Overload the form helper functions to understand ModelSecurity and act upon the permissions that ModelSecurity encodes. If a model attribute does not have a read permission in the current context, its data won’t be displayed, or read at all, and thus the helpers won’t trigger a ModelSecurity exception. If there’s no write permission on the datum, you’ll display static data instead of an edit field. Write-only attributes work too. And all of this works on scaffolds.

The methods overriden here are:

• check_box
• file_field
• hidden_field
• password_field
• radio_button
• text_area
• text_field