A model that works much better for OO programming is to put all of your security checks in your object constructors. After that, if you have the object then you have permission to make the request and should be allowed to, with no muss, no fuss.
The mental model here is that possession of the object is possession of the keys.
This model is known as a capability model. You can find some good [link|http://www.eros-os.org/essays/00Essays.html|introductory essays] from the EROS project, and for more reading the design of the GNU Hurd project is somewhat similar in concept.
Cheers,
Ben