Module: BlocksUnsafeSerialization
- Extended by:
- ActiveSupport::Concern, Gitlab::Utils::Override
- Defined in:
- app/models/concerns/blocks_unsafe_serialization.rb
Overview
Overrides ‘#serializable_hash` to raise an exception when called without the `only` option in order to prevent accidentally exposing attributes.
An ‘unsafe: true` option can also be passed in to bypass this check.
‘#serializable_hash` is used by ActiveModel serializers like `ActiveModel::Serializers::JSON` which overrides `#as_json` and `#to_json`.
Constant Summary collapse
- UnsafeSerializationError =
Class.new(StandardError)
Instance Method Summary collapse
Methods included from Gitlab::Utils::Override
extended, extensions, included, method_added, override, prepended, queue_verification, verify!
Instance Method Details
#serializable_hash(options = nil) ⇒ Object
18 19 20 21 22 23 |
# File 'app/models/concerns/blocks_unsafe_serialization.rb', line 18 def serializable_hash( = nil) return super if allow_serialization?() raise UnsafeSerializationError, "Serialization has been disabled on #{self.class.name}" end |