Version 1 is terrible. It places access logic in the template, potentially (accidentally) exposing things you probably don't want to expose.
You should absolutely not just pass everything to the template, relaying on another variable to determine display.
Do the filtering either in the view (presenting a single correct object to your template) or in the model somehow.
While it's not always 100% possible, one should strive to keep business logic out of templates.
If you need to have dramatically different templates depending on a user's role, then separate templates for each role is the way I'd do it.