rails security help

Hey I was wondering if anyone knows of a gem or plugin that can limit fields returned based on the User's role? I'm looking for something that will basically rewrite the find() method to limit the fields returned based on the User role.

so,

Admin: Product.all => returns id, number, description, cost fields

Guest: Product.all => returns id, number, description fields

Thanks!

Marli Ba wrote:

Hey I was wondering if anyone knows of a gem or plugin that can limit fields returned based on the User's role? I'm looking for something that will basically rewrite the find() method to limit the fields returned based on the User role.

so,

Admin: Product.all => returns id, number, description, cost fields

Guest: Product.all => returns id, number, description fields

Thanks!

We use something similar to filter objects in zena (http://bit.ly/2yjaVk). Basically, you need two things:

1. the visitor pattern (stored in Thread.current) 2. scoped finders

I wrote an exemple of what you could use to filter fields:

To store the visitor in the Thread, the simplest solution is:

unless Thread.current.respond_to?(:visitor)   class << Thread.current     attr_accessor :visitor   end end Thread.current.visitor = logged_in_user

Gaspard