Preventing serialization of attributes in the model

Hi,

I'd like to get your thoughts on something. We're developing an
application that relies heavily RESTful JSON requests.

Because I want to keep the code as clean as possible, I want to be
able to return the JSON for a user using @user.to_json. Which works
fine, but it also includes the crypted_password data and the
persistence_token, among other things.

What I do now to prevent this from happening is including an :except
option for the to_json method in my controller for these sensitive
columns, but I'd like to know whether there is a way to specify the
excluded columns somewhere in the model to prevent serialization of
these attributes.

If that's possible I'd also like to know whether there's a way to
check for this prevention so that we can dynamically generate relevant
column names (for example).

Kind regards,
Jaap Haagmans

Hi!

I think you could use inheritance to extend ActiveRecord::Base and then you could overwrite the to_json method.

There you could write the rules for default excluded column names.

Then, your Models should extend your inherited class.

I don’t know if this work, it’s just an idea.

Best Regards,

Everaldo

Overwriting the “as_json” method in your model should work too I think. Best way to to it IMO if it’s just one model you want to change the to_json behavior on.

def as_json(options={})

options[:except] ||= [:some, :fields, :here]

super(options)

end

I liked the Peter’s suggestion.

And I found this link in google, because I was curious about the as_json method:

http://jonathanjulian.com/2010/04/rails-to_json-or-as_json/

Best Regards,

Everaldo

Hi All,

I'm starting a Rails 3.1 app. Two tests which involve invalid models are failing and I don't understand why. The tests are the stock tests generated by the rails rspec generator. I'm new to RSpec so I'm probably missing something obvious. I'd appreciate some guidance.

**Leigh

Hi All,

I’m starting a Rails 3.1 app. Two tests which involve invalid models are failing and I don’t understand why. The tests are the stock tests generated by the rails rspec generator. I’m new to RSpec so I’m probably missing something obvious. I’d appreciate some guidance.

**Leigh

=========

rails g rspec:install

rake test:prepare

rake spec

Rake spec produces:

Failures:

  1. JobsController create action should render new template when model is invalid

    Failure/Error: response.should render_template(:new)

    Expected block to return true value.

    ./spec/controllers/jobs_controller_spec.rb:25:in `block (2 levels) in <top (required)>’

  2. JobsController update action should render edit template when model is invalid

    Failure/Error: response.should render_template(:edit)

    Expected block to return true value.

    ./spec/controllers/jobs_controller_spec.rb:42:in `block (2 levels) in <top (required)>’

Finished in 0.53822 seconds

10 examples, 2 failures

Leigh, you’re controller spec appear to be missing a call to the following:

render_views

Thus, you’ll need to add this line inside the first describe block of the jobs_controller_spec.rb.

Good luck,

-Conrad

Thanks, Conrad.

I'm all green now!

**Leigh

Hi Peter,

Your suggestion will work fine. Thank you. I was hoping there would be
a way to do this within ActiveModel or ActiveRecord because I also
want to do this the other way around: I would like to render some
javascript in which can dynamically define these attributes. I'll have
to do that with some kind of model variable or method.

Jaap Haagmans

Leigh, Conrad,

Without render_views, an empty stub template is rendered, so unless you're adding specs for content in the template, you shouldn't need render_views for the generated specs to pass as/is.

The following script results in passing specs for me (ruby 1.9.2 and 1.8.7 with clean gemsets in rvm, Mac OS X):

gem install rails -v 3.1.0.rc4
rails new example
cd example
echo 'gem "rspec-rails", "~> 2.6.0", :group => [:development, :test]' >> Gemfile
bundle install
rails generate rspec:install
rails generate scaffold jobs
rake db:migrate
rake db:test:prepare
rspec spec/controllers

What environment are you working in?

Cheers,
David