IDEMPIERE-4268 Web Services : Read miss cross-tenant check (#436)

Two more points found about cross tenant readin in MClient and MUser

org.adempiere.base/src/org/compiere/model/MClient.java

@@ -104,9 +104,21 @@ public class MClient extends X_AD_Client implements ImmutablePOSupport
 	 */
 	public static MClient[] getAll (Properties ctx, String orderBy)
 	{
-		List<MClient> list = new Query(ctx,I_AD_Client.Table_Name,(String)null,(String)null)
-		.setOrderBy(orderBy)
-		.list();
+		List<MClient> list = null;
+		int cid = Env.getAD_Client_ID(Env.getCtx());
+		try {
+			if (cid > 0) {
+				// forced potential cross tenant read - requires System client in context
+				Env.setContext(Env.getCtx(), Env.AD_CLIENT_ID, 0);
+			}
+			list = new Query(ctx,I_AD_Client.Table_Name,(String)null,(String)null)
+					.setOrderBy(orderBy)
+					.list();
+		} finally {
+			if (cid > 0) {
+				Env.setContext(Env.getCtx(), Env.AD_CLIENT_ID, cid);
+			}
+		}
 		for(MClient client:list ){
 			s_cache.put (Integer.valueOf(client.getAD_Client_ID()), client, e -> new MClient(Env.getCtx(), e));
 		}

org.adempiere.base/src/org/compiere/model/MUser.java

@@ -822,8 +822,19 @@ public class MUser extends X_AD_User implements ImmutablePOSupport
 			pstmt.setInt (3, getAD_User_ID());
 			pstmt.setInt (4, AD_Org_ID);
 			rs = pstmt.executeQuery ();
-			while (rs.next ())
-				list.add (new MRole(Env.getCtx(), rs, get_TrxName()));
+			int cid = Env.getAD_Client_ID(Env.getCtx());
+			try {
+				if (cid > 0) {
+					// forced potential cross tenant read - requires System client in context
+					Env.setContext(Env.getCtx(), Env.AD_CLIENT_ID, 0);
+				}
+				while (rs.next ())
+					list.add (new MRole(Env.getCtx(), rs, get_TrxName()));
+			} finally {
+				if (cid > 0) {
+					Env.setContext(Env.getCtx(), Env.AD_CLIENT_ID, cid);
+				}
+			}
 		}
 		catch (Exception e)
 		{