Module: BlocksUnsafeSerialization

Extended by:: ActiveSupport::Concern, Gitlab::Utils::Override

Included in:: Namespace, Project, User

Defined in:: app/models/concerns/blocks_unsafe_serialization.rb

Overview

Overrides #serializable_hash to raise an exception when called without the only option in order to prevent accidentally exposing attributes.

An ‘unsafe: true` option can also be passed in to bypass this check.

#serializable_hash is used by ActiveModel serializers like ActiveModel::Serializers::JSON which overrides #as_json and #to_json.

Constant Summary collapse

UnsafeSerializationError =

Class.new(StandardError)

Instance Method Summary collapse

#serializable_hash(options = nil) ⇒ Object

Methods included from Gitlab::Utils::Override

extended, extensions, included, method_added, override, prepended, queue_verification, verify!

Instance Method Details

#serializable_hash(options = nil) ⇒ `Object`

Raises:

# File 'app/models/concerns/blocks_unsafe_serialization.rb', line 18

def serializable_hash(options = nil)
  return super if allow_serialization?(options)

  raise UnsafeSerializationError,
    "Serialization has been disabled on #{self.class.name}"
end