From 0b71e36e3db8f33c66e4eeed9405dc04a4ba2d2f Mon Sep 17 00:00:00 2001
From: albert <r888888888@gmail.com>
Date: Tue, 6 Sep 2011 11:27:57 -0400
Subject: [PATCH] hide passwords/ip addrs from json/xml apis

---
 app/models/user.rb                              | 5 +++++
 config/initializers/active_record_extensions.rb | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/app/models/user.rb b/app/models/user.rb
index f496aaed8..37cc2ee6f 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -323,5 +323,10 @@ class User < ActiveRecord::Base
   def can_update?(object, foreign_key = :user_id)
     is_moderator? || is_admin? || object.__send__(foreign_key) == id
   end
+  
+  def serializable_hash(options = {})
+    options = {:except => [:password_hash, :email, :email_verification_key]}.merge(options ||= {})
+    super(options)
+  end
 end
 
diff --git a/config/initializers/active_record_extensions.rb b/config/initializers/active_record_extensions.rb
index 480bdc69d..a4d0483a2 100644
--- a/config/initializers/active_record_extensions.rb
+++ b/config/initializers/active_record_extensions.rb
@@ -44,6 +44,11 @@ module Danbooru
         
         "case #{table_name}.id " + conditions.join(" ") + " end"
       end
+      
+      def serializable_hash(options = {})
+        options = {:except => [:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]}.merge(options ||= {})
+        super(options)
+      end
     end
   end
 end