Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fields in the __hidden__ variable are being returned. #327

Closed
jpmateo022 opened this issue Jan 25, 2021 · 6 comments
Closed

Fields in the __hidden__ variable are being returned. #327

jpmateo022 opened this issue Jan 25, 2021 · 6 comments
Labels
bug An existing feature is not working as intended needs more info This is a ticket that requires more information from the author

Comments

@jpmateo022
Copy link

May I know if we also applied the hidden which indicates what fields should not be returned in the query? My password field shows up after I call the create method.
@jpmateo022
Copy link
Author

Update:

It seems it's not totally not working. I think this is can be also a security issue since tables that contains password fields might get exposed.

@jpmateo022 jpmateo022 changed the title Fields in the hidden still return in create method. Fields in the __hidden__ variable are being returned. Jan 25, 2021
@girardinsamuel
Copy link
Contributor

girardinsamuel commented Jan 25, 2021
edited

@jpmateo022 __hidden__ attribute on model is here to hide fields when serializing your model:

class User(Model):
    __hidden__ = ["password"]
# ..
user=User.find(1)
user.serialize() #== won't contain password field

This does not remove the fields from query

@jpmateo022
Copy link
Author

jpmateo022 commented Jan 25, 2021
edited

Yep even I serialized the hidden fields are still showing.

@girardinsamuel
Copy link
Contributor

girardinsamuel commented Jan 25, 2021
edited

But that was not the goal of this __hidden__ attribute which is working correctly

class User(Model):
    __hidden__ = ["password", "email"]
# ..
user=User.find(1)
user.serialize()
# will return 
{'id': 1, 'name': 'Sam', 'remember_token': None, 'verified_at': '2021-01-24T19:25:27.870415+00:00', 'created_at': '2021-01-24T18:25:27+00:00', 'updated_at': '2021-01-24T18:25:27+00:00'}

Please check this open issue #302 as I think is related to what you would like to have. If not could you add more details here to explain the behaviour you would like to have (with code examples) ?
Thanks 👍

@josephmancuso josephmancuso added bug An existing feature is not working as intended needs more info This is a ticket that requires more information from the author labels Jan 25, 2021
@josephmancuso
Copy link
Member

I tested this myself and cannot replicate. Will close for now but will reopen if there is additional information

@josephmancuso
Copy link
Member

@girardinsamuel @jpmateo022 I think what you might be interested in is using __selects__ on your models https://orm.masoniteproject.com/models#selecting

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug An existing feature is not working as intended needs more info This is a ticket that requires more information from the author
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@girardinsamuel @josephmancuso @jpmateo022