User details being displayed in the browser dev tools
I have a rails application where i am using javascript. Now when the user logsin inside the application i can see all the user details(email,pw,phone etc.) in the Network->Preview section of the browser dev tools. Is there a way to hide it in rails? so that when i open the browser dev tools i dont see the user details. I am using React js in the front end.
javascript ruby-on-rails reactjs
add a comment |
I have a rails application where i am using javascript. Now when the user logsin inside the application i can see all the user details(email,pw,phone etc.) in the Network->Preview section of the browser dev tools. Is there a way to hide it in rails? so that when i open the browser dev tools i dont see the user details. I am using React js in the front end.
javascript ruby-on-rails reactjs
add a comment |
I have a rails application where i am using javascript. Now when the user logsin inside the application i can see all the user details(email,pw,phone etc.) in the Network->Preview section of the browser dev tools. Is there a way to hide it in rails? so that when i open the browser dev tools i dont see the user details. I am using React js in the front end.
javascript ruby-on-rails reactjs
I have a rails application where i am using javascript. Now when the user logsin inside the application i can see all the user details(email,pw,phone etc.) in the Network->Preview section of the browser dev tools. Is there a way to hide it in rails? so that when i open the browser dev tools i dont see the user details. I am using React js in the front end.
javascript ruby-on-rails reactjs
javascript ruby-on-rails reactjs
asked Nov 22 '18 at 11:34
Soumyadip ChakrabortySoumyadip Chakraborty
8226
8226
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
As far as I could understand, this is an authorization issue. You probably want to have different roles for your users and, based on such roles, decide what to display.
You may use policies to define which content each user is allowed to access. To this end, you could use the pundit gem. It is very useful to define authorization mechanisms for controller actions.
If different users can access the same route but you need to hide some fields/details for some of them, you should pass the current_user to your serializations. For example, if you are using the Active Model Serializers gem, you need to add the current_user to the scope of your serializers:
class ApplicationController < ActionController::Base
serialization_scope :current_user
end
And then use that scope to display user details:
class UserSerializer < BaseSerializer
attribute :name # Everyone can see
attribute :email do # Only admins can see
user = scope
if user
if user.admin?
object.email
end
end
end
end
This article have a deeper discussion regarding authorization in rails apps
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53430085%2fuser-details-being-displayed-in-the-browser-dev-tools%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
As far as I could understand, this is an authorization issue. You probably want to have different roles for your users and, based on such roles, decide what to display.
You may use policies to define which content each user is allowed to access. To this end, you could use the pundit gem. It is very useful to define authorization mechanisms for controller actions.
If different users can access the same route but you need to hide some fields/details for some of them, you should pass the current_user to your serializations. For example, if you are using the Active Model Serializers gem, you need to add the current_user to the scope of your serializers:
class ApplicationController < ActionController::Base
serialization_scope :current_user
end
And then use that scope to display user details:
class UserSerializer < BaseSerializer
attribute :name # Everyone can see
attribute :email do # Only admins can see
user = scope
if user
if user.admin?
object.email
end
end
end
end
This article have a deeper discussion regarding authorization in rails apps
add a comment |
As far as I could understand, this is an authorization issue. You probably want to have different roles for your users and, based on such roles, decide what to display.
You may use policies to define which content each user is allowed to access. To this end, you could use the pundit gem. It is very useful to define authorization mechanisms for controller actions.
If different users can access the same route but you need to hide some fields/details for some of them, you should pass the current_user to your serializations. For example, if you are using the Active Model Serializers gem, you need to add the current_user to the scope of your serializers:
class ApplicationController < ActionController::Base
serialization_scope :current_user
end
And then use that scope to display user details:
class UserSerializer < BaseSerializer
attribute :name # Everyone can see
attribute :email do # Only admins can see
user = scope
if user
if user.admin?
object.email
end
end
end
end
This article have a deeper discussion regarding authorization in rails apps
add a comment |
As far as I could understand, this is an authorization issue. You probably want to have different roles for your users and, based on such roles, decide what to display.
You may use policies to define which content each user is allowed to access. To this end, you could use the pundit gem. It is very useful to define authorization mechanisms for controller actions.
If different users can access the same route but you need to hide some fields/details for some of them, you should pass the current_user to your serializations. For example, if you are using the Active Model Serializers gem, you need to add the current_user to the scope of your serializers:
class ApplicationController < ActionController::Base
serialization_scope :current_user
end
And then use that scope to display user details:
class UserSerializer < BaseSerializer
attribute :name # Everyone can see
attribute :email do # Only admins can see
user = scope
if user
if user.admin?
object.email
end
end
end
end
This article have a deeper discussion regarding authorization in rails apps
As far as I could understand, this is an authorization issue. You probably want to have different roles for your users and, based on such roles, decide what to display.
You may use policies to define which content each user is allowed to access. To this end, you could use the pundit gem. It is very useful to define authorization mechanisms for controller actions.
If different users can access the same route but you need to hide some fields/details for some of them, you should pass the current_user to your serializations. For example, if you are using the Active Model Serializers gem, you need to add the current_user to the scope of your serializers:
class ApplicationController < ActionController::Base
serialization_scope :current_user
end
And then use that scope to display user details:
class UserSerializer < BaseSerializer
attribute :name # Everyone can see
attribute :email do # Only admins can see
user = scope
if user
if user.admin?
object.email
end
end
end
end
This article have a deeper discussion regarding authorization in rails apps
answered Nov 22 '18 at 13:53
Arthur Del EsposteArthur Del Esposte
936
936
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53430085%2fuser-details-being-displayed-in-the-browser-dev-tools%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown