How to override the 'as_json' or 'to_json' method in order to 'respond_to' without including specified information?
10,815
If it is only in one action you can try:
format.json { render :json => @account, :except => :password }
if you need it for more than one action than the override would be better:
# Exclude password info from json output.
def to_json(options={})
options[:except] ||= :password
super
end
the same is good for as_json
# Exclude password info from json output.
def as_json(options={})
options[:except] ||= :password
super
end
Related videos on Youtube
Author by
user502052
Updated on May 23, 2022Comments
-
user502052 almost 2 years
I am using Ruby on Rails 3 and I would like to override (possibly in the model file) the
as_json
orto_json
method in order torespond_to
an HTTP request without including some information.In my Account model I have
def as_json(options = {}) super( :except => [ :password ] ) end
In my controller I have
format.json { render :json => @account, :status => 200 }
When I make a request, for example, to
/account/1.json
I have back also the password attributes that, for security reasons, I don't want.So, how can I prevent to include specified information?
I can do this and it works
format.json { render :json => @account.to_json(:except => [:password]), :status => 200 }
but it I need to refactor.
-
user502052 about 13 yearsIn order to work, I MUST use 'render :json => @account.to_json' instead of 'render :json => @account'. I think there is some way to do that without include '.to_json'...
-
tommasop about 13 yearsin rails 3 if you override the as_json method in the model and then put format.json { render :json => @account } in the controller it works without calling to_json
-
icecream about 13 yearsDoes it work if you override "serializable_hash" instead of "as_json"?
-
Shyam Habarakada almost 11 yearsThis works. I added the slightly different syntax for excluding multiple attributes.
-
pdu over 10 yearsMaybe nice to know: It is sufficient to just write
super
, as it automatically takes the same arguments the parent method has, unless you specify them yourself. -
Ryan McGeary almost 10 yearsIt would be better to use
options[:except] = Array(options[:except]) | [:password]
if you wanted to guarantee that the:password
could never be sent as json. -
Franco almost 9 years@Ryan McGeary: Actually, the syntax
options[:except] ||= :password
seems strange to me as well. It would be equivalent tooptions[:except]
if this term is truthy, to:password
otherwise. Doesn't it?