Exposure of personal data

[tobbexiv]

Personal data like email, registration date, last login, structure of admin menu, role ids, ... is present in the listing json in the page view. For privacy reasons this should not be the case.

Suggestion: Either remove line ListingsModule.php#L34 completely (best option in my opinion) or change it to

            ->related(['editor' => function($query) {
                return $query
                    ->select('id', 'username');
            }])

Then there is still the keys available, but at least the data ist not presented to everybody.

Also consider if all data which is returned by the other entities is really necessary and adjust the jsonSerialize function if possible.

[luisreyes]

Ah yes! Incomplete functionality. It'll be cleaned up on the next release. Thanks.

[luisreyes]

Resolve in commit 133cd09.
Version is now 1.0.5

[tobbexiv]

To me it seems that you fixed the issue in the admin panel, but missed the frontend. The line linked above is still unchanged and I can access the personal data in the frontend after updating. So please re-open this issue.

[luisreyes]

Your correct. Thanks for pointing it out. This was very deep and overlooked.