I’m using rabl gem show.rabl object @user attributes :id, :name, :realname, :email And i

Question

0

Editorial Team

Asked: June 17, 20262026-06-17T14:15:04+00:00 2026-06-17T14:15:04+00:00

I’m using rabl gem show.rabl object @user attributes :id, :name, :realname, :email And i

0

I’m using rabl gem

show.rabl

object @user
attributes :id, :name, :realname, :email

And i get

{"user":{"id":1,"name":"username","email":"mail@mail.com"}}

The problem is that anyone can see this info if they open http://website.com/users/user.json link

In my db each user after logging have unique auth_token field.

Question is – I want to see this info only with this link – http://website.com/users/user.json?auth_token=yLrUAxWB2szkvx9jBEGv

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-17T14:15:05+00:00

Create a check or work with some authorization gem like cancan.

Raw example so you can get a grasp (untested, wrote it on the phone…):

class MyController < ApplicationController
  before_filter :check_token_if_json
  respond_to :html, :json

  def show
    @user = User.find params[:id]

    respond_with(@user)
  end

  private

  def check_token_if_json
    if params[:format] == 'json'
      raise "Access denied" and return unless params[:token] == 'my_required_token'
    end
end

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using rabl gem show.rabl object @user attributes :id, :name, :realname, :email And i

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply