Default value for scope in multi-account App, best way


I'm working on a multi-user, multi-account App where 1 account can have
n users. It is very important that every user can only access info from
its account. My approach is to add an account_id to every model in the
DB and than add a filter in every controller to only select objects with
the current account_id. I will use the authorization plugin.

Is this approach a good idea?

What is the best way to always set the account_id for every object that
is created without writing

object.account = @current_account

in every CREATE action? Maybe a filter?

Also I'm not sure about the best way to implement the filter for the
select options. I need something like a general condition: No matter
what else appears in the SQL statement, there should always be a "WHERE
account_id = XY".

Thanks for your help!