Bug #604: security constraints for rest controller are insufficient - Study manager - KBSS Issue Management

Edit Log time Actions

Copy link

Bug #604

closed

security constraints for rest controller are insufficient

Added by Miroslav Blaško about 6 years ago. Updated 3 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Tomáš Klíma

Start date:

19.04.2018

Due date:

% Done:

50%

Estimated time:

Spent time:

5.50 h

Quote

Description

Please revise rest controllers security restrictions. E.g. it is possible to retrieve all patients by REST API if institution is absent in REST API call. Currently fixed by workaround at PatientRecordController:

@PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') OR (institutionKey != null )")
public List<PatientRecordDto> getRecords(@RequestParam(value = "institution", required = false) String institutionKey) {
...
}

- java tests of rest-controllers security should be added to confirm that it works correctly

History
Notes
Property changes
Spent time

Edit Log time Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Study manager

Bug #604

security constraints for rest controller are insufficient

Updated by Miroslav Blaško about 6 years ago

Updated by Tomáš Klíma about 6 years ago

Updated by Tomáš Klíma about 6 years ago

Updated by Miroslav Blaško about 6 years ago

Updated by Miroslav Blaško about 6 years ago

Updated by Tomáš Klíma almost 6 years ago

Updated by Miroslav Blaško almost 4 years ago

Updated by Anonymous 4 months ago

Updated by Anonymous 3 months ago

Edit