We’re building an application for product support. The idea is to have multiple subdomains, each for supporting other organizations products. We call this Account – each account is tied to exactly one subdomain.
Users also have roles – but, user can have one role on account1, and other role on account2.

Basically, there are two problems:

1) many validations are based on the role current user has. Since it depends on current_account (which is session data), I cannot do these kinds of validations in the model. This leads me to some ugly controller code (ugly, in the sense that it really feels out of place). I thought of storing current_account after in the model class variable, but I read that this is not thread safe. Any recommendations?

2) almost every database record is specific to the current account; so, almost every table should have an account_id column and the model should have a belongs_to account association. I want to avoid that. The first (obvious) thing is to have a seperate database for every account, but

a) there are shared tables

b) the boss says this solution is unacceptable (there will be many accounts, with relatively low number of users). Is there a third way?