New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fields in the __hidden__ variable are being returned. #327
Comments
Update: It seems it's not totally not working. I think this is can be also a security issue since tables that contains password fields might get exposed. |
@jpmateo022 class User(Model):
__hidden__ = ["password"]
# ..
user=User.find(1)
user.serialize() #== won't contain password field This does not remove the fields from query |
Yep even I serialized the hidden fields are still showing. |
But that was not the goal of this class User(Model):
__hidden__ = ["password", "email"]
# ..
user=User.find(1)
user.serialize()
# will return
{'id': 1, 'name': 'Sam', 'remember_token': None, 'verified_at': '2021-01-24T19:25:27.870415+00:00', 'created_at': '2021-01-24T18:25:27+00:00', 'updated_at': '2021-01-24T18:25:27+00:00'} Please check this open issue #302 as I think is related to what you would like to have. If not could you add more details here to explain the behaviour you would like to have (with code examples) ? |
I tested this myself and cannot replicate. Will close for now but will reopen if there is additional information |
@girardinsamuel @jpmateo022 I think what you might be interested in is using |
May I know if we also applied the hidden which indicates what fields should not be returned in the query? My password field shows up after I call the create method.
The text was updated successfully, but these errors were encountered: