Module: BlocksUnsafeSerialization

Extended by:
ActiveSupport::Concern, Gitlab::Utils::Override
Included in:
Namespace, Project, User
Defined in:
app/models/concerns/blocks_unsafe_serialization.rb

Overview

Overrides `#serializable_hash` to raise an exception when called without the `only` option in order to prevent accidentally exposing attributes.

An `unsafe: true` option can also be passed in to bypass this check.

`#serializable_hash` is used by ActiveModel serializers like `ActiveModel::Serializers::JSON` which overrides `#as_json` and `#to_json`.

Constant Summary collapse

UnsafeSerializationError =
Class.new(StandardError)

Instance Method Summary collapse

Methods included from Gitlab::Utils::Override

extended, extensions, included, method_added, override, prepended, queue_verification, verify!

Instance Method Details

#serializable_hash(options = nil) ⇒ Object


18
19
20
21
22
23
# File 'app/models/concerns/blocks_unsafe_serialization.rb', line 18

def serializable_hash(options = nil)
  return super if allow_serialization?(options)

  raise UnsafeSerializationError,
    "Serialization has been disabled on #{self.class.name}"
end