Ideally what I would like to have happen: Contact.find (and .find_by_xyz, etc) will never return a contact unless contact.group is IN current_user.contact.group.supergroup.groups
Scenario: User belongs to a Contact. Contact belongs to a Group. Group belongs to a SuperGroup.
Contact has permissions to access the directory listing of other users of the same SuperGroup, but no one else.
There is never a case where Contact.find (or its derivatives - .find_by_xyz) is called unless a User, which has_one Contact is logged in.
What I want assistance with: How can I put this constraint into the model? There will never be an exception to this rule so I don't want to use a named scope unless that's the only way. I want to override every default find for this class, but I don't know how.
