Module: BlocksUnsafeSerialization

Extended by:: ActiveSupport::Concern, Gitlab::Utils::Override

Included in:: Namespace, Project, User

Defined in:: app/models/concerns/blocks_unsafe_serialization.rb

Overview

Overrides ‘#serializable_hash` to raise an exception when called without the `only` option in order to prevent accidentally exposing attributes.

An ‘unsafe: true` option can also be passed in to bypass this check.

‘#serializable_hash` is used by ActiveModel serializers like `ActiveModel::Serializers::JSON` which overrides `#as_json` and `#to_json`.

Constant Summary collapse

UnsafeSerializationError =

Class.new(StandardError)

Instance Method Summary collapse

#serializable_hash(options = nil) ⇒ Object

Methods included from Gitlab::Utils::Override

extended, extensions, included, method_added, override, prepended, queue_verification, verify!

Instance Method Details

#serializable_hash(options = nil) ⇒ `Object`

Raises:

(UnsafeSerializationError)

# File 'app/models/concerns/blocks_unsafe_serialization.rb', line 18

def serializable_hash(options = nil)
  return super if allow_serialization?(options)

  raise UnsafeSerializationError,
    "Serialization has been disabled on #{self.class.name}"
end