I’m not sure about how to deal with this permission hierarchy. The application have many users and many customers. Some users are C-level and have access to all customers, some are regional sales managers, some are account managers and others are salespeople. This “structure” is not fixed, but each user should just have access to the customers he/she is related to.
I’m thinking of using a serialized array to store the customers id each user have access to. The question is: since it needs to deserialize the array in ruby, it certainly have some performance issues. Is this an acceptable approach, considering that almost every request of the application will require this permission validation?