debian-mirror-gitlab/app/models/concerns/blocks_unsafe_serialization.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

33 lines
918 B
Ruby
Raw Normal View History

2022-05-07 20:08:51 +05:30
# frozen_string_literal: true
# Overrides `#serializable_hash` to raise an exception when called without the `only` option
# in order to prevent accidentally exposing attributes.
#
# An `unsafe: true` option can also be passed in to bypass this check.
#
# `#serializable_hash` is used by ActiveModel serializers like `ActiveModel::Serializers::JSON`
# which overrides `#as_json` and `#to_json`.
#
module BlocksUnsafeSerialization
extend ActiveSupport::Concern
extend ::Gitlab::Utils::Override
UnsafeSerializationError = Class.new(StandardError)
override :serializable_hash
def serializable_hash(options = nil)
return super if allow_serialization?(options)
raise UnsafeSerializationError,
"Serialization has been disabled on #{self.class.name}"
end
private
def allow_serialization?(options = nil)
return false unless options
!!(options[:only] || options[:unsafe])
end
end