I have an application that has database records that correspond to a city, or a country. My User model has the fields city_id and country_id. If city_id is not zero, the user should just have access to records that correspond to that city. There are about 8 other models with the foreign key city_id, for example, Post, Advert, Venue, Competition...
I am setting up Acl and I would like to know if there's a good way to deny access to records that don't have the same city_id as the authenticated user, unless the authenticated user has a city_id of 0 (which means they have access to every city). The same goes to country, I have the field country_id which serves the same purpose.
Guidance would be very much appreciated, before I go and do soemthing really hacky and horrible, thanks.
