Rails - Jul 2011 - Preventing serialization of attributes in the model

Hi,

I''d like to get your thoughts on something. We''re developing
an
application that relies heavily RESTful JSON requests.

Because I want to keep the code as clean as possible, I want to be
able to return the JSON for a user using @user.to_json. Which works
fine, but it also includes the crypted_password data and the
persistence_token, among other things.

What I do now to prevent this from happening is including an :except
option for the to_json method in my controller for these sensitive
columns, but I''d like to know whether there is a way to specify the
excluded columns somewhere in the model to prevent serialization of
these attributes.

If that''s possible I''d also like to know whether
there''s a way to
check for this prevention so that we can dynamically generate relevant
column names (for example).

Kind regards,
Jaap Haagmans

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Hi!

I think you could use inheritance to extend ActiveRecord::Base and then you
could overwrite the to_json method.

There you could write the rules for default excluded column names.

Then, your Models should extend your inherited class.

I don''t know if this work, it''s just an idea.

Best Regards,

Everaldo

On Sun, Jul 10, 2011 at 12:01 PM, jhaagmans
<jaap.haagmans-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi,
>
> I''d like to get your thoughts on something. We''re
developing an
> application that relies heavily RESTful JSON requests.
>
> Because I want to keep the code as clean as possible, I want to be
> able to return the JSON for a user using @user.to_json. Which works
> fine, but it also includes the crypted_password data and the
> persistence_token, among other things.
>
> What I do now to prevent this from happening is including an :except
> option for the to_json method in my controller for these sensitive
> columns, but I''d like to know whether there is a way to specify
the
> excluded columns somewhere in the model to prevent serialization of
> these attributes.
>
> If that''s possible I''d also like to know whether
there''s a way to
> check for this prevention so that we can dynamically generate relevant
> column names (for example).
>
> Kind regards,
> Jaap Haagmans
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Overwriting the "as_json" method in your model should work too I  
think. Best way to to it IMO if it''s just one model you want to change
the to_json behavior on.

def as_json(options={})
   options[:except] ||= [:some, :fields, :here]
   super(options)
end

On 10 Jul 2011, at 17:35, Everaldo Gomes wrote:
> I think you could use inheritance to extend ActiveRecord::Base and  
> then you could overwrite the to_json method.
>
> There you could write the rules for default excluded column names.
>
> Then, your Models should extend your inherited class.
>
> I don''t know if this work, it''s just an idea.
>
> Best Regards,
>
> Everaldo
>
> On Sun, Jul 10, 2011 at 12:01 PM, jhaagmans  
> <jaap.haagmans-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi,
>
> I''d like to get your thoughts on something. We''re
developing an
> application that relies heavily RESTful JSON requests.
>
> Because I want to keep the code as clean as possible, I want to be
> able to return the JSON for a user using @user.to_json. Which works
> fine, but it also includes the crypted_password data and the
> persistence_token, among other things.
>
> What I do now to prevent this from happening is including an :except
> option for the to_json method in my controller for these sensitive
> columns, but I''d like to know whether there is a way to specify
the
> excluded columns somewhere in the model to prevent serialization of
> these attributes.
>
> If that''s possible I''d also like to know whether
there''s a way to
> check for this prevention so that we can dynamically generate relevant
> column names (for example).
Best regards

Peter De Berdt

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

I liked the Peter''s suggestion.

And I found this link in google, because I was curious about the as_json
method:

http://jonathanjulian.com/2010/04/rails-to_json-or-as_json/

Best Regards,

Everaldo

On Sun, Jul 10, 2011 at 1:37 PM, Peter De Berdt
<peter.de.berdt-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>wrote:
> Overwriting the "as_json" method in your model should work too I
think.
> Best way to to it IMO if it''s just one model you want to change
the to_json
> behavior on.
>
> def as_json(options={})
>   options[:except] ||= [:some, :fields, :here]
>   super(options)
> end
>
> On 10 Jul 2011, at 17:35, Everaldo Gomes wrote:
>
> I think you could use inheritance to extend ActiveRecord::Base and then you
> could overwrite the to_json method.
>
> There you could write the rules for default excluded column names.
>
> Then, your Models should extend your inherited class.
>
> I don''t know if this work, it''s just an idea.
>
> Best Regards,
>
> Everaldo
>
> On Sun, Jul 10, 2011 at 12:01 PM, jhaagmans
<jaap.haagmans-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> wrote:
>
>> Hi,
>>
>> I''d like to get your thoughts on something. We''re
developing an
>> application that relies heavily RESTful JSON requests.
>>
>> Because I want to keep the code as clean as possible, I want to be
>> able to return the JSON for a user using @user.to_json. Which works
>> fine, but it also includes the crypted_password data and the
>> persistence_token, among other things.
>>
>> What I do now to prevent this from happening is including an :except
>> option for the to_json method in my controller for these sensitive
>> columns, but I''d like to know whether there is a way to
specify the
>> excluded columns somewhere in the model to prevent serialization of
>> these attributes.
>>
>> If that''s possible I''d also like to know whether
there''s a way to
>> check for this prevention so that we can dynamically generate relevant
>> column names (for example).
>
>
> Best regards
>
>
> Peter De Berdt
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Hi All,

I''m starting a Rails 3.1 app. Two tests which involve invalid models
are failing and I don''t understand why. The tests are the stock tests
generated by the rails rspec generator. I''m new to RSpec so
I''m probably missing something obvious. I''d appreciate some
guidance.

**Leigh

========
rails g rspec:install
rake test:prepare
rake spec

Rake spec produces:

Failures:

  1) JobsController create action should render new template when model is
invalid
     Failure/Error: response.should render_template(:new)
       Expected block to return true value.
     # ./spec/controllers/jobs_controller_spec.rb:25:in `block (2 levels) in
<top (required)>''

  2) JobsController update action should render edit template when model is
invalid
     Failure/Error: response.should render_template(:edit)
       Expected block to return true value.
     # ./spec/controllers/jobs_controller_spec.rb:42:in `block (2 levels) in
<top (required)>''

Finished in 0.53822 seconds
10 examples, 2 failures

Controller specs:

  it "create action should render new template when model is invalid"
do
    Job.any_instance.stubs(:valid?).returns(false)
    post :create
    response.should render_template(:new)
  end

  it "update action should render edit template when model is invalid"
do
    Job.any_instance.stubs(:valid?).returns(false)
    put :update, :id => Job.first
    response.should render_template(:edit)
  end

JobsController methods:

  def create
    @job = Job.new(params[:job])
    if @job.save
      redirect_to @job, :notice => "Successfully created
\"#{@job.description.chomp}\"."
    else
      render :action => ''new''
    end
  end

  def update
    @job = Job.find(params[:id])
    if @job.update_attributes(params[:job])
      redirect_to @job, :notice  => "Successfully updated
\"#{@job.description.chomp}\"."
    else
      render :action => ''edit''
    end
  end

gem list rspec:

rspec (2.6.0)
rspec-core (2.6.4, 2.6.3)
rspec-expectations (2.6.0)
rspec-mocks (2.6.0)
rspec-rails (2.6.1, 2.6.0)

Gemfile extract:

gem ''rails'', ''>= 3.1.0.rc4''
group :development, :test do
  gem ''turn'', :require => false
  gem ''rspec-rails'', ''>= 2.6.1''
  gem ''cucumber-rails''
  gem ''capybara''
  gem ''database_cleaner''
end




-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Sun, Jul 10, 2011 at 10:33 AM, Leigh Daniels
<leighdaniels42-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:
> Hi All,
>
> I''m starting a Rails 3.1 app. Two tests which involve invalid
models are
> failing and I don''t understand why. The tests are the stock tests
generated
> by the rails rspec generator. I''m new to RSpec so I''m
probably missing
> something obvious. I''d appreciate some guidance.
>
> **Leigh
>
> ========>
> rails g rspec:install
> rake test:prepare
> rake spec
>
> Rake spec produces:
>
> Failures:
>
>  1) JobsController create action should render new template when model is
> invalid
>     Failure/Error: response.should render_template(:new)
>       Expected block to return true value.
>     # ./spec/controllers/jobs_controller_spec.rb:25:in `block (2 levels) in
> <top (required)>''
>
>  2) JobsController update action should render edit template when model is
> invalid
>     Failure/Error: response.should render_template(:edit)
>       Expected block to return true value.
>     # ./spec/controllers/jobs_controller_spec.rb:42:in `block (2 levels) in
> <top (required)>''
>
> Finished in 0.53822 seconds
> 10 examples, 2 failures
>
>
Leigh, you''re controller spec appear to be missing a call to the
following:

render_views

Thus, you''ll need to add this line inside the first describe block of
the
jobs_controller_spec.rb.

Good luck,

-Conrad

> Controller specs:
>
>  it "create action should render new template when model is
invalid" do
>    Job.any_instance.stubs(:valid?).returns(false)
>    post :create
>    response.should render_template(:new)
>  end
>
>  it "update action should render edit template when model is
invalid" do
>    Job.any_instance.stubs(:valid?).returns(false)
>    put :update, :id => Job.first
>    response.should render_template(:edit)
>  end
>
> JobsController methods:
>
>  def create
>    @job = Job.new(params[:job])
>    if @job.save
>      redirect_to @job, :notice => "Successfully created
> \"#{@job.description.chomp}\"."
>    else
>      render :action => ''new''
>    end
>  end
>
>  def update
>    @job = Job.find(params[:id])
>    if @job.update_attributes(params[:job])
>      redirect_to @job, :notice  => "Successfully updated
> \"#{@job.description.chomp}\"."
>    else
>      render :action => ''edit''
>    end
>  end
>
> gem list rspec:
>
> rspec (2.6.0)
> rspec-core (2.6.4, 2.6.3)
> rspec-expectations (2.6.0)
> rspec-mocks (2.6.0)
> rspec-rails (2.6.1, 2.6.0)
>
> Gemfile extract:
>
> gem ''rails'', ''>= 3.1.0.rc4''
> group :development, :test do
>  gem ''turn'', :require => false
>  gem ''rspec-rails'', ''>= 2.6.1''
>  gem ''cucumber-rails''
>  gem ''capybara''
>  gem ''database_cleaner''
> end
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Thanks, Conrad.

I''m all green now!

**Leigh

On Sun, Jul 10, 2011, Conrad Taylor
<conradwt-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>Leigh, you''re controller spec appear to be missing a call to the
following:
>
>render_views
>
>Thus, you''ll need to add this line inside the first describe block
of the
>jobs_controller_spec.rb.
>
>Good luck,
>
>-Conrad

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Hi Peter,

Your suggestion will work fine. Thank you. I was hoping there would be
a way to do this within ActiveModel or ActiveRecord because I also
want to do this the other way around: I would like to render some
javascript in which can dynamically define these attributes. I''ll have
to do that with some kind of model variable or method.

Jaap Haagmans


On 10 jul, 18:37, Peter De Berdt
<peter.de.be...-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
wrote:
> Overwriting the "as_json" method in your model should work too I
 
> think. Best way to to it IMO if it''s just one model you want to
change  
> the to_json behavior on.
>
> def as_json(options={})
>    options[:except] ||= [:some, :fields, :here]
>    super(options)
> end
>
> On 10 Jul 2011, at 17:35, Everaldo Gomes wrote:
>
>
>
>
>
>
>
>
>
> > I think you could use inheritance to extend ActiveRecord::Base and  
> > then you could overwrite the to_json method.
>
> > There you could write the rules for default excluded column names.
>
> > Then, your Models should extend your inherited class.
>
> > I don''t know if this work, it''s just an idea.
>
> > Best Regards,
>
> > Everaldo
>
> > On Sun, Jul 10, 2011 at 12:01 PM, jhaagmans  
> > <jaap.haagm...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > Hi,
>
> > I''d like to get your thoughts on something. We''re
developing an
> > application that relies heavily RESTful JSON requests.
>
> > Because I want to keep the code as clean as possible, I want to be
> > able to return the JSON for a user using @user.to_json. Which works
> > fine, but it also includes the crypted_password data and the
> > persistence_token, among other things.
>
> > What I do now to prevent this from happening is including an :except
> > option for the to_json method in my controller for these sensitive
> > columns, but I''d like to know whether there is a way to
specify the
> > excluded columns somewhere in the model to prevent serialization of
> > these attributes.
>
> > If that''s possible I''d also like to know whether
there''s a way to
> > check for this prevention so that we can dynamically generate relevant
> > column names (for example).
>
> Best regards
>
> Peter De Berdt
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Jul 10, 2011, at 4:47 PM, Leigh Daniels wrote:
> Thanks, Conrad.
> 
> I''m all green now!
> 
> **Leigh
> 
> On Sun, Jul 10, 2011, Conrad Taylor
<conradwt-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> 
>> Leigh, you''re controller spec appear to be missing a call to
the following:
>> 
>> render_views
Leigh, Conrad,

Without render_views, an empty stub template is rendered, so unless
you''re adding specs for content in the template, you shouldn''t
need render_views for the generated specs to pass as/is.

The following script results in passing specs for me (ruby 1.9.2 and 1.8.7 with
clean gemsets in rvm, Mac OS X):

gem install rails -v 3.1.0.rc4
rails new example
cd example
echo ''gem "rspec-rails", "~> 2.6.0", :group
=> [:development, :test]'' >> Gemfile
bundle install
rails generate rspec:install
rails generate scaffold jobs
rake db:migrate
rake db:test:prepare
rspec spec/controllers

What environment are you working in?

Cheers,
David



-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.