mokevnin/config_initializers_ya_acl.rb

## config_initializers_ya_acl.rb
YaAcl::Builder.build do
  roles do
    role :admin, :name => 'Администратор'
    role :remote_operator, :name => 'Удаленный Оператор'
    role :editor, :name => 'Редактор'
    role :taxonom, :name => 'Таксоном'
    role :operator, :name => 'Оператор'
    role :solo_operator, :name => 'Соло Оператор'
    role :transcripter, :name => 'Транскриптер'
    role :transcripts_editor, :name => 'Редактор транскриптов'
    role :temer, :name => 'Темер'
    role :boosted, :name => 'Распознаватель дубликат-сюжетов'
    role :guest, :name => 'Гость'
  end

  asserts do
    assert :owner, [:user_id, :another_user_id] do
      user_id == another_user_id
    end
    assert :owner_type, [:owner_type] do
      owner_type == 'Episode'
    end
    assert :not_clone, [:episode] do
      episode.editable?
    end
    assert :format_json, [:format] do
      format == 'json'
    end
    assert :episode_deleted, [:episode] do
      !episode.deleted?
    end
    assert :episode_lock, [:episode, :user_id] do
      episode.episode_lock && episode.episode_lock.owner_id == user_id
    end
    assert :episode_user, [:episode, :user_id] do
      episode.user_id == user_id
    end
    assert :episode_editor, [:episode] do
      statuses = [Episode::UNAPPROVED, Episode::NEED_TITLE, Episode::NEED_TAGS, Episode::NEED_APPROVE, Episode::APPROVED]
      statuses.include? episode.workflow_status
    end
    assert :episode_operators, [:episode] do
      statuses = [Episode::UNAPPROVED, Episode::NEED_TITLE, Episode::NEED_TAGS, Episode::NEED_APPROVE]
      statuses.include? episode.workflow_status
    end
    assert :not_root_dvag, [:dvag] do
      dvag.parent_id != nil
    end
  end

  resources :admin do
    resource 'ProfilesController', [:operator, :solo_operator, :remote_operator] do
      privilege :edit
      privilege :update
    end

    resource 'UsersController' do
      privilege :autocomplete, [:editor]
      privilege :permissions, [:taxonom, :operator, :solo_operator, :editor, :remote_operator, :transcripter]
      privilege :block
      privilege :index, [:editor] do
        assert :format_json, [:editor]
      end
      privilege :show
      privilege :edit
      privilege :list
      privilege :new
      privilege :create
      privilege :update
      privilege :destroy
    end

    resource 'TaxonomsController' do
      privilege :show, [:operator, :solo_operator, :remote_operator, :editor, :taxonom]
      privilege :trash
      privilege :search, [:operator, :solo_operator, :editor, :remote_operator, :taxonom]
      privilege :new, [:taxonom]
      privilege :label, [:taxonom]
      privilege :load_new_episodes, [:operator, :solo_operator, :editor, :taxonom]
    end

    resource 'TranscriptsController' do
      privilege :new_orders, [:transcripter]
      privilege :partial, [:transcripter]
      privilege :for_approve, [:transcripts_editor]
      privilege :partially_approved, [:transcripts_editor]
      privilege :ready
      privilege :deleted
      privilege :unprocessed, [:transcripter, :transcripts_editor]
      privilege :editor, [:transcripts_editor]
      privilege :show, [:transcripter, :transcripts_editor]
      privilege :diff, [:transcripts_editor]
      privilege :my
      privilege :my_approve
      privilege :index, [:transcripter, :transcripts_editor]
      privilege :update, [:transcripter, :transcripts_editor]
      privilege :bans
      privilege :unban
      privilege :ban_transcripter, [:transcripts_editor]
      privilege :destroy
      privilege :undestroy
      privilege :reset
      privilege :touch, [:transcripter, :transcripts_editor]
      privilege :all_user_stats
      privilege :user_stats, [:transcripter, :transcripts_editor] do # current_user_id, stat_user_id
        assert :owner, [:transcripter, :transcripts_editor]
      end
      privilege :edit, [:transcripter, :transcripts_editor]
    end

    resource 'EditorsController' do
      privilege :show, [:editor]
      privilege :remote, [:editor]
      privilege :approve, [:editor]
      privilege :resurrect, [:editor]
      privilege :bury
      privilege :rename, [:editor]
      privilege :end, [:editor]
      privilege :elevate_priority, [:editor]
      privilege :destroy, [:editor]
      privilege :replace_name_and_tags, [:editor]
      privilege :new_dvags, [:editor]
      privilege :anchors, [:editor]
      privilege :player_anchors, [:editor]
      privilege :users_rating, [:editor]
      privilege :users_stat
      privilege :remoters_stat
      privilege :list_report_users
      privilege :show_report_params
      privilege :generate_reports
      privilege :delayed_episodes
      privilege :my_approved, [:editor]
      privilege :shifts_stat
      privilege :episodes_stat, [:editor]
      privilege :editors_stat
      privilege :stats, [:editor]
      privilege :rename, [:editor]
      privilege :player_anchors, [:editor]
      privilege :new_dvags, [:editor]
      privilege :isolated, [:editor]
    end

    resource 'AirBlocksController' do
      privilege :get_unprocessed
      privilege :view
      privilege :show
      privilege :update
      privilege :edit
      privilege :destroy
      privilege :touch
      privilege :processed
    end

    resource 'AnchorDvagsController', [:editor] do
      privilege :update do
        assert :not_clone
        assert :episode_deleted
        assert :episode_editor
      end
      privilege :destroy do
        assert :not_clone
        assert :episode_deleted
        assert :episode_editor
      end
    end

    resource 'AnchorTagsController', [:taxonom, :editor] do
      privilege :create
      privilege :update
      privilege :destroy
    end

    resource 'AnchorsController' do
      privilege :index, [:editor, :operator, :solo_operator, :remote_operator]
      privilege :show, [:guest, :transcripter, :transcripts_editor, :temer, :taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :create, [:editor, :operator] do
        assert :episode_deleted
        assert :not_clone
        assert :episode_editor, [:editor]
        assert :episode_operators, [:operator]
        assert :episode_lock, [:operator]
      end
      privilege :update, [:editor, :operator, :solo_operator] do
        assert :episode_deleted
        assert :not_clone
        assert :episode_editor, [:editor]
        assert :episode_operators, [:operator, :solo_operator]
        assert :episode_lock, [:operator, :solo_operator]
      end
      privilege :destroy, [:editor, :operator, :solo_operator, :remote_operator] do
        assert :episode_deleted
        assert :not_clone
        assert :episode_editor, [:editor]
        assert :episode_operators, [:operator, :solo_operator, :remote_operator]
        assert :episode_lock, [:operator, :solo_operator, :remote_operator]
      end
    end

    resource 'ChannelsController', [:taxonom, :editor, :operator, :solo_operator, :remote_operator] do
      privilege :index
    end

    resource 'DupesController', [:editor] do
      privilege :show
      privilege :approve
    end

    resource 'DvagsController' do
      privilege :index, [:editor, :solo_operator, :operator, :taxonom]
      privilege :create, [:taxonom]
      privilege :by_type, [:editor, :solo_operator, :operator]
      privilege :roots, [:editor, :solo_operator, :operator, :taxonom]
      privilege :show, [:editor, :solo_operator, :operator, :taxonom]
      privilege :reexport, [:editor, :solo_operator, :operator, :taxonom]
      privilege :to_trash, [:taxonom]
      privilege :destroy
      privilege :move_to, [:taxonom]
      privilege :move_trashed
      privilege :make_synonym_to, [:taxonom]
      privilege :autocomplete, [:editor, :solo_operator, :operator, :taxonom]
      privilege :change_name, [:taxonom]
      privilege :restore
    end

    resource 'EpisodeDvagsController', [:editor] do
      privilege :update do
        assert :not_clone
        assert :episode_deleted
        assert :episode_editor, [:editor]
        assert :episode_operators, [:remote_operator, :solo_operator, :operator]
        assert :episode_lock, [:remote_operator, :solo_operator, :operator]
      end
      privilege :destroy do
        assert :not_clone
        assert :episode_deleted
        assert :episode_editor, [:editor]
        assert :episode_operators, [:remote_operator, :solo_operator, :operator]
        assert :episode_lock, [:remote_operator, :solo_operator, :operator]
      end
    end

    resource 'EpisodeTagsController', [:editor] do
      privilege :create
      privilege :update, [:taxonom]
      privilege :destroy
    end

    resource 'EpisodesController' do
      privilege :index, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :my_marked
      privilege :my, [:remote_operator]
      privilege :my_training, [:remote_operator]
      privilege :raw_feed, [:boosted, :taxonom, :editor, :operator, :solo_operator, :remote_operator] # дергается ботами
      privilege :incomplete_feed, [:boosted, :taxonom, :editor, :operator, :solo_operator, :remote_operator] # дергается ботами
      privilege :list, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :first_unapproved, [:operator, :solo_operator, :remote_operator]
      privilege :create, [:operator, :solo_operator]
      privilege :show, [:transcripter, :transcripts_editor, :temer, :taxonom, :editor, :operator, :solo_operator, :remote_operator] do
        assert :episode_deleted, [:transcripter, :transcripts_editor, :temer, :taxonom, :editor, :operator, :solo_operator, :remote_operator]
      end
      privilege :edit, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :slice, [:editor, :operator, :solo_operator] do
        assert :episode_deleted, [:editor, :solo_operator, :operator]
        assert :episode_user, [:operator, :solo_operator]
      end
      privilege :update, [:editor, :operator, :solo_operator, :remote_operator, :temer] do
        assert :not_clone
        assert :episode_deleted
        assert :episode_editor, [:editor]
        assert :episode_operators, [:remote_operator, :solo_operator, :operator]
        assert :episode_lock, [:remote_operator, :solo_operator, :operator]
      end
      privilege :reexport, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :destroy, [:editor, :operator, :solo_operator]
      privilege :by_tag, [:taxonom]
      privilege :touch, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :unqueue, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :editor, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :approve, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
      privilege :topic, [:temer]
      privilege :sub_titles, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
    end

    resource 'HomeController' do
      privilege :index, [:transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
      privilege :sanity, [:guest]
    end

    resource 'PaymentsController' do
      privilege :index, [:remote_operator]
    end

    resource 'PlayersController', [:remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor, :transcripter] do
      privilege :show
    end

    resource 'SessionsController' do
      privilege :new, [:guest]
      privilege :show, [:guest]
      privilege :create, [:guest]
      privilege :destroy, [:transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
    end

    resource 'SubTitlesController' do
      privilege :create
    end

    resource 'SynonymsController', [:taxonom] do
      privilege :destroy
    end

    resource 'TagsController', [:operator, :solo_operator, :remote_operator, :editor, :taxonom] do
      privilege :index
      privilege :update
      privilege :destroy
      privilege :approve
    end

    resource 'TagsDvagsController', [:taxonom] do
      privilege :show
      privilege :create
      privilege :destroy
    end

    resource 'TopicsController', [:temer] do
      privilege :index
      privilege :autocomplete
    end

    resource 'Backend::BackendController', [:guest] do
      privilege :show
    end

    resource 'Backend::DvagsController', [:guest] do
      privilege :show
    end

    resource 'Backend::EpisodesController', [:guest] do
      privilege :show
    end

    resource 'Remotes::DescriptionsController' do
      privilege :show, [:guest, :boosted, :transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
      privilege :edit
      privilege :update
    end

    resource 'Remotes::GrammarTasksController' do
      privilege :index
      privilege :new
      privilege :create
      privilege :show
      privilege :edit
      privilege :update
      privilege :destroy
    end

    resource 'Remotes::GrammarTestsController' do
      privilege :index
      privilege :new, [:guest, :boosted, :transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
      privilege :show
      privilege :create, [:guest, :boosted, :transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
      privilege :destroy
    end

    resource 'Remotes::UsersController', [:guest, :boosted, :transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor] do
      privilege :new
      privilege :create
      privilege :success
    end

    resource 'Admin::AuditLogsController' do
      privilege :short
      privilege :raw
      privilege :raw_short
      privilege :raw_short, [:remote_operator] do
        assert :owner_type, [:remote_operator]
      end
    end

    resource 'Admin::ChannelsController' do
      privilege :index
      privilege :edit
      privilege :list
      privilege :full_stats
      privilege :stats
      privilege :update
      privilege :master
      privilege :destroy
      privilege :update_master
      privilege :publish
      privilege :update_from_master
      privilege :download
    end

    resource 'Admin::EpisodesController' do
      privilege :index, [:temer, :taxonom, :editor]
      privilege :show, [:taxonom, :editor]
      privilege :filter, [:temer, :taxonom, :editor]
      privilege :deleted
      privilege :queue, [:editor]
      privilege :last_hundred
      privilege :last_day, [:temer, :taxonom, :editor]
      privilege :titles, [:editor]
      privilege :by_user
      privilege :channel, [:taxonom, :editor]
      privilege :spot_info, [:taxonom, :editor]
      privilege :dashboard, [:editor]
      privilege :search, [:temer, :taxonom, :editor]
      privilege :training, [:editor]
      privilege :isolated, [:editor]
      privilege :endless, [:editor]
      privilege :unresolved_dupes, [:editor]
    end

    resource 'Admin::MonitoringController' do
      privilege :index
      privilege :channels
    end

    resource 'Admin::PaymentsController' do
      privilege :index
    end

    resource 'Admin::StopWordsController' do
      privilege :index
      privilege :create
      privilege :update
      privilege :destroy
    end

    resource 'Admin::TagsController', [:taxonom] do
      privilege :index
      privilege :by_letter
      privilege :by_query
      privilege :new
      privilege :edit
      privilege :unbind
      privilege :update, [:editor]
      privilege :create_dvag
      privilege :bind_dvag
      privilege :dvag_tree
      privilege :destroy
      privilege :dvag
      privilege :unapproved
    end

    resource 'Admin::TopicsController', [:temer] do
      privilege :index
      privilege :autocomplete
      privilege :last_24_hours
      privilege :active
      privilege :sort
      privilege :create
      privilege :update
      privilege :destroy
    end

    resource 'Admin::AirBlocksController' do
      privilege :index
    end

    resource 'Remotes::TextPagesController' do
      privilege :edit
      privilege :create
      privilege :update
      privilege :show, [:remote_operator]
    end

    resource 'SprocketsController', [:transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor] do
      privilege :show
    end
  end
end
	YaAcl::Builder.build do
	roles do
	role :admin, :name => 'Администратор'
	role :remote_operator, :name => 'Удаленный Оператор'
	role :editor, :name => 'Редактор'
	role :taxonom, :name => 'Таксоном'
	role :operator, :name => 'Оператор'
	role :solo_operator, :name => 'Соло Оператор'
	role :transcripter, :name => 'Транскриптер'
	role :transcripts_editor, :name => 'Редактор транскриптов'
	role :temer, :name => 'Темер'
	role :boosted, :name => 'Распознаватель дубликат-сюжетов'
	role :guest, :name => 'Гость'
	end

	asserts do
	assert :owner, [:user_id, :another_user_id] do
	user_id == another_user_id
	end
	assert :owner_type, [:owner_type] do
	owner_type == 'Episode'
	end
	assert :not_clone, [:episode] do
	episode.editable?
	end
	assert :format_json, [:format] do
	format == 'json'
	end
	assert :episode_deleted, [:episode] do
	!episode.deleted?
	end
	assert :episode_lock, [:episode, :user_id] do
	episode.episode_lock && episode.episode_lock.owner_id == user_id
	end
	assert :episode_user, [:episode, :user_id] do
	episode.user_id == user_id
	end
	assert :episode_editor, [:episode] do
	statuses = [Episode::UNAPPROVED, Episode::NEED_TITLE, Episode::NEED_TAGS, Episode::NEED_APPROVE, Episode::APPROVED]
	statuses.include? episode.workflow_status
	end
	assert :episode_operators, [:episode] do
	statuses = [Episode::UNAPPROVED, Episode::NEED_TITLE, Episode::NEED_TAGS, Episode::NEED_APPROVE]
	statuses.include? episode.workflow_status
	end
	assert :not_root_dvag, [:dvag] do
	dvag.parent_id != nil
	end
	end

	resources :admin do
	resource 'ProfilesController', [:operator, :solo_operator, :remote_operator] do
	privilege :edit
	privilege :update
	end

	resource 'UsersController' do
	privilege :autocomplete, [:editor]
	privilege :permissions, [:taxonom, :operator, :solo_operator, :editor, :remote_operator, :transcripter]
	privilege :block
	privilege :index, [:editor] do
	assert :format_json, [:editor]
	end
	privilege :show
	privilege :edit
	privilege :list
	privilege :new
	privilege :create
	privilege :update
	privilege :destroy
	end

	resource 'TaxonomsController' do
	privilege :show, [:operator, :solo_operator, :remote_operator, :editor, :taxonom]
	privilege :trash
	privilege :search, [:operator, :solo_operator, :editor, :remote_operator, :taxonom]
	privilege :new, [:taxonom]
	privilege :label, [:taxonom]
	privilege :load_new_episodes, [:operator, :solo_operator, :editor, :taxonom]
	end

	resource 'TranscriptsController' do
	privilege :new_orders, [:transcripter]
	privilege :partial, [:transcripter]
	privilege :for_approve, [:transcripts_editor]
	privilege :partially_approved, [:transcripts_editor]
	privilege :ready
	privilege :deleted
	privilege :unprocessed, [:transcripter, :transcripts_editor]
	privilege :editor, [:transcripts_editor]
	privilege :show, [:transcripter, :transcripts_editor]
	privilege :diff, [:transcripts_editor]
	privilege :my
	privilege :my_approve
	privilege :index, [:transcripter, :transcripts_editor]
	privilege :update, [:transcripter, :transcripts_editor]
	privilege :bans
	privilege :unban
	privilege :ban_transcripter, [:transcripts_editor]
	privilege :destroy
	privilege :undestroy
	privilege :reset
	privilege :touch, [:transcripter, :transcripts_editor]
	privilege :all_user_stats
	privilege :user_stats, [:transcripter, :transcripts_editor] do # current_user_id, stat_user_id
	assert :owner, [:transcripter, :transcripts_editor]
	end
	privilege :edit, [:transcripter, :transcripts_editor]
	end

	resource 'EditorsController' do
	privilege :show, [:editor]
	privilege :remote, [:editor]
	privilege :approve, [:editor]
	privilege :resurrect, [:editor]
	privilege :bury
	privilege :rename, [:editor]
	privilege :end, [:editor]
	privilege :elevate_priority, [:editor]
	privilege :destroy, [:editor]
	privilege :replace_name_and_tags, [:editor]
	privilege :new_dvags, [:editor]
	privilege :anchors, [:editor]
	privilege :player_anchors, [:editor]
	privilege :users_rating, [:editor]
	privilege :users_stat
	privilege :remoters_stat
	privilege :list_report_users
	privilege :show_report_params
	privilege :generate_reports
	privilege :delayed_episodes
	privilege :my_approved, [:editor]
	privilege :shifts_stat
	privilege :episodes_stat, [:editor]
	privilege :editors_stat
	privilege :stats, [:editor]
	privilege :rename, [:editor]
	privilege :player_anchors, [:editor]
	privilege :new_dvags, [:editor]
	privilege :isolated, [:editor]
	end

	resource 'AirBlocksController' do
	privilege :get_unprocessed
	privilege :view
	privilege :show
	privilege :update
	privilege :edit
	privilege :destroy
	privilege :touch
	privilege :processed
	end

	resource 'AnchorDvagsController', [:editor] do
	privilege :update do
	assert :not_clone
	assert :episode_deleted
	assert :episode_editor
	end
	privilege :destroy do
	assert :not_clone
	assert :episode_deleted
	assert :episode_editor
	end
	end

	resource 'AnchorTagsController', [:taxonom, :editor] do
	privilege :create
	privilege :update
	privilege :destroy
	end

	resource 'AnchorsController' do
	privilege :index, [:editor, :operator, :solo_operator, :remote_operator]
	privilege :show, [:guest, :transcripter, :transcripts_editor, :temer, :taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :create, [:editor, :operator] do
	assert :episode_deleted
	assert :not_clone
	assert :episode_editor, [:editor]
	assert :episode_operators, [:operator]
	assert :episode_lock, [:operator]
	end
	privilege :update, [:editor, :operator, :solo_operator] do
	assert :episode_deleted
	assert :not_clone
	assert :episode_editor, [:editor]
	assert :episode_operators, [:operator, :solo_operator]
	assert :episode_lock, [:operator, :solo_operator]
	end
	privilege :destroy, [:editor, :operator, :solo_operator, :remote_operator] do
	assert :episode_deleted
	assert :not_clone
	assert :episode_editor, [:editor]
	assert :episode_operators, [:operator, :solo_operator, :remote_operator]
	assert :episode_lock, [:operator, :solo_operator, :remote_operator]
	end
	end

	resource 'ChannelsController', [:taxonom, :editor, :operator, :solo_operator, :remote_operator] do
	privilege :index
	end

	resource 'DupesController', [:editor] do
	privilege :show
	privilege :approve
	end

	resource 'DvagsController' do
	privilege :index, [:editor, :solo_operator, :operator, :taxonom]
	privilege :create, [:taxonom]
	privilege :by_type, [:editor, :solo_operator, :operator]
	privilege :roots, [:editor, :solo_operator, :operator, :taxonom]
	privilege :show, [:editor, :solo_operator, :operator, :taxonom]
	privilege :reexport, [:editor, :solo_operator, :operator, :taxonom]
	privilege :to_trash, [:taxonom]
	privilege :destroy
	privilege :move_to, [:taxonom]
	privilege :move_trashed
	privilege :make_synonym_to, [:taxonom]
	privilege :autocomplete, [:editor, :solo_operator, :operator, :taxonom]
	privilege :change_name, [:taxonom]
	privilege :restore
	end

	resource 'EpisodeDvagsController', [:editor] do
	privilege :update do
	assert :not_clone
	assert :episode_deleted
	assert :episode_editor, [:editor]
	assert :episode_operators, [:remote_operator, :solo_operator, :operator]
	assert :episode_lock, [:remote_operator, :solo_operator, :operator]
	end
	privilege :destroy do
	assert :not_clone
	assert :episode_deleted
	assert :episode_editor, [:editor]
	assert :episode_operators, [:remote_operator, :solo_operator, :operator]
	assert :episode_lock, [:remote_operator, :solo_operator, :operator]
	end
	end

	resource 'EpisodeTagsController', [:editor] do
	privilege :create
	privilege :update, [:taxonom]
	privilege :destroy
	end

	resource 'EpisodesController' do
	privilege :index, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :my_marked
	privilege :my, [:remote_operator]
	privilege :my_training, [:remote_operator]
	privilege :raw_feed, [:boosted, :taxonom, :editor, :operator, :solo_operator, :remote_operator] # дергается ботами
	privilege :incomplete_feed, [:boosted, :taxonom, :editor, :operator, :solo_operator, :remote_operator] # дергается ботами
	privilege :list, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :first_unapproved, [:operator, :solo_operator, :remote_operator]
	privilege :create, [:operator, :solo_operator]
	privilege :show, [:transcripter, :transcripts_editor, :temer, :taxonom, :editor, :operator, :solo_operator, :remote_operator] do
	assert :episode_deleted, [:transcripter, :transcripts_editor, :temer, :taxonom, :editor, :operator, :solo_operator, :remote_operator]
	end
	privilege :edit, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :slice, [:editor, :operator, :solo_operator] do
	assert :episode_deleted, [:editor, :solo_operator, :operator]
	assert :episode_user, [:operator, :solo_operator]
	end
	privilege :update, [:editor, :operator, :solo_operator, :remote_operator, :temer] do
	assert :not_clone
	assert :episode_deleted
	assert :episode_editor, [:editor]
	assert :episode_operators, [:remote_operator, :solo_operator, :operator]
	assert :episode_lock, [:remote_operator, :solo_operator, :operator]
	end
	privilege :reexport, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :destroy, [:editor, :operator, :solo_operator]
	privilege :by_tag, [:taxonom]
	privilege :touch, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :unqueue, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :editor, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :approve, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	privilege :topic, [:temer]
	privilege :sub_titles, [:taxonom, :editor, :operator, :solo_operator, :remote_operator]
	end

	resource 'HomeController' do
	privilege :index, [:transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
	privilege :sanity, [:guest]
	end

	resource 'PaymentsController' do
	privilege :index, [:remote_operator]
	end

	resource 'PlayersController', [:remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor, :transcripter] do
	privilege :show
	end

	resource 'SessionsController' do
	privilege :new, [:guest]
	privilege :show, [:guest]
	privilege :create, [:guest]
	privilege :destroy, [:transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
	end

	resource 'SubTitlesController' do
	privilege :create
	end

	resource 'SynonymsController', [:taxonom] do
	privilege :destroy
	end

	resource 'TagsController', [:operator, :solo_operator, :remote_operator, :editor, :taxonom] do
	privilege :index
	privilege :update
	privilege :destroy
	privilege :approve
	end

	resource 'TagsDvagsController', [:taxonom] do
	privilege :show
	privilege :create
	privilege :destroy
	end

	resource 'TopicsController', [:temer] do
	privilege :index
	privilege :autocomplete
	end

	resource 'Backend::BackendController', [:guest] do
	privilege :show
	end

	resource 'Backend::DvagsController', [:guest] do
	privilege :show
	end

	resource 'Backend::EpisodesController', [:guest] do
	privilege :show
	end

	resource 'Remotes::DescriptionsController' do
	privilege :show, [:guest, :boosted, :transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
	privilege :edit
	privilege :update
	end

	resource 'Remotes::GrammarTasksController' do
	privilege :index
	privilege :new
	privilege :create
	privilege :show
	privilege :edit
	privilege :update
	privilege :destroy
	end

	resource 'Remotes::GrammarTestsController' do
	privilege :index
	privilege :new, [:guest, :boosted, :transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
	privilege :show
	privilege :create, [:guest, :boosted, :transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor]
	privilege :destroy
	end

	resource 'Remotes::UsersController', [:guest, :boosted, :transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor] do
	privilege :new
	privilege :create
	privilege :success
	end

	resource 'Admin::AuditLogsController' do
	privilege :short
	privilege :raw
	privilege :raw_short
	privilege :raw_short, [:remote_operator] do
	assert :owner_type, [:remote_operator]
	end
	end

	resource 'Admin::ChannelsController' do
	privilege :index
	privilege :edit
	privilege :list
	privilege :full_stats
	privilege :stats
	privilege :update
	privilege :master
	privilege :destroy
	privilege :update_master
	privilege :publish
	privilege :update_from_master
	privilege :download
	end

	resource 'Admin::EpisodesController' do
	privilege :index, [:temer, :taxonom, :editor]
	privilege :show, [:taxonom, :editor]
	privilege :filter, [:temer, :taxonom, :editor]
	privilege :deleted
	privilege :queue, [:editor]
	privilege :last_hundred
	privilege :last_day, [:temer, :taxonom, :editor]
	privilege :titles, [:editor]
	privilege :by_user
	privilege :channel, [:taxonom, :editor]
	privilege :spot_info, [:taxonom, :editor]
	privilege :dashboard, [:editor]
	privilege :search, [:temer, :taxonom, :editor]
	privilege :training, [:editor]
	privilege :isolated, [:editor]
	privilege :endless, [:editor]
	privilege :unresolved_dupes, [:editor]
	end

	resource 'Admin::MonitoringController' do
	privilege :index
	privilege :channels
	end

	resource 'Admin::PaymentsController' do
	privilege :index
	end

	resource 'Admin::StopWordsController' do
	privilege :index
	privilege :create
	privilege :update
	privilege :destroy
	end

	resource 'Admin::TagsController', [:taxonom] do
	privilege :index
	privilege :by_letter
	privilege :by_query
	privilege :new
	privilege :edit
	privilege :unbind
	privilege :update, [:editor]
	privilege :create_dvag
	privilege :bind_dvag
	privilege :dvag_tree
	privilege :destroy
	privilege :dvag
	privilege :unapproved
	end

	resource 'Admin::TopicsController', [:temer] do
	privilege :index
	privilege :autocomplete
	privilege :last_24_hours
	privilege :active
	privilege :sort
	privilege :create
	privilege :update
	privilege :destroy
	end

	resource 'Admin::AirBlocksController' do
	privilege :index
	end

	resource 'Remotes::TextPagesController' do
	privilege :edit
	privilege :create
	privilege :update
	privilege :show, [:remote_operator]
	end

	resource 'SprocketsController', [:transcripter, :remote_operator, :temer, :taxonom, :solo_operator, :transcripts_editor, :operator, :editor] do
	privilege :show
	end
	end
	end