Desired and required features

• Any models, views and controllers (which are needed to allow application-admins to override default permissions) should be isolated in a mountable engine.
• Whether or not this engine is mounted should be decided in a configuration file, initializer or other kind of option. If this engine is not mounted, the complete override module could be omitted from the loading procedure.
• Easy installation is a must. Life is too short to waste your time jumping through hoops. The gem should come with a generator which installs (and runs) any required migrations and a default config file. This config file should be self-documenting (see the files that Rails generates nowadays for inspiration). We should investigate ways to safeguard this requirement (one possible way is to customize our CI runs to actually install it into a freshly generated application and test that application).
• The "permissions" should be granted in a config file that is runnable code (i.e., an internal DSL).
• User-selected permission overrides must immediately take effect, influencing the current state of the application. This is different from Cbac, where all permissions are approved before taking effect when updating the application. This requires care from the developers: their proposed permissions will always take effect, so careless granting is discouraged. A plugin could be developed which provides the same functionality as the Cbac::Pristine files.
• Calling the authorization functionality in controllers must be done by macro methods instead of explicitly calling :before_filter and such. The same thing goes for skipping authorization checks.
• We must be independent of any 'user'/'person'/whatever model. This can be established by a) providing the user as a separate parameter to all roles and b) some kind of dependency injection for the Arrthorizer::Groups feature. The latter require a notion of Membership, but we must work to ensure that the model / ActiveRecord name is in no way hardcoded in our system.