how to restrict/control access to certain model attributes depending on role

Hi!

Assume I have a model named Thread.

Normal users should be able to change the attributes [title, body]. Admin users should be able to change [title, body, sticky, ...].

Now I wonder what's the corrent/best way to restrict/control access to certain model attributes depending on the current user's role etc.

I currenty do it like this: Depending on the current user's role the controller creates an instance of UserPost or AdminPost. This gives me the ability of different templates, different callbacks etc. which is great and what I need. But the problem is rails thinks UserPost/ AdminPost is a STI (because UserPost < User) and so looks for a column named 'type' (especially when using mongoid). But these are actually not STI but only helper models. How can I "turn off" STI, but still make rails use the "posts" table (and not "user_posts"/ "admin_posts")?

Solutions for rails 3 would be best :slight_smile:

Thanks, Corin