In the short term the best answer is just to avoid per-item permission checking where possible. For example, you might be able to get away with doing a single permission check on the current package id and assuming that everything else will pick up the same permissions. This suffices for relatively unimportant things like whether or not to show an [edit] link. For actually doing the editing you will need to do the full permission check of course. This has worked well for me.