From 944b9bf4981128d2dbe54dd969dd3594bfdef668 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Tue, 10 May 2016 16:07:39 +0200 Subject: [PATCH] Do not show passwords on user create or update. --- app/controllers/users_controller.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index a2c727aae..147696499 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -50,7 +50,8 @@ class UsersController < ApplicationController return end - user = User.find(params[:id]) + user = User.find(params[:id]).attributes_with_associations + user.delete('password') render json: user end @@ -159,7 +160,8 @@ class UsersController < ApplicationController } ) end - user_new = User.find(user.id) + user_new = User.find(user.id).attributes_with_associations + user_new.delete('password') render json: user_new, status: :created rescue => e render json: model_match_error(e.message), status: :unprocessable_entity @@ -206,7 +208,8 @@ class UsersController < ApplicationController end # get new data - user_new = User.find( params[:id] ) + user_new = User.find(params[:id]).attributes_with_associations + user_new.delete('password') render json: user_new, status: :ok rescue => e render json: { error: e.message }, status: :unprocessable_entity