class TypeTest < ActiveRecord::Base
server_method :secret_data, default: "hello" do
secret_attribute
end
end
and there will be nothing to prevent anybody from calling type_test.secret_attribute
easy solution is to temporarily set acting_user (like view_permitted? does) and then let the server_method do something with it.
class TypeTest < ActiveRecord::Base
server_method :secret_data, default: "hello" do
raise Hyperloop::AccessViolation unless acting_user.admin?
secret_attribute
end
end
right now server_methods are not protected
So for example you could have
and there will be nothing to prevent anybody from calling
type_test.secret_attribute
easy solution is to temporarily set acting_user (like view_permitted? does) and then let the server_method do something with it.