Preventing serialization of attributes in the model

rubyonrails-talk
1

Hi,

I'd like to get your thoughts on something. We're developing an application that relies heavily RESTful JSON requests.

Because I want to keep the code as clean as possible, I want to be able to return the JSON for a user using @user.to_json. Which works fine, but it also includes the crypted_password data and the persistence_token, among other things.

What I do now to prevent this from happening is including an :except option for the to_json method in my controller for these sensitive columns, but I'd like to know whether there is a way to specify the excluded columns somewhere in the model to prevent serialization of these attributes.

If that's possible I'd also like to know whether there's a way to check for this prevention so that we can dynamically generate relevant column names (for example).

Kind regards, Jaap Haagmans

2

Hi!

I think you could use inheritance to extend ActiveRecord::Base and then you could overwrite the to_json method.

There you could write the rules for default excluded column names.

Then, your Models should extend your inherited class.

I don’t know if this work, it’s just an idea.

Best Regards,

Everaldo

3

Overwriting the “as_json” method in your model should work too I think. Best way to to it IMO if it’s just one model you want to change the to_json behavior on.

def as_json(options={})

options[:except] ||= [:some, :fields, :here]

super(options)

end

4

I liked the Peter’s suggestion.

And I found this link in google, because I was curious about the as_json method:

http://jonathanjulian.com/2010/04/rails-to_json-or-as_json/

Best Regards,

Everaldo

5

Hi All,

I'm starting a Rails 3.1 app. Two tests which involve invalid models are failing and I don't understand why. The tests are the stock tests generated by the rails rspec generator. I'm new to RSpec so I'm probably missing something obvious. I'd appreciate some guidance.

**Leigh

6

Hi All,

I’m starting a Rails 3.1 app. Two tests which involve invalid models are failing and I don’t understand why. The tests are the stock tests generated by the rails rspec generator. I’m new to RSpec so I’m probably missing something obvious. I’d appreciate some guidance.

**Leigh

=========

rails g rspec:install

rake test:prepare

rake spec

Rake spec produces:

Failures:

  1. JobsController create action should render new template when model is invalid

    Failure/Error: response.should render_template(:new)

    Expected block to return true value.

    ./spec/controllers/jobs_controller_spec.rb:25:in `block (2 levels) in <top (required)>’

  2. JobsController update action should render edit template when model is invalid

    Failure/Error: response.should render_template(:edit)

    Expected block to return true value.

    ./spec/controllers/jobs_controller_spec.rb:42:in `block (2 levels) in <top (required)>’

Finished in 0.53822 seconds

10 examples, 2 failures

Leigh, you’re controller spec appear to be missing a call to the following:

render_views

Thus, you’ll need to add this line inside the first describe block of the jobs_controller_spec.rb.

Good luck,

-Conrad

7

Thanks, Conrad.

I'm all green now!

**Leigh

8

Hi Peter,

Your suggestion will work fine. Thank you. I was hoping there would be a way to do this within ActiveModel or ActiveRecord because I also want to do this the other way around: I would like to render some javascript in which can dynamically define these attributes. I'll have to do that with some kind of model variable or method.

Jaap Haagmans

9

Leigh, Conrad,

Without render_views, an empty stub template is rendered, so unless you're adding specs for content in the template, you shouldn't need render_views for the generated specs to pass as/is.

The following script results in passing specs for me (ruby 1.9.2 and 1.8.7 with clean gemsets in rvm, Mac OS X):

gem install rails -v 3.1.0.rc4 rails new example cd example echo 'gem "rspec-rails", "~> 2.6.0", :group => [:development, :test]' >> Gemfile bundle install rails generate rspec:install rails generate scaffold jobs rake db:migrate rake db:test:prepare rspec spec/controllers

What environment are you working in?

Cheers, David