Should authorization be part of the model or controller?

Question

I\'m writing a web application with some ACL requirements: a user can make changes to some items, some items may be editable by several users, administrator can edit anythin

Answer 1

I personally really like the way the Play! Secure module handles this (the tutorial is ever-helpful here). If you don't mind using the @Before annotation, it's pretty painless.