Is there anything out there that allows model-level access control?
Basically, records need be available if a)You created them and they’re
associated with your user id b)You’re an admin, in which case you should
able to see very record.
I imagine I could implement this functionality by creating separate
one which only pulls records based on user id, and another which pulls
records and also checks to see if you’re authorized to view the action.
Anyone have experience with this? Which one makes more sense?