I'm writing a rails application that has a need for very fine-grained authorization at the object level. Other systems use plugins such as acl9 or declarative_authorization however I want to implement my own. I have the following database structure in mind and wondered whether this would stray away from rails best-practise.
Any pointers/advice or potential problems would be welcome.