I covered some of the techniques we use in our projects:
- current_user is never nil
- a class for each user type - User, Guest, Admin, SuperAdmin, Partner
- remove "if" statements from views
- minimize the number of "if" statements in controllers and models
- modules to extract common behavior from models
- one controller action calls only one model method
- in controllers everything goes through current_user
- using custom exceptions for Model - Controller communication