Got it! I will try to think of the best way to do read-level authorisation, which I think is the building block we need for this. I'm thinking something like a "virtual filter" that is applied to all queries and has the ability to remove disallowed events from the output. I think this would be integrated at the DB querying level, so that (ie) you don't get fewer results than your limit, as might happen if it was done at a post-processing stage.