Project

General

Profile

Actions
Copy link

Defect #1785

closed

Report Eav attribute - missign security

Added by Radek Tomiška almost 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
High
Assignee:
Marek Klement
Category:
Report
Target version:
Rhyolite (9.7.5)
Start date:
08/07/2019
Due date:
% Done:

100%

Estimated time:
1.00 h
Affected versions:
Owner:

Description

Eav values are loaded without prermissions => identity with no access to eav value could read it by this report:
https://github.com/bcvsolutions/CzechIdMng/blob/298c10688093760b59c5a28ea953a97899817be5/Realization/backend/rpt/rpt-impl/src/main/java/eu/bcvsolutions/idm/rpt/report/identity/IdentityEavReportExecutor.java#L156

Add appropriate permissions - depends on eav security configuration, see identity controller for inspiration.

Note: I've fixed some of issues reported from sonar in commit (exception usage, hash map usage, forgotten warnings ...):
https://github.com/bcvsolutions/CzechIdMng/commit/298c10688093760b59c5a28ea953a97899817be5

@affected version 9.7.2

Related issues

Related to IdStory Identity Manager - Task #1738: Report Eav attributeClosedMarek Klement07/03/2019

Actions
Actions
Copy link

Also available in: Atom PDF