I noticed that the plans need to be hard-coded as ENUMs in the User model. Why can't they be dynamically loaded from the Plan table? There needs to be a foreign key reference which can be used to validate the User.

Keep in mind that the application is designed to accommodate plans and permissions that don't have a one-to-one correspondence. For example, there can be a role for an administrator who doesn't have a plan at all. The ENUMs in the User model are roles to use for access control. In the example application, they happen to correspond to plans (plus a role for admin).

I'm happy to hear if there is a better approach given these requirements.

OK - I see your point. Still the other issue I raised (the unDRY View) is there.