Practical example: staff at a company’s headoffice is allowed to see all records of a certain model. Staff at regional offices are only allowed to see records that are associated with their office.
Would it be a good approach to do the access control right in ActiveRecord::find()? I think it would make it less likely for developers to "forget" to check proper access. The downside is a slight hit on performance.
public static function find()
{
$query = parent::find();
if (!unlimitedAccess) {
$query->where($limitingCondition);
}
return $query;
}