rails security help

Hey I was wondering if anyone knows of a gem or plugin that can limit
fields returned based on the User's role? I'm looking for something
that will basically rewrite the find() method to limit the fields
returned based on the User role.

so,

Admin:
Product.all => returns id, number, description, cost fields

Guest:
Product.all => returns id, number, description fields

Thanks!

Marli Ba wrote:

Hey I was wondering if anyone knows of a gem or plugin that can limit
fields returned based on the User's role? I'm looking for something
that will basically rewrite the find() method to limit the fields
returned based on the User role.

so,

Admin:
Product.all => returns id, number, description, cost fields

Guest:
Product.all => returns id, number, description fields

Thanks!

We use something similar to filter objects in zena
(http://bit.ly/2yjaVk). Basically, you need two things:

1. the visitor pattern (stored in Thread.current)
2. scoped finders

I wrote an exemple of what you could use to filter fields:
http://gist.github.com/210544

To store the visitor in the Thread, the simplest solution is:

unless Thread.current.respond_to?(:visitor)
  class << Thread.current
    attr_accessor :visitor
  end
end
Thread.current.visitor = logged_in_user

Gaspard