New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
$paginate['contain'] exposes hidden fields #7110
Comments
Exposed in what way? |
The response generated by $this->set('companies', $this->paginate());
$this->set('_serialize', ['companies']); Includes a "created_by": { "name": "a" ... } where the 'password' field is not shown, if we had set If |
@lorenzo Doesn't it use the auto-generated model by not using the correct association name which doesn't have |
Please demonstrate that - i.e. show what's happening and in what way it's not what you expect. |
public function index(){
$this->paginate['contain'] = 'CreatedBy';
$this->set('companies', $this->paginate());
$this->set('_serialize', ['companies']);
} Returns as expected the following where the hidden fields from the users table are not exposed: {
"companies": [
{
"id": "1",
"name": "Company 1 ApS",
"street_name": "Street 12",
"created_by_id": "2",
"contact_person_id": "3",
"invoice_email": "a@b.com",
"created": "2015-05-25T20:25:06+0000",
"created_by": {
"id": "2",
"first_name": "First name",
"last_name": "Last name",
"created": "2015-02-26T17:07:37+0000"
}
}
]
} If i write {
"companies": [
{
"id": "1",
"name": "Company 1 ApS",
"street_name": "Street 12",
"created_by_id": "2",
"contact_person_id": "3",
"invoice_email": "a@b.com",
"created": "2015-05-25T20:25:06+0000",
"CreatedBy": {
"id": "2",
"first_name": "First name",
"last_name": "Last name",
"created": "2015-02-26T17:07:37+0000",
"password": "$2k$11$swRqe3/JQxksSudhbKzhGR..."
}
}
]
} |
I did some digging on this, and because the alias name does not match the association alias, the data is not mapped into an entity. Instead it is left as an array. This is why the hidden field settings are not applied. The root cause of this issue is that associations are stored in a case-insenstive way. This was done to catch duplicate association definitions more easily. I think ensuring that the contained associations use their correct aliases might be a way to prevent this issue. |
Raising an exception in the scenario where a developer mis-types an association name prevents accidental alias mistakes, and more importantly prevents data from being returned as an array when it should be entity instances. Refs #7110
Pull request up now. |
I have a CompaniesTable.php in my model that contains this association
And in User.php entity I have
Now, when I in a controller do
The hidden fields from the users table are as expected not shown. However if i spell CreatedBy a bit different, like:
All fields, including the hidden ones are included in the result.
The text was updated successfully, but these errors were encountered: