Hm, if you can easily determine the access level of a user from the DB and there’s some kind of link between models and users, you might do well to filter the models a user can see by setting a default scope for them in place.
Filtering is already handled by scopes. (I chose not to use default scope for this project and instead apply the appropriate scopes with each call for irrelevant reasons.)
A simple use case would be a Delete button. The actual security is already handled by RBAC in the controller, so if a user without permissions clicks the button they’ll receive an access/permissions error. To improve usability I am removing such buttons completely if the user does not have appropriate permissions. This creates redundant calls to checkAccess for each link or button on a view and exponentially increases the number of calls required during a user’s session.
I’m just trying to make sure I’m not setting myself up for performance issues down the line, or that there’s not a preferred method of implementing this functionality. eg extending one of the HTML rendering classes to incorporate the check or enabling caching features, etc.