I'm working on a multi-user, multi-account App where 1 account can have
n users. It is very important that every user can only access info from
its account. My approach is to add an account_id to every model in the
DB and than add a filter in every controller to only select objects with
the current account_id. I will use the authorization plugin.
Is this approach a good idea?
What is the best way to always set the account_id for every object that
is created without writing
object.account = @current_account
in every CREATE action? Maybe a filter?
Also I'm not sure about the best way to implement the filter for the
select options. I need something like a general condition: No matter
what else appears in the SQL statement, there should always be a "WHERE
account_id = XY".
Thanks for your help!