Add BlocksJsonSerialization model concern and include it in User

author: Robert Speicher <rspeicher@gmail.com> 2017-09-18 23:18:51 -0400
committer: Robert Speicher <rspeicher@gmail.com> 2017-12-19 15:45:07 -0600
commit: 32ff813d3dccef6378361dff599eca44b05f46d4 (patch)
tree: aa5ef5e4ae4c8c10029ffc483527584240dc7d84 /app
parent: 5b880f0d36b082a0b443c5fe95f51a84dee27475 (diff)
download: gitlab-ce-32ff813d3dccef6378361dff599eca44b05f46d4.tar.gz
2 files changed, 15 insertions, 0 deletions
diff --git a/app/models/concerns/blocks_json_serialization.rb b/app/models/concerns/blocks_json_serialization.rb
new file mode 100644
index 00000000000..cb70c22e207
--- /dev/null
+++ b/app/models/concerns/blocks_json_serialization.rb
@@ -0,0 +1,14 @@
+# Overrides `as_json` and `to_json` to raise an exception when called in order
+# to prevent accidentally exposing attributes
+#
+# Not that that would ever happen... but just in case.
+module BlocksJsonSerialization
+  extend ActiveSupport::Concern
+
+  def to_json
+    raise SecurityError,
+      "JSON serialization has been disabled on #{self.class.name}"
+  end
+
+  alias_method :as_json, :to_json
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 51941f43919..b52f17cd6a8 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -18,6 +18,7 @@ class User < ActiveRecord::Base
   include CreatedAtFilterable
   include IgnorableColumn
   include BulkMemberAccessLoad
+  include BlocksJsonSerialization
 
   DEFAULT_NOTIFICATION_LEVEL = :participating
author	Robert Speicher <rspeicher@gmail.com>	2017-09-18 23:18:51 -0400
committer	Robert Speicher <rspeicher@gmail.com>	2017-12-19 15:45:07 -0600
commit	32ff813d3dccef6378361dff599eca44b05f46d4 (patch)
tree	aa5ef5e4ae4c8c10029ffc483527584240dc7d84 /app
parent	5b880f0d36b082a0b443c5fe95f51a84dee27475 (diff)
download	gitlab-ce-32ff813d3dccef6378361dff599eca44b05f46d4.tar.gz