improved api censoring

2011-09-10 15:58:04 -04:00
parent b55893d96d
commit a7846731d5
3 changed files with 52 additions and 10 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -305,6 +305,27 @@ class User < ActiveRecord::Base
    end
  end
  
+  module ApiMethods
+    def hidden_attributes
+      super + [:password_hash, :email, :email_verification_key]
+    end
+    
+    def serializable_hash(options = {})
+      options ||= {}
+      options[:except] ||= []
+      options[:except] += hidden_attributes
+      super(options)
+    end
+    
+    def to_xml(options = {}, &block)
+      # to_xml ignores the serializable_hash method
+      options ||= {}
+      options[:except] ||= []
+      options[:except] += hidden_attributes
+      super(options, &block)
+    end
+  end
+  
  include BanMethods
  include NameMethods
  include PasswordMethods
@@ -316,6 +337,7 @@ class User < ActiveRecord::Base
  include ForumMethods
  include LimitMethods
  include InvitationMethods
+  include ApiMethods
  
  def initialize_default_image_size
    self.default_image_size = "Medium"
@@ -324,10 +346,5 @@ class User < ActiveRecord::Base
  def can_update?(object, foreign_key = :user_id)
    is_moderator? || is_admin? || object.__send__(foreign_key) == id
  end
-  
-  def serializable_hash(options = {})
-    options = {:except => [:password_hash, :email, :email_verification_key]}.merge(options ||= {})
-    super(options)
-  end
 end

--- a/config/initializers/active_record_api_extensions.rb
+++ b/config/initializers/active_record_api_extensions.rb
@@ -0,0 +1,30 @@
+module Danbooru
+  module Extensions
+    module ActiveRecordApi
+      extend ActiveSupport::Concern
+      
+      def serializable_hash(options = {})
+        options ||= {}
+        options[:except] ||= []
+        options[:except] += hidden_attributes
+        super(options)
+      end
+      
+      def to_xml(options = {}, &block)
+        # to_xml ignores serializable_hash
+        options ||= {}
+        options[:except] ||= []
+        options[:except] += hidden_attributes
+        super(options, &block)
+      end
+      
+      def hidden_attributes
+        [:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]
+      end
+    end
+  end
+end
+
+class ActiveRecord::Base
+  include Danbooru::Extensions::ActiveRecordApi
+end
--- a/config/initializers/active_record_extensions.rb
+++ b/config/initializers/active_record_extensions.rb
@@ -44,11 +44,6 @@ module Danbooru
        
        "case #{table_name}.id " + conditions.join(" ") + " end"
      end
-      
-      def serializable_hash(options = {})
-        options = {:except => [:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]}.merge(options ||= {})
-        super(options)
-      end
    end
  end
 end