glpi-project
[API] Specific Asset Definition Model endpoint returns models from other Asset Definition (Lack of Isolation)
Code of Conduct
- [x] I agree to follow this project's Code of Conduct
Is there an existing issue for this?
- [x] I have searched the existing issues
Version
11.0.4
Bug description
I am using the REST API to list available models for a specific Generic Object type (e.g., Bornesmobiles). When querying the specific endpoint for this object's models, the API returns a list containing Models that belong to other Generic Objects or standard Assets. This breaks data integrity because trying to link these "foreign" Model IDs via API (PATCH/POST) results in a silent failure (field remains null) or a 500 error, as the model is not compatible with the target asset type.
The behavior is the same with type
Relevant log output
Page URL
No response
Steps To reproduce
Create a Asset Definition Type A (e.g., MobileTerminal). Create a Asset Definition Type B (e.g., Car). Create a Model for Type A (e.g., "Scanner Model X", ID: 4). Query the API endpoint for Type B models: GET /api.php/Assets/Custom/BornesmobilesModel (or the equivalent endpoint for the custom object). Header: Range: 0-10
Your GLPI setup information
No response
Anything else?
No response
