Session variable in default_scope

I have a project model which I’d like to set the default_scope to filter
out projects where the user doesn’t have permission to view them.

Think something along the lines of the projects having a list of teams
and companies that the user must be in to access the data.

default_scope seems to work well if I hard code it as I really don’t
want a dev to accidentally not have these permissions filters in use.
The lists of teams and companies a user is in is stored in the session.

How can I marry these up? Thanks in advance.

I’ve tried following the pattern from the accepted answer here:

But I’m left with a problem in that I populate the session variables on
User.after_database_connection (when I’d assumed, probably incorrect,
that we first know who the user is) and the scope is called before then.