Project

General

Profile

Defect #1785

Updated by Radek Tomiška over 5 years ago

Eav values are loaded without prermissions => identity with no access to eav value could read it by this report: 
 https://github.com/bcvsolutions/CzechIdMng/blob/298c10688093760b59c5a28ea953a97899817be5/Realization/backend/rpt/rpt-impl/src/main/java/eu/bcvsolutions/idm/rpt/report/identity/IdentityEavReportExecutor.java#L156 

 Add appropriate permissions - depends on eav security configuration, see identity controller for inspiration. 

 Note: I've fixed some of issues reported from sonar in commit (exception usage, use, hash map usage, forgotten warnings ...): 
 https://github.com/bcvsolutions/CzechIdMng/commit/298c10688093760b59c5a28ea953a97899817be5 

 @affected version 9.7.2

Back