Blocking/accepting params according to @member.admin?

If the parameters are associated with a model, like a submissions
title, dates, etc, they could be edited in the model itself. I have a
model and put all its editing in the validate() method. Even some
control-only parameters (not stored in the DB as member attributes) are
defined in the attr_accessor/acccessible sections, and are passed from
the view. It works well, as I don't have to worry about any validation
code in the views/controllers. I figure every object validates itself.

If you took this approach, you can try a control-only variable on the
form @member_level which stores the current member level, and have an
accessor for it in the submission model. then add any code in the
validate() method which checks the member_level. This is assuming its
up to the submission to know what each member-level can do to it.

As far as not showing the fields on the view for non-admins, just put
the code in a partial and check it there. You can call the partial
from any controllers view. I have a shared view folder and call it
from different views:
<%= render :partial => 'shared/top_menu' %>

One correction to my previous post... I went back and checked the
code... I don't get the member_level value from the form. Ths would be
insecure as anybody can pass a higher level. I get the from
session[:member_id] and look up the user in the DB and retrieve the
member_level. You can also store it in session[:member_level].