Preventing serialization of attributes in the model

Hi,

I’d like to get your thoughts on something. We’re developing an
application that relies heavily RESTful JSON requests.

Because I want to keep the code as clean as possible, I want to be
able to return the JSON for a user using @user.to_json. Which works
fine, but it also includes the crypted_password data and the
persistence_token, among other things.

What I do now to prevent this from happening is including an :except
option for the to_json method in my controller for these sensitive
columns, but I’d like to know whether there is a way to specify the
excluded columns somewhere in the model to prevent serialization of
these attributes.

If that’s possible I’d also like to know whether there’s a way to
check for this prevention so that we can dynamically generate relevant
column names (for example).

Kind regards,
Jaap H.

Hi!

I think you could use inheritance to extend ActiveRecord::Base and then
you
could overwrite the to_json method.

There you could write the rules for default excluded column names.

Then, your Models should extend your inherited class.

I don’t know if this work, it’s just an idea.

Best Regards,

Everaldo

Overwriting the “as_json” method in your model should work too I
think. Best way to to it IMO if it’s just one model you want to change
the to_json behavior on.

def as_json(options={})
options[:except] ||= [:some, :fields, :here]
super(options)
end

On 10 Jul 2011, at 17:35, Everaldo G. wrote:

able to return the JSON for a user using @user.to_json. Which works
check for this prevention so that we can dynamically generate relevant
column names (for example).

Best regards

Peter De Berdt

I liked the Peter’s suggestion.

And I found this link in google, because I was curious about the as_json
method:

Best Regards,

Everaldo

On Sun, Jul 10, 2011 at 1:37 PM, Peter De Berdt

Hi All,

I’m starting a Rails 3.1 app. Two tests which involve invalid models are
failing and I don’t understand why. The tests are the stock tests
generated by the rails rspec generator. I’m new to RSpec so I’m probably
missing something obvious. I’d appreciate some guidance.

**Leigh

=========

rails g rspec:install
rake test:prepare
rake spec

Rake spec produces:

Failures:

  1. JobsController create action should render new template when model
    is invalid
    Failure/Error: response.should render_template(:new)
    Expected block to return true value.

    ./spec/controllers/jobs_controller_spec.rb:25:in `block (2

levels) in <top (required)>’

  1. JobsController update action should render edit template when model
    is invalid
    Failure/Error: response.should render_template(:edit)
    Expected block to return true value.

    ./spec/controllers/jobs_controller_spec.rb:42:in `block (2

levels) in <top (required)>’

Finished in 0.53822 seconds
10 examples, 2 failures

Controller specs:

it “create action should render new template when model is invalid” do
Job.any_instance.stubs(:valid?).returns(false)
post :create
response.should render_template(:new)
end

it “update action should render edit template when model is invalid”
do
Job.any_instance.stubs(:valid?).returns(false)
put :update, :id => Job.first
response.should render_template(:edit)
end

JobsController methods:

def create
@job = Job.new(params[:job])
if @job.save
redirect_to @job, :notice => “Successfully created
“#{@job.description.chomp}”.”
else
render :action => ‘new’
end
end

def update
@job = Job.find(params[:id])
if @job.update_attributes(params[:job])
redirect_to @job, :notice => “Successfully updated
“#{@job.description.chomp}”.”
else
render :action => ‘edit’
end
end

gem list rspec:

rspec (2.6.0)
rspec-core (2.6.4, 2.6.3)
rspec-expectations (2.6.0)
rspec-mocks (2.6.0)
rspec-rails (2.6.1, 2.6.0)

Gemfile extract:

gem ‘rails’, ‘>= 3.1.0.rc4’
group :development, :test do
gem ‘turn’, :require => false
gem ‘rspec-rails’, ‘>= 2.6.1’
gem ‘cucumber-rails’
gem ‘capybara’
gem ‘database_cleaner’
end

Thanks, Conrad.

I’m all green now!

**Leigh

Hi Peter,

Your suggestion will work fine. Thank you. I was hoping there would be
a way to do this within ActiveModel or ActiveRecord because I also
want to do this the other way around: I would like to render some
javascript in which can dynamically define these attributes. I’ll have
to do that with some kind of model variable or method.

Jaap H.

On Sun, Jul 10, 2011 at 10:33 AM, Leigh D.
[email protected]wrote:

Failure/Error: response.should render_template(:new)

Finished in 0.53822 seconds
10 examples, 2 failures

Leigh, you’re controller spec appear to be missing a call to the
following:

render_views

Thus, you’ll need to add this line inside the first describe block of
the
jobs_controller_spec.rb.

Good luck,

-Conrad

On Jul 10, 2011, at 4:47 PM, Leigh D. wrote:

render_views
Leigh, Conrad,

Without render_views, an empty stub template is rendered, so unless
you’re adding specs for content in the template, you shouldn’t need
render_views for the generated specs to pass as/is.

The following script results in passing specs for me (ruby 1.9.2 and
1.8.7 with clean gemsets in rvm, Mac OS X):

gem install rails -v 3.1.0.rc4
rails new example
cd example
echo ‘gem “rspec-rails”, “~> 2.6.0”, :group => [:development, :test]’ >>
Gemfile
bundle install
rails generate rspec:install
rails generate scaffold jobs
rake db:migrate
rake db:test:prepare
rspec spec/controllers

What environment are you working in?

Cheers,
David