Restful_rails with subdomains

I’m running multiple subdomains from one Rails application. I would
like to extend restful_rails so that permissions are assigned by site;
e.g. a user with administrative permission in one subdomain might have
a different permission or no permission on another subdomain.

It seems like I should alter “has_many :users, :through
=> :permissions” to also cross-check against the current site. I have
tried using :finder_sql to do this, but it does not appear to be
affecting the actual query.

Alternatively, I could rewrite “user.has_role?” and/or
“user.find_by_rolename” to include the check. But I am not having luck
with either approach. I welcome any suggestions.