Finders should return nil instead of raising security violations

[catmando]

For example consider:

Customers.find_by_handle('catmando')

if 'catmando' exists but the client does not have permission to view the data it will throw an error.

if 'catmando' does not exist it will just return nil.

so a hacker could use this to easily check if specific data exists or not.

Solution is just to return nil always unless the client has permission to view at least one attribute in the record.