f8d0fdc0b1b85971566b19 Mon Sep 17 00:00:00 2001
From: Stanislas <skita@teclib.com>
Date: Tue, 19 Nov 2024 10:19:57 +0100
Subject: [PATCH 01/21] Fix(Core): check UPDATE / VIEW right from API

---
 inc/abstractcontainerinstance.class.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 28cc8a2e..ca92fff1 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -30,6 +30,26 @@
 
 abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
 {
+
+    public function canViewItem()
+    {
+        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
+        if ($right < READ) {
+            return false;
+        }
+        return true;
+    }
+
+    public function canUpdateItem()
+    {
+        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
+        if ($right > READ) {
+            return true;
+        }
+        return false;
+    }
+
+
     public static function getSpecificValueToSelect($field, $name = '', $values = '', array $options = [])
     {
         if (!is_array($values)) {

From b0c2f05bf2cedf17700fa57d246e138ddb538feb Mon Sep 17 00:00:00 2001
From: Stanislas <skita@teclib.com>
Date: Tue, 19 Nov 2024 10:29:27 +0100
Subject: [PATCH 02/21] fix CS

---
 inc/abstractcontainerinstance.class.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index ca92fff1..6b949f40 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -30,7 +30,6 @@
 
 abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
 {
-
     public function canViewItem()
     {
         $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
@@ -49,7 +48,6 @@ public function canUpdateItem()
         return false;
     }
 
-
     public static function getSpecificValueToSelect($field, $name = '', $values = '', array $options = [])
     {
         if (!is_array($values)) {

From deb0d5dc34808bdfec2efd3bc8496d8e696b96b7 Mon Sep 17 00:00:00 2001
From: Stanislas <skita@teclib.com>
Date: Tue, 19 Nov 2024 13:37:31 +0100
Subject: [PATCH 03/21] check for access entity and prevent purge from API

---
 inc/abstractcontainerinstance.class.php | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 6b949f40..b0ec495e 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -32,6 +32,13 @@ abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
 {
     public function canViewItem()
     {
+        //check if current user have access to the main item entity
+        $item = new $this->fields['itemtype']();
+        $item->getFromDB($this->fields['item_id']);
+        if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
+            return false;
+        }
+
         $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
         if ($right < READ) {
             return false;
@@ -41,6 +48,13 @@ public function canViewItem()
 
     public function canUpdateItem()
     {
+        //check if current user have access to the main item entity
+        $item = new $this->fields['itemtype']();
+        $item->getFromDB($this->fields['item_id']);
+        if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
+            return false;
+        }
+
         $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
         if ($right > READ) {
             return true;
@@ -48,6 +62,15 @@ public function canUpdateItem()
         return false;
     }
 
+    public function canPurgeItem()
+    {
+        if (isAPI()) {
+            return false;
+        }
+        return true;
+    }
+
+
     public static function getSpecificValueToSelect($field, $name = '', $values = '', array $options = [])
     {
         if (!is_array($values)) {

From 80b337ae796288477aeaa07707faefab8844af02 Mon Sep 17 00:00:00 2001
From: Stanislas <skita@teclib.com>
Date: Tue, 19 Nov 2024 15:14:21 +0100
Subject: [PATCH 04/21] fix purge

---
 inc/abstractcontainerinstance.class.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index b0ec495e..86c1fc62 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -34,7 +34,7 @@ public function canViewItem()
     {
         //check if current user have access to the main item entity
         $item = new $this->fields['itemtype']();
-        $item->getFromDB($this->fields['item_id']);
+        $item->getFromDB($this->fields['items_id']);
         if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
             return false;
         }
@@ -50,7 +50,7 @@ public function canUpdateItem()
     {
         //check if current user have access to the main item entity
         $item = new $this->fields['itemtype']();
-        $item->getFromDB($this->fields['item_id']);
+        $item->getFromDB($this->fields['items_id']);
         if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
             return false;
         }
@@ -64,10 +64,7 @@ public function canUpdateItem()
 
     public function canPurgeItem()
     {
-        if (isAPI()) {
-            return false;
-        }
-        return true;
+        return false;
     }
 
 

From 32375cbacbe27cf4ff22230101e3563a3afcefae Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Thu, 21 Nov 2024 13:10:41 +0100
Subject: [PATCH 05/21] fix

---
 inc/abstractcontainerinstance.class.php | 49 +++++++++++++------------
 1 file changed, 25 insertions(+), 24 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 86c1fc62..ea2d889b 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -28,38 +28,40 @@
  * -------------------------------------------------------------------------
  */
 
-abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
+abstract class PluginFieldsAbstractContainerInstance extends CommonDBChild
 {
-    public function canViewItem()
-    {
-        //check if current user have access to the main item entity
-        $item = new $this->fields['itemtype']();
-        $item->getFromDB($this->fields['items_id']);
-        if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
-            return false;
-        }
 
-        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
-        if ($right < READ) {
-            return false;
+    public static $undisclosedFields = [];
+
+    public static $itemtype        = 'itemtype';
+    public static $items_id        = 'items_id';
+
+
+    /**
+     * Checks if the HTTP request targets an object with an ID.
+     *
+     * This function determines whether the path contains an ID as the last segment
+     * (i.e., a number after the final '/').
+     *
+     * @param string $path The HTTP request path (e.g., $_SERVER['PATH_INFO']).
+     * @return mixed Returns ID if is present in the path, null otherwise.
+     */
+    public static function hasRequestedObjectId(string $path): ?int
+    {
+        if (preg_match('#/(\d+)$#', $path, $matches)) {
+            return (int)$matches[1];
         }
-        return true;
+        return null;
     }
 
-    public function canUpdateItem()
+    public static function canView()
     {
-        //check if current user have access to the main item entity
-        $item = new $this->fields['itemtype']();
-        $item->getFromDB($this->fields['items_id']);
-        if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
+        $want_all =  self::hasRequestedObjectId($_SERVER['PATH_INFO']);
+        if (isAPI() && ($want_all == null)) {
             return false;
         }
 
-        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
-        if ($right > READ) {
-            return true;
-        }
-        return false;
+        return parent::canView();
     }
 
     public function canPurgeItem()
@@ -67,7 +69,6 @@ public function canPurgeItem()
         return false;
     }
 
-
     public static function getSpecificValueToSelect($field, $name = '', $values = '', array $options = [])
     {
         if (!is_array($values)) {

From 3be20ed711098f7ea308f60fb2c9660d12e7c2a5 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Thu, 21 Nov 2024 13:19:48 +0100
Subject: [PATCH 06/21] move back to CommonDBTM

---
 inc/abstractcontainerinstance.class.php | 32 +++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index ea2d889b..710c4a7f 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -28,7 +28,7 @@
  * -------------------------------------------------------------------------
  */
 
-abstract class PluginFieldsAbstractContainerInstance extends CommonDBChild
+abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
 {
 
     public static $undisclosedFields = [];
@@ -36,7 +36,6 @@ abstract class PluginFieldsAbstractContainerInstance extends CommonDBChild
     public static $itemtype        = 'itemtype';
     public static $items_id        = 'items_id';
 
-
     /**
      * Checks if the HTTP request targets an object with an ID.
      *
@@ -64,6 +63,35 @@ public static function canView()
         return parent::canView();
     }
 
+    public function canViewItem()
+    {
+        //check if current user have access to the main item entity
+        $item = new $this->fields['itemtype']();
+        $item->getFromDB($this->fields['items_id']);
+        if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
+            return false;
+        }
+        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
+        if ($right < READ) {
+            return false;
+        }
+        return true;
+    }
+
+    public function canUpdateItem()
+    {
+        //check if current user have access to the main item entity
+        $item = new $this->fields['itemtype']();
+        $item->getFromDB($this->fields['items_id']);
+        if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
+            return false;
+        }
+        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
+        if ($right > READ) {
+            return true;
+        }
+        return false;
+    }
     public function canPurgeItem()
     {
         return false;

From 80b53b8d48d7bc331f72cc53d811ff0174101fce Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Thu, 21 Nov 2024 13:20:36 +0100
Subject: [PATCH 07/21] remove useless data

---
 inc/abstractcontainerinstance.class.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 710c4a7f..f0c9744f 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -31,11 +31,6 @@
 abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
 {
 
-    public static $undisclosedFields = [];
-
-    public static $itemtype        = 'itemtype';
-    public static $items_id        = 'items_id';
-
     /**
      * Checks if the HTTP request targets an object with an ID.
      *

From 176f34ef3c799c87da9b539352019e6412272a85 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Thu, 21 Nov 2024 13:20:58 +0100
Subject: [PATCH 08/21] fix CS

---
 inc/abstractcontainerinstance.class.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index f0c9744f..2fd73bc1 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -87,6 +87,7 @@ public function canUpdateItem()
         }
         return false;
     }
+
     public function canPurgeItem()
     {
         return false;

From f77595048b5653a14537218dbe8d39f55c2e9657 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Thu, 21 Nov 2024 14:41:21 +0100
Subject: [PATCH 09/21] another try

---
 inc/abstractcontainerinstance.class.php | 31 ++-----------------------
 1 file changed, 2 insertions(+), 29 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 2fd73bc1..6a68cb3c 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -31,39 +31,12 @@
 abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
 {
 
-    /**
-     * Checks if the HTTP request targets an object with an ID.
-     *
-     * This function determines whether the path contains an ID as the last segment
-     * (i.e., a number after the final '/').
-     *
-     * @param string $path The HTTP request path (e.g., $_SERVER['PATH_INFO']).
-     * @return mixed Returns ID if is present in the path, null otherwise.
-     */
-    public static function hasRequestedObjectId(string $path): ?int
-    {
-        if (preg_match('#/(\d+)$#', $path, $matches)) {
-            return (int)$matches[1];
-        }
-        return null;
-    }
-
-    public static function canView()
-    {
-        $want_all =  self::hasRequestedObjectId($_SERVER['PATH_INFO']);
-        if (isAPI() && ($want_all == null)) {
-            return false;
-        }
-
-        return parent::canView();
-    }
-
     public function canViewItem()
     {
         //check if current user have access to the main item entity
         $item = new $this->fields['itemtype']();
         $item->getFromDB($this->fields['items_id']);
-        if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
+        if ($item->isEntityAssign() && !Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
             return false;
         }
         $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
@@ -78,7 +51,7 @@ public function canUpdateItem()
         //check if current user have access to the main item entity
         $item = new $this->fields['itemtype']();
         $item->getFromDB($this->fields['items_id']);
-        if (!Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
+        if ($item->isEntityAssign() && !Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
             return false;
         }
         $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);

From 80c9bdcbf0c83aee78f3537bf7614ff246a6ab50 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Thu, 21 Nov 2024 15:47:13 +0100
Subject: [PATCH 10/21] Move to CommonDBChild

---
 inc/abstractcontainerinstance.class.php | 59 +++++++++++-----------
 templates/container.class.tpl           | 65 +++++++++++++++++++++++++
 2 files changed, 93 insertions(+), 31 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 6a68cb3c..3b15eab4 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -28,42 +28,39 @@
  * -------------------------------------------------------------------------
  */
 
-abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
+abstract class PluginFieldsAbstractContainerInstance extends CommonDBChild
 {
+    public static $itemtype = 'itemtype';
+    public static $items_id = 'items_id';
 
-    public function canViewItem()
-    {
-        //check if current user have access to the main item entity
-        $item = new $this->fields['itemtype']();
-        $item->getFromDB($this->fields['items_id']);
-        if ($item->isEntityAssign() && !Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
-            return false;
-        }
-        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
-        if ($right < READ) {
-            return false;
-        }
-        return true;
-    }
 
-    public function canUpdateItem()
+    public function addNeededInfoToInput($input)
     {
-        //check if current user have access to the main item entity
-        $item = new $this->fields['itemtype']();
-        $item->getFromDB($this->fields['items_id']);
-        if ($item->isEntityAssign() && !Session::haveAccessToEntity($item->getEntityID(), $item->isRecursive())) {
-            return false;
-        }
-        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
-        if ($right > READ) {
-            return true;
+       // is entity missing and forwarding on ?
+        if ($this->tryEntityForwarding() && !isset($input['entities_id'])) {
+           // Merge both arrays to ensure all the fields are defined for the following checks
+            $completeinput = array_merge($this->fields, $input);
+           // Set the item to allow parent::prepareinputforadd to get the right item ...
+            if (
+                $itemToGetEntity = static::getItemFromArray(
+                    static::$itemtype,
+                    static::$items_id,
+                    $completeinput
+                )
+            ) {
+                if (
+                    ($itemToGetEntity instanceof CommonDBTM)
+                ) {
+                    $input['entities_id']  = $itemToGetEntity->getEntityID();
+                    $input['is_recursive'] = intval($itemToGetEntity->isRecursive());
+                } else {
+                 // No entity link : set default values
+                    $input['entities_id']  = 0;
+                    $input['is_recursive'] = 0;
+                }
+            }
         }
-        return false;
-    }
-
-    public function canPurgeItem()
-    {
-        return false;
+        return $input;
     }
 
     public static function getSpecificValueToSelect($field, $name = '', $values = '', array $options = [])
diff --git a/templates/container.class.tpl b/templates/container.class.tpl
index 5c30a90f..29674dcf 100644
--- a/templates/container.class.tpl
+++ b/templates/container.class.tpl
@@ -45,6 +45,71 @@ class %%CLASSNAME%% extends PluginFieldsAbstractContainerInstance
             }
          }
       }
+
+      if (getItemForItemtype("%%ITEMTYPE%%")->isEntityAssign() && !$DB->fieldExists($table, 'entities_id')) {
+         $migration->addField($table, 'entities_id', 'fkey', ['after' => 'plugin_fields_containers_id']);
+         $migration->addKey($table, 'entities_id');
+         $migration->executeMigration();
+
+         //migrate data
+         $item = new self();
+         $data = $item->find();
+
+         $query = $DB->buildUpdate(
+               $table,
+               [
+                  'entities_id' => new QueryParam(),
+               ],
+               [
+                  'id'       => new QueryParam()
+               ]
+         );
+         $stmt = $DB->prepare($query);
+
+         foreach ($data as $fields) {
+            $related_item = new $fields['itemtype'];
+            $related_item->getFromDB($fields['items_id']);
+            $stmt->bind_param(
+                  'ii',
+                  $related_item->fields['entities_id'],
+                  $fields['id']
+            );
+            $stmt->execute();
+         }
+
+      }
+
+      if (getItemForItemtype("%%ITEMTYPE%%")->maybeRecursive() && !$DB->fieldExists($table, 'is_recursive')) {
+         $migration->addField($table, 'is_recursive', 'bool', ['update' => '1', 'after'  => 'entities_id']);
+         $migration->addKey($table, 'is_recursive');
+         $migration->executeMigration();
+         //migrate data
+
+         $item = new self();
+         $data = $item->find();
+
+         $query = $DB->buildUpdate(
+               $table,
+               [
+                  'is_recursive' => new QueryParam(),
+               ],
+               [
+                  'id'       => new QueryParam()
+               ]
+         );
+         $stmt = $DB->prepare($query);
+
+         foreach ($data as $fields) {
+            $related_item = new $fields['itemtype'];
+            $related_item->getFromDB($fields['items_id']);
+            $stmt->bind_param(
+                  'ii',
+                  $related_item->fields['is_recursive'],
+                  $fields['id']
+            );
+            $stmt->execute();
+         }
+      }
    }
 
    static function uninstall() {

From 97852bfc447ece2653877630837929c264466945 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Fri, 22 Nov 2024 09:48:18 +0100
Subject: [PATCH 11/21] fix

---
 inc/abstractcontainerinstance.class.php | 35 +++++++++++++++++--------
 setup.php                               |  4 ++-
 templates/container.class.tpl           |  3 +--
 3 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 3b15eab4..27faee4f 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -33,14 +33,26 @@ abstract class PluginFieldsAbstractContainerInstance extends CommonDBChild
     public static $itemtype = 'itemtype';
     public static $items_id = 'items_id';
 
-
+    /**
+     * This function relies on the static property `static::$plugins_forward_entity`,
+     * which should be populated using the following method (from setup):
+     *
+     * Plugin::registerClass(
+     *     PluginFields<Itemtype><name>,
+     *     ['forwardentityfrom' => <Itemtype>]
+     * );
+     *
+     * However, the order in which plugins are loaded can affect the behavior.
+     * For example, if a container is defined on a `GenericObject` itemtype and
+     * the `fields` plugin initializes before the `genericobject` plugin, the
+     * `itemtype` for the container will not yet exist, leading to potential issues.
+     *
+     * Modification of this function to meet specific requirements.
+     */
     public function addNeededInfoToInput($input)
     {
-       // is entity missing and forwarding on ?
-        if ($this->tryEntityForwarding() && !isset($input['entities_id'])) {
-           // Merge both arrays to ensure all the fields are defined for the following checks
+        if ($this->tryEntityForwarding()) {
             $completeinput = array_merge($this->fields, $input);
-           // Set the item to allow parent::prepareinputforadd to get the right item ...
             if (
                 $itemToGetEntity = static::getItemFromArray(
                     static::$itemtype,
@@ -51,12 +63,13 @@ public function addNeededInfoToInput($input)
                 if (
                     ($itemToGetEntity instanceof CommonDBTM)
                 ) {
-                    $input['entities_id']  = $itemToGetEntity->getEntityID();
-                    $input['is_recursive'] = intval($itemToGetEntity->isRecursive());
-                } else {
-                 // No entity link : set default values
-                    $input['entities_id']  = 0;
-                    $input['is_recursive'] = 0;
+                    if ($itemToGetEntity->isEntityAssign()) {
+                        $input['entities_id']  = $itemToGetEntity->getEntityID();
+                    }
+
+                    if ($itemToGetEntity->maybeRecursive()) {
+                        $input['is_recursive'] = intval($itemToGetEntity->isRecursive());
+                    }
                 }
             }
         }
diff --git a/setup.php b/setup.php
index d47a31bd..eefb4be8 100644
--- a/setup.php
+++ b/setup.php
@@ -126,7 +126,8 @@ function plugin_init_fields()
             if (count($itemtypes) > 0) {
                 Plugin::registerClass(
                     'PluginFieldsContainer',
-                    ['addtabon' => $itemtypes],
+                    ['addtabon' => $itemtypes,
+                     'forwardentityfrom' => true],
                 );
             }
 
@@ -285,6 +286,7 @@ function plugin_fields_checkFiles()
     }
 }
 
+
 function plugin_fields_exportBlockAsYaml($container_id = null)
 {
     /** @var DBmysql $DB */
diff --git a/templates/container.class.tpl b/templates/container.class.tpl
index 29674dcf..4c566339 100644
--- a/templates/container.class.tpl
+++ b/templates/container.class.tpl
@@ -13,6 +13,7 @@ class %%CLASSNAME%% extends PluginFieldsAbstractContainerInstance
 
       $obj = new self();
       $table = $obj->getTable();
+      $migration = new PluginFieldsMigration(0);
 
       // create Table
       if (!$DB->tableExists($table)) {
@@ -32,10 +33,8 @@ class %%CLASSNAME%% extends PluginFieldsAbstractContainerInstance
          $result = $DB->query("SHOW COLUMNS FROM `$table`");
          if ($result && $DB->numrows($result) > 0) {
             $changed = false;
-            $migration = new PluginFieldsMigration(0);
             while ($data = $DB->fetchAssoc($result)) {
                if (str_starts_with($data['Field'], 'itemtype_') && $data['Null'] !== 'YES') {
-               Toolbox::logDebug($data);
                   $migration->changeField($table, $data['Field'], $data['Field'], "varchar(100) DEFAULT NULL");
                   $changed = true;
                }

From c7525bf960039b2ea781be75c49b99ff61c126a6 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Fri, 22 Nov 2024 09:50:42 +0100
Subject: [PATCH 12/21] fix

---
 templates/container.class.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/container.class.tpl b/templates/container.class.tpl
index 4c566339..1bbfb7b8 100644
--- a/templates/container.class.tpl
+++ b/templates/container.class.tpl
@@ -79,7 +79,7 @@ class %%CLASSNAME%% extends PluginFieldsAbstractContainerInstance
       }
 
       if (getItemForItemtype("%%ITEMTYPE%%")->maybeRecursive() && !$DB->fieldExists($table, 'is_recursive')) {
-         $migration->addField($table, 'is_recursive', 'bool', ['update' => '1', 'after'  => 'entities_id']);
+         $migration->addField($table, 'is_recursive', 'bool', ['after'  => 'entities_id']);
          $migration->addKey($table, 'is_recursive');
          $migration->executeMigration();
          //migrate data

From 87f1cd50550580ca7c84ec104a295762b49151b1 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Fri, 22 Nov 2024 10:04:20 +0100
Subject: [PATCH 13/21] move to sql instead of object

---
 templates/container.class.tpl | 105 +++++++++++++++++++++++-----------
 1 file changed, 71 insertions(+), 34 deletions(-)

diff --git a/templates/container.class.tpl b/templates/container.class.tpl
index 1bbfb7b8..a69208dd 100644
--- a/templates/container.class.tpl
+++ b/templates/container.class.tpl
@@ -45,68 +45,105 @@ class %%CLASSNAME%% extends PluginFieldsAbstractContainerInstance
          }
       }
 
+      /**
+      * Adds the 'entities_id' field to the database table and migrates existing data.
+      *
+      * This block ensures that the 'entities_id' field is created and populated if it
+      * associated item type requires entity assignment
+      */
       if (getItemForItemtype("%%ITEMTYPE%%")->isEntityAssign() && !$DB->fieldExists($table, 'entities_id')) {
          $migration->addField($table, 'entities_id', 'fkey', ['after' => 'plugin_fields_containers_id']);
          $migration->addKey($table, 'entities_id');
          $migration->executeMigration();
 
-         //migrate data
-         $item = new self();
-         $data = $item->find();
-
+         // migrate data
          $query = $DB->buildUpdate(
                $table,
-               [
-                  'entities_id' => new QueryParam(),
-               ],
-               [
-                  'id'       => new QueryParam()
-               ]
+               ['entities_id' => new QueryParam()],
+               ['id'       => new QueryParam()]
          );
          $stmt = $DB->prepare($query);
 
+         //load all entries
+         $data = $DB->request(
+            [
+               'SELECT'    => '*',
+               'FROM'      => $table,
+            ]
+         );
+
          foreach ($data as $fields) {
-            $related_item = new $fields['itemtype'];
-            $related_item->getFromDB($fields['items_id']);
-            $stmt->bind_param(
+            //load related item
+            $related_item = $DB->request(
+               [
+                  'SELECT'    => '*',
+                  'FROM'      => getTableForItemType($fields['itemtype']),
+                  'WHERE'     => [
+                        'id'      => $fields['items_id'],
+                     ]
+               ]
+            )->current();
+
+            //update if needed
+            if ($fields['entities_id'] != $related_item['entities_id']) {
+               $stmt->bind_param(
                   'ii',
-                  $related_item->fields['entities_id'],
+                  $related_item['entities_id'],
                   $fields['id']
-            );
-            $stmt->execute();
+               );
+               $stmt->execute();
+            }
          }
-
       }
 
+      /**
+      * Adds the 'is_recursive' field to the database table and migrates existing data.
+      *
+      * This block ensures that the 'is_recursive' field is created and populated if it
+      * associated item type requires recursive assignment
+      */
       if (getItemForItemtype("%%ITEMTYPE%%")->maybeRecursive() && !$DB->fieldExists($table, 'is_recursive')) {
          $migration->addField($table, 'is_recursive', 'bool', ['after'  => 'entities_id']);
          $migration->addKey($table, 'is_recursive');
          $migration->executeMigration();
-         //migrate data
-
-         $item = new self();
-         $data = $item->find();
 
+         //migrate data
          $query = $DB->buildUpdate(
-               $table,
-               [
-                  'is_recursive' => new QueryParam(),
-               ],
-               [
-                  'id'       => new QueryParam()
-               ]
+            $table,
+            ['is_recursive' => new QueryParam()],
+            ['id'       => new QueryParam()]
          );
          $stmt = $DB->prepare($query);
 
+         //load all entries
+         $data = $DB->request(
+            [
+               'SELECT'    => '*',
+               'FROM'      => $table,
+            ]
+         );
+
          foreach ($data as $fields) {
-            $related_item = new $fields['itemtype'];
-            $related_item->getFromDB($fields['items_id']);
-            $stmt->bind_param(
+            //load related item
+            $related_item = $DB->request(
+               [
+                  'SELECT'    => '*',
+                  'FROM'      => getTableForItemType($fields['itemtype']),
+                  'WHERE'     => [
+                        'id'      => $fields['items_id'],
+                     ]
+               ]
+            )->current();
+
+            //update if needed
+            if ($fields['is_recursive'] != $related_item['is_recursive']) {
+               $stmt->bind_param(
                   'ii',
-                  $related_item->fields['is_recursive'],
+                  $related_item['is_recursive'],
                   $fields['id']
-            );
-            $stmt->execute();
+               );
+               $stmt->execute();
+            }
          }
       }
    }

From 108383e9a478d5c0314c3139d5bbece2d70cdec0 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Fri, 22 Nov 2024 10:08:34 +0100
Subject: [PATCH 14/21] fix

---
 inc/abstractcontainerinstance.class.php | 2 +-
 setup.php                               | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 27faee4f..d590bb53 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -57,7 +57,7 @@ public function addNeededInfoToInput($input)
                 $itemToGetEntity = static::getItemFromArray(
                     static::$itemtype,
                     static::$items_id,
-                    $completeinput
+                    $completeinput,
                 )
             ) {
                 if (
diff --git a/setup.php b/setup.php
index eefb4be8..359249fd 100644
--- a/setup.php
+++ b/setup.php
@@ -126,8 +126,7 @@ function plugin_init_fields()
             if (count($itemtypes) > 0) {
                 Plugin::registerClass(
                     'PluginFieldsContainer',
-                    ['addtabon' => $itemtypes,
-                     'forwardentityfrom' => true],
+                    ['addtabon' => $itemtypes],
                 );
             }
 

From 57e9a6acb612d0aab33050d53242ffb18257baf0 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Fri, 22 Nov 2024 10:20:16 +0100
Subject: [PATCH 15/21] fix CS

---
 setup.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/setup.php b/setup.php
index 359249fd..d47a31bd 100644
--- a/setup.php
+++ b/setup.php
@@ -285,7 +285,6 @@ function plugin_fields_checkFiles()
     }
 }
 
-
 function plugin_fields_exportBlockAsYaml($container_id = null)
 {
     /** @var DBmysql $DB */

From f81a9cd14d3193f5b87e5fcf7be362140daee5a3 Mon Sep 17 00:00:00 2001
From: Stanislas <skita@teclib.com>
Date: Tue, 26 Nov 2024 15:51:55 +0100
Subject: [PATCH 16/21] Update inc/abstractcontainerinstance.class.php

Co-authored-by: Johan Cwiklinski <trasher@x-tnd.be>
---
 inc/abstractcontainerinstance.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index d590bb53..1388aabf 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -49,7 +49,7 @@ abstract class PluginFieldsAbstractContainerInstance extends CommonDBChild
      *
      * Modification of this function to meet specific requirements.
      */
-    public function addNeededInfoToInput($input)
+    public function addNeededInfoToInput(array $input): array
     {
         if ($this->tryEntityForwarding()) {
             $completeinput = array_merge($this->fields, $input);

From d6a8aed8aae3c78539b665b77a980cab4a17a97b Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Tue, 26 Nov 2024 15:53:49 +0100
Subject: [PATCH 17/21] revert

---
 inc/abstractcontainerinstance.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index 1388aabf..d590bb53 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -49,7 +49,7 @@ abstract class PluginFieldsAbstractContainerInstance extends CommonDBChild
      *
      * Modification of this function to meet specific requirements.
      */
-    public function addNeededInfoToInput(array $input): array
+    public function addNeededInfoToInput($input)
     {
         if ($this->tryEntityForwarding()) {
             $completeinput = array_merge($this->fields, $input);

From f79f623c78b46fc9d6120540ac9407cc7b801de9 Mon Sep 17 00:00:00 2001
From: stonebuzz <skita@teclib.com>
Date: Tue, 26 Nov 2024 16:04:02 +0100
Subject: [PATCH 18/21] can't attach because of 'itemtype' fk field

---
 inc/abstractcontainerinstance.class.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
index d590bb53..87ebcbd5 100644
--- a/inc/abstractcontainerinstance.class.php
+++ b/inc/abstractcontainerinstance.class.php
@@ -33,6 +33,8 @@ abstract class PluginFieldsAbstractContainerInstance extends CommonDBChild
     public static $itemtype = 'itemtype';
     public static $items_id = 'items_id';
 
+    public static $mustBeAttached     = false;
+
     /**
      * This function relies on the static property `static::$plugins_forward_entity`,
      * which should be populated using the following method (from setup):

From db2a1da0a9aaedfc7459019fd6cc5c42f2979d3f Mon Sep 17 00:00:00 2001
From: Stanislas <skita@teclib.com>
Date: Tue, 3 Dec 2024 11:33:09 +0100
Subject: [PATCH 19/21] add check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Cédric Anne <cedric.anne@gmail.com>
---
 templates/container.class.tpl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/templates/container.class.tpl b/templates/container.class.tpl
index a69208dd..11a2b9d2 100644
--- a/templates/container.class.tpl
+++ b/templates/container.class.tpl
@@ -84,6 +84,10 @@ class %%CLASSNAME%% extends PluginFieldsAbstractContainerInstance
                ]
             )->current();
 
+            if ($related_item === null) {
+                continue;
+            }
+
             //update if needed
             if ($fields['entities_id'] != $related_item['entities_id']) {
                $stmt->bind_param(

From d05ea7ed9c6048905d08482f8ae54fb5dbb26d00 Mon Sep 17 00:00:00 2001
From: Stanislas <skita@teclib.com>
Date: Tue, 3 Dec 2024 11:33:18 +0100
Subject: [PATCH 20/21] add check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Cédric Anne <cedric.anne@gmail.com>
---
 templates/container.class.tpl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/templates/container.class.tpl b/templates/container.class.tpl
index 11a2b9d2..97159ae9 100644
--- a/templates/container.class.tpl
+++ b/templates/container.class.tpl
@@ -139,6 +139,10 @@ class %%CLASSNAME%% extends PluginFieldsAbstractContainerInstance
                ]
             )->current();
 
+            if ($related_item === null) {
+                continue;
+            }
+
             //update if needed
             if ($fields['is_recursive'] != $related_item['is_recursive']) {
                $stmt->bind_param(

From 3b9c75471703b55ea60c57e8b1f7c5111a18e506 Mon Sep 17 00:00:00 2001
From: Stanislas <skita@teclib.com>
Date: Wed, 11 Dec 2024 10:50:01 +0100
Subject: [PATCH 21/21] Adapt changelog

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d8310ce1..8b554804 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [UNRELAESE]
+
+### Fixed
+
+- Fix `container` to prevent calls from `API` returning full container data
+
 ## [1.21.15] - 2024-10-09
 
 ### Fixed