Dynamically hide certain columns when returning an Eloquent object as JSON?

Stefan Izdrail

Founder & Senior Architect · 2026-06-29

Laravel Company
Title: Dynamically Hiding or Showing Specific Columns in JSON Responses with Laravel Eloquent One of the core concepts of software development is flexibility. Sometimes, you might want to reveal different fields for a given resource depending on the context. In Laravel, this can be achieved through Eloquent models and their attributes. While protected properties like `$hidden` or `$visible` can hide or show certain columns in your model, they are static across all situations. To address this requirement, you need to find a dynamic way of hiding specific fields when returning an Eloquent object as JSON. This blog post will provide the steps and code examples necessary for achieving that goal. Let's first understand how Eloquent models work with protected and public attributes. By default, all model columns are marked as `protected`. This means they can only be accessed from within the same class or subclasses. On the other hand, public properties allow you to set and get values directly. You would use these when you want more control over which properties are available for accessing. A common way to dynamically hide attributes in your model is by using Accessors and Mutators. These methods can be defined on your models to intercept the property value before it's accessed or mutated, allowing you to perform any necessary logic. For example, let's assume we have a `User` model with a `password` field that we want to hide when returning as JSON. First, create an accessor method in your User model: ```php /** * Get the password attribute from the database. */ public function getPasswordAttribute($value) { return ''; // Replace this with your desired behavior (e.g., null) } ``` Now, whenever you call `$user->password`, it will always return an empty string instead of the actual password value. This effectively hides the password column in JSON responses. However, this approach has a downside—you'll need to adjust your model every time you make changes to the properties or fields you want to hide/show. A better solution is to use closures with Accessor and Mutator methods. By using closures, you can create a dynamic accessor that will only reveal the password when needed: ```php /** * Get the password attribute from the database. */ public function getPasswordAttribute($value) { // Return null if we are sending JSON response or hiding password in a specific context $shouldShowPassword = !Request::is('api/*') && config('app.hide_passwords'); return ($shouldShowPassword ? $value : null); } ``` In the above example, we're checking if it's an API request (API routes use `api/*`) and whether password hiding is enabled in our application configuration file (`config/app.php`). If both conditions are met, return the actual value; otherwise, return null to hide the password column in the JSON response. This method provides greater flexibility since you can change your accessor logic without altering your model code or needing to define a specific `$hidden` array. Moreover, it offers more control over which fields are hidden or shown based on the request's context and configuration settings. In summary, dynamically hiding or showing columns in JSON responses with Laravel Eloquent can be achieved by leveraging protected properties like accessors and mutators. Using closures in these methods allows you to create intelligent logic that adapts to different situations, providing the required flexibility. Remember to always follow good coding practices when dealing with sensitive information such as passwords.