Grant User security

[ikehz]

There seems to be two options here.

1. We extend all of the Devise controllers, as described in the Devise README, and then have filters to turn Grant on and off.

I really don't like this idea, because it's basically just avoiding the problem and could lead to other security holes.

1. We extend Grant to allow granular permissions for particular columns, as maxjustus has done.