Can you elaborate what you are trying to establish?
if you are trying to prevent a certain user from doing anything at all in your website. i suggest ACL. if you are trying to stop a model from updating/inserting if it was fetched from a userid. extend the findfirst and find and throw exception when a user only provides id.