Role based security mechanism for attributes in Rails

I'm looking for a plugin that provides a role based authorization mechanism for securing read/write access to attributes. I'm picturing something along the lines of declarative_authorization for white listing att开发者_高级运维ributes of model objects. I've spent some time looking around but have come up short, does anyone know of anything?

EDIT: I'm using declarative_authorization to control which users have access to what actions in the controller, but I need something similar that provides access control to the attributes of each model object. I'm trying to prevent information leakage through the web API or users from crafting malicious posts. I can do this through the mass_assignment_authorizer but I was hoping some plugin did this already.

CanCan Branch 2.0

https://github.com/ryanb/cancan/tree/2.0

Edit:

The continuation of CanCan is called CanCanCan.

See https://github.com/bryanrite/cancancan

What about creating a model / controller pair for each controller, and then allowing each role only to access methods in its controller(s)? Then you can make a before_filter in each controller that makes sure each user has permission to use methods in that controller.