How to override the 'as_json' or 'to_j

2020-07-06 02:00发布

I am using Ruby on Rails 3 and I would like to override (possibly in the model file) the as_json or to_json method in order to respond_to an HTTP request without including some information.

In my Account model I have

def as_json(options = {})
  super(
    :except => [
      :password
    ]
  )
end

In my controller I have

format.json {
  render :json => @account, :status => 200
}

When I make a request, for example, to /account/1.json I have back also the password attributes that, for security reasons, I don't want.

So, how can I prevent to include specified information?

I can do this and it works

format.json {
  render :json => @account.to_json(:except => [:password]), :status => 200
}

but it I need to refactor.

标签： ruby-on-rails ruby security json ruby-on-rails-3

2条回答

我命由我不由天

2楼-- · 2020-07-06 02:40

The best solution is to override as_json methods in your model as following:

def as_json options={}
   super(
     include: {ADD THE RELATIONS YOU WANT TO INCLUDE}).merge({YOU CAN MERGE EXTRA PARAMETER HERE})
end

You could use only (which means that the only parameters that you've listed will be return) or use except (which means return all parameters except the listed ones).

0人赞添加讨论(0) 举报

Explosion°爆炸

3楼-- · 2020-07-06 02:56

If it is only in one action you can try:

format.json { render :json => @account, :except => :password }

if you need it for more than one action than the override would be better:

# Exclude password info from json output.
def to_json(options={})
  options[:except] ||= :password
  super
end

the same is good for as_json

# Exclude password info from json output.
def as_json(options={})
  options[:except] ||= :password
  super
end

0人赞添加讨论(0) 举报

How to override the 'as_json' or 'to_j

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间