Short aside … the plugin allows for a very DRY approach to managing permission from one configuration file, not to mention that it generates a visualization of your ACL, too. This is a huge benefit when building an app that has a number of different security roles. Additionally, it allows access control on the controller, model, query, and view levels. From the site:

Plugin features

• Authorization at controller action level
• Authorization helpers for Views
• Authorization at model level
  • Authorize CRUD (Create, Read, Update, Delete) activities
  • Query rewriting to automatically only fetch authorized records

I was ecstatic about using the plugin but hit a stump when trying to work it out with my own HABTM association in my Rails app. The third requirements mentions, “User objects need to respond to a method :role_symbols that returns an array of role symbols”. My log error kept displaying:

In order to get things to work correctly with a User model, Roles model, and Roles_Users table for the “has_and_belongs_to_many” relationship, you need to make sure you’ve a method in your user model that “correctly” generates a “roles_symbol” array:

Note: Make sure that you use the correct value of the filed in your roles model when serializing. The example used “title” but in my application I used “name” for the column that defined the role.