How would you handle setting up Zend_Acl to handle situtation where all the resources are not known at "compile" time...for example if the resources are a controller name + an id.
Let's say you had a database of organizations and events, and obviously one organization cannot access the edit page of another organizations events. Obviously, it would be ridiculous to add a resource event/1, event/2, ad infinitum.
Currently, i'm using a controller plugin to check my ACL list at preDispatch time (as an aside: is there any other of doing this? Not that I don't like this method, i would just like to know what other folks are doing). I was thinking to check if the controller is "event", then to check the param against the database to see if the user has permissions, and just have one resource "event" in my ACL.
I had first thought to use an assertion, but I'm not sure how i would go about this, seeing as I don't have access to the id information at that point (unless I pass it to the assertion object, through the ACL object, etc., which just doesn't sound right to me).

Either way, it seems to me that I can't be the first one to think of this issue, so does anybody have any experience in this area?