Eloquent Hiding Attributes with $hidden property

TL;DR Eloquent's $hidden property allows you to conceal sensitive attributes from being populated or stored in models, enhancing security and data integrity. Simply define an array of attribute names within the $hidden property to exclude them.

The Art of Concealment: How to Hide Attributes with Eloquent's $hidden Property

As a Laravel developer, you're likely familiar with Eloquent, the powerful ORM (Object-Relational Mapping) tool that makes interacting with your database a breeze. But did you know that Eloquent has a hidden (pun intended) gem within it? The $hidden property allows you to conceal attributes from being populated or stored in your models. In this article, we'll delve into the world of attribute hiding and explore how to utilize this feature to enhance your application's security and data integrity.

Why Hide Attributes in the First Place?

Before we dive into the nitty-gritty details, let's briefly discuss why you might want to hide attributes in the first place. In many cases, certain information is sensitive or private, such as:

• Passwords: You wouldn't want passwords to be stored in plain text, exposing your users' credentials.
• API keys: API keys are often used for authentication and authorization purposes; hiding them from being populated can prevent unauthorized access.
• Sensitive metadata: Some applications may have sensitive metadata, like IP addresses or location information, that shouldn't be exposed.

Using the $hidden Property

To hide attributes in your Eloquent models, you'll need to define an array of attribute names within the $hidden property. This array will contain the names of the attributes you wish to conceal from being populated.

namespace App\Models;

use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    protected $hidden = [
        'password',
        'api_key',
        // Add more attributes as needed
    ];
}

Once you've defined the $hidden property, Eloquent will automatically exclude these attributes from being populated or stored in your models.

How it Works

Here's a step-by-step breakdown of how Eloquent handles hidden attributes:

1. Population: When you retrieve a model instance using Model::find(), Model::first(), or similar methods, Eloquent will only populate the attributes defined in $fillable (if present) and ignore those listed in $hidden.
2. Serialization: When serializing your models to JSON or other formats, Eloquent will exclude hidden attributes.
3. Update: When updating model instances using save() or update(), Eloquent will only update the attributes that are not marked as hidden.

Conclusion

In this article, we explored how to use Eloquent's $hidden property to conceal sensitive attributes from being populated or stored in your models. By hiding these attributes, you can enhance your application's security and data integrity. Remember to carefully consider which attributes should be hidden, as they may affect your application's functionality.

Stay tuned for more Laravel tips and tricks by subscribing to our blog! Do you have any experience with attribute hiding? Share your thoughts in the comments below!