Is it possible to control access to model attributes using CanCan or whatever?

[Alex]

Hello,

Is it possible to control access to model attributes using CanCan or
whatever?

Let's say we have multi-user admin interface for managing orders.
We have Seller and Order models.
Each seller have it's own account in admin where she can manage
(create, edit, list) her orders only.
There is a super admin who can manager sellers and all their orders,
even change the seller for the order.
Order model have accessible attribute "seller_id" when sellers list
and edit the order they shouldn't see seller combo box and should not
be able to change the seller_id.

Is it possible to implement such use case?
The idea behind it is to limit access based not only on Object Type
and Object Instance, but also on Object/Class attributes based on the
role.

Thank you,
Alex

[Benoit Bénézech]

No. Cancan can't do that at the moment. You'll have to use attr_accessible. 

Just create different lists of attr_accessible with your different roles and tell Railsadmin how to find out what role the current_user has.

Then hide non-editable columns.

This will only work for new/edit views.

Check the wiki.