Mitch VanDuyn

Good idea... i think its doable, I don't think we should put on 1.0 release path, unless everybody thinks so...

good catch... point being that if you have some before_save hook that computes some field values that should not be seen by the client they will be exposed. Is that...

Some initial thoughts: Use the policies to determine what Models are actually accessible on the client. For those models use AR introspection methods to get relationship and attribute information. This...

And here is an additional set of mechanisms that could also be used: This is pretty magic but it should be doable: add the methods `server_method` and `client_method` to all...

The other possibility that would work if we just had the `allow_rpc_to` method would be to structure the code into a "public" client side file like this: ```ruby # app/models/public/file_uploader.rb...

This opening block could be simplified using some convention over configuration: ```ruby class FileUploader extend_on_server do allow_rpc_access_to :create_cloud_temp_url { |file_name| acting_user } allow_rpc_access_to :copy_from_temp_dir { |file_name| acting_user } end ......

I think I like `allow_clients_to_call :create_cloud_temp_url` better as name, any other ideas?

@noma4i FYI I don't think its possible to simply do this in the components, UNLESS the component files are compiled on the server. Otherwise its a security risk.. Some place...

Be aware however that any record that has ANY attribute accessible to a channel will automatically be grant access of the id to that channel. This is to allow push...

FYI aggregations might have a similar problem, however i think we should just Make a caveat, as those things are so hard to deal with. I would rather we just...