diff --git a/isle/api.py b/isle/api.py
index 2be367d..d780a41 100644
--- a/isle/api.py
+++ b/isle/api.py
@@ -256,3 +256,6 @@ class SSOApi(BaseApi):
 
     def push_user_to_uploads(self, user_id):
         return self.make_request_no_pagination('/api/push-user-to-uploads/', method='POST', json={'unti_id': user_id})
+
+    def get_casbin_data(self):
+        return self.make_request_no_pagination('/api/casbin/')
diff --git a/isle/casbin.py b/isle/casbin.py
new file mode 100644
index 0000000..123cb95
--- /dev/null
+++ b/isle/casbin.py
@@ -0,0 +1,36 @@
+import logging
+from casbin import persist
+from casbin.enforcer import Enforcer
+from casbin.model import Model
+from casbin.persist.adapter import Adapter
+from .models import CasbinData
+
+
+class TextAdapter(Adapter):
+    def __init__(self, policy):
+        self.policy = policy
+
+    def load_policy(self, model):
+        for line in self.policy.splitlines():
+            if not line.strip():
+                continue
+            persist.load_policy_line(line.strip(), model)
+
+
+def get_enforcer():
+    data = CasbinData.objects.first()
+    if data:
+        m = Model()
+        m.load_model_from_text(data.model)
+        return Enforcer(m, TextAdapter(data.policy))
+
+
+def enforce(sub, ctx, obj_type, action):
+    try:
+        enforcer = get_enforcer()
+        if not enforcer:
+            return False
+        return enforcer.enforce(sub, ctx, obj_type, action)
+    except Exception:
+        logging.exception('Enforcer failed')
+        return False
diff --git a/isle/context_processors.py b/isle/context_processors.py
index 63d3fae..3b80322 100644
--- a/isle/context_processors.py
+++ b/isle/context_processors.py
@@ -3,7 +3,7 @@
 
 def context(request):
     contexts = []
-    if request.user.is_authenticated and request.user.is_assistant:
+    if request.user.is_authenticated and request.user.has_assistant_role():
         contexts = ((i[0], i[1] or i[2] or i[3]) for i in Context.objects.values_list('id', 'title', 'guid', 'uuid'))
     return {
         'AVAILABLE_CONTEXTS': contexts,
diff --git a/isle/forms.py b/isle/forms.py
index a64de7e..bd1af03 100644
--- a/isle/forms.py
+++ b/isle/forms.py
@@ -33,7 +33,8 @@ def get_instance(self):
         instance = super().get_instance()
         instance.event = self.event
         instance.creator = self.creator
-        instance.confirmed = self.creator.is_assistant
+        instance.confirmed = self.creator.is_assistant_for_context(self.event.context)
+        instance.created_by_assistant = instance.confirmed
         return instance
 
 
diff --git a/isle/kafka.py b/isle/kafka.py
index 6dda2ad..1e7781e 100644
--- a/isle/kafka.py
+++ b/isle/kafka.py
@@ -7,6 +7,7 @@
 from django_carrier_client.helpers import MessageManagerHelper
 from isle.api import SSOApi, ApiError
 from isle.models import LabsUserResult, LabsTeamResult
+from isle.utils import update_casbin_data
 
 
 message_manager = MessageManager(
@@ -103,4 +104,24 @@ def _handle_for_id(self, obj_id, action):
             logging.error('Got wrong object id from kafka: %s' % obj_id)
 
 
+class CasbinPolicyListener(KafkaBaseListener):
+    topic = settings.KAFKA_TOPIC_SSO
+    actions = (KafkaActions.CREATE, KafkaActions.DELETE)
+    msg_type = 'casbin_policy'
+
+    def _handle_for_id(self, obj_id, action):
+        update_casbin_data()
+
+
+class CasbinModelListener(KafkaBaseListener):
+    topic = settings.KAFKA_TOPIC_SSO
+    actions = (KafkaActions.CREATE, KafkaActions.UPDATE)
+    msg_type = 'casbin_model'
+
+    def _handle_for_id(self, obj_id, action):
+        update_casbin_data()
+
+
 MessageManagerHelper.set_manager_to_listen(SSOUserChangeListener())
+MessageManagerHelper.set_manager_to_listen(CasbinPolicyListener())
+MessageManagerHelper.set_manager_to_listen(CasbinModelListener())
diff --git a/isle/migrations/0045_auto_20190508_1930.py b/isle/migrations/0045_auto_20190508_1930.py
new file mode 100644
index 0000000..e360934
--- /dev/null
+++ b/isle/migrations/0045_auto_20190508_1930.py
@@ -0,0 +1,52 @@
+# Generated by Django 2.0.7 on 2019-05-08 09:30
+
+from django.db import migrations, models
+
+
+def set_assistant_flag(apps, schema_editor):
+    """
+    проставление флажков для существующих файлов и команд о том, что они были созданы ассистентами
+    """
+    EventMaterial = apps.get_model('isle', 'EventMaterial')
+    EventTeamMaterial = apps.get_model('isle', 'EventTeamMaterial')
+    Team = apps.get_model('isle', 'Team')
+    User = apps.get_model('isle', 'User')
+    assistants = list(User.objects.filter(unti_id__isnull=False, is_assistant=True).values_list('unti_id', flat=True))
+    EventMaterial.objects.filter(initiator__in=assistants).update(loaded_by_assistant=True)
+    EventTeamMaterial.objects.filter(initiator__in=assistants).update(loaded_by_assistant=True)
+    assistants = list(User.objects.filter(is_assistant=True).values_list('id', flat=True))
+    Team.objects.filter(creator_id__in=assistants).update(created_by_assistant=True)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('isle', '0044_auto_20190328_0215'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CasbinData',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('model', models.TextField()),
+                ('policy', models.TextField()),
+            ],
+        ),
+        migrations.AddField(
+            model_name='eventmaterial',
+            name='loaded_by_assistant',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='eventteammaterial',
+            name='loaded_by_assistant',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='team',
+            name='created_by_assistant',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.RunPython(set_assistant_flag, reverse_code=migrations.RunPython.noop)
+    ]
diff --git a/isle/models.py b/isle/models.py
index 3aa9d81..db248fa 100644
--- a/isle/models.py
+++ b/isle/models.py
@@ -18,6 +18,13 @@
 from jsonfield import JSONField
 
 
+def check_permission(user, context, obj_type='file', action='upload'):
+    from .casbin import enforce
+    if not user.unti_id or not context:
+        return False
+    return enforce(str(user.unti_id), context, obj_type, action)
+
+
 class User(AbstractUser):
     second_name = models.CharField(max_length=50)
     icon = JSONField()
@@ -40,6 +47,16 @@ def fio(self):
     def get_full_name(self):
         return ' '.join(filter(None, [self.last_name, self.first_name]))
 
+    def is_assistant_for_context(self, context):
+        return check_permission(self, context and context.uuid)
+
+    def has_assistant_role(self):
+        return any(check_permission(self, c) for c in Context.objects.values_list('uuid', flat=True))
+
+    @cached_property
+    def available_context_uuids(self):
+        return [c for c in Context.objects.values_list('uuid', flat=True) if check_permission(self, c)]
+
 
 class EventType(models.Model):
     ext_id = models.PositiveIntegerField(verbose_name='Внешний id', null=True)
@@ -137,9 +154,6 @@ def _get_dt(self, dt_field_name):
             tz = default
         return val.astimezone(tz)
 
-    def is_author(self, user):
-        return user.is_assistant
-
     def get_traces(self):
         traces = self.trace_set.order_by('name')
         if not traces and self.event_type is not None:
@@ -523,6 +537,7 @@ class EventMaterial(AbstractMaterial):
     comment = models.CharField(default='', max_length=255)
     result = models.ForeignKey(UserResult, on_delete=models.CASCADE, null=True, default=None)
     result_v2 = models.ForeignKey('LabsUserResult', on_delete=models.SET_NULL, null=True, default=None)
+    loaded_by_assistant = models.BooleanField(default=False)
 
     class Meta:
         verbose_name = _(u'Материал')
@@ -563,6 +578,7 @@ class Team(models.Model):
     name = models.CharField(max_length=500, verbose_name='Название команды')
     creator = models.ForeignKey(User, on_delete=models.CASCADE, null=True, default=None, related_name='team_creator')
     confirmed = models.BooleanField(default=True)
+    created_by_assistant = models.BooleanField(default=False)
 
     @property
     def team_name(self):
@@ -580,7 +596,8 @@ def __str__(self):
         return self.name
 
     def user_can_edit_team(self, user):
-        return user.is_assistant or user.id == self.creator_id or user in self.users.all()
+        return user.is_assistant_for_context(self.event.context) or user.id == self.creator_id or \
+               user in self.users.all()
 
 
 class EventTeamMaterial(AbstractMaterial):
@@ -590,6 +607,7 @@ class EventTeamMaterial(AbstractMaterial):
     owners = models.ManyToManyField(User)
     result = models.ForeignKey(TeamResult, on_delete=models.CASCADE, null=True, default=None)
     result_v2 = models.ForeignKey('LabsTeamResult', on_delete=models.CASCADE, null=True, default=None)
+    loaded_by_assistant = models.BooleanField(default=False)
 
     class Meta:
         verbose_name = _(u'Материал команды')
@@ -886,3 +904,8 @@ def current_generations_for_user(cls, user):
 
     def get_download_link(self):
         return reverse('load_csv_dump', kwargs={'dump_id': self.id})
+
+
+class CasbinData(models.Model):
+    model = models.TextField()
+    policy = models.TextField()
diff --git a/isle/static/js/pages/index.js b/isle/static/js/pages/index.js
index 84d1266..70a71e4 100644
--- a/isle/static/js/pages/index.js
+++ b/isle/static/js/pages/index.js
@@ -42,6 +42,21 @@ $('span.sort-col').on('click', (e) => {
     window.location.replace(queryStringUrlReplacement(window.location.href, 'sort', isAsc ? 'asc': 'desc'));
 });
 
+$('#select-view-mode').on('change', (e) => {
+    setCookie('index-view-mode', $(e.target).val(), 1);
+    window.location.reload();
+});
+
+function setCookie(name,value,days) {
+    var expires = "";
+    if (days) {
+        var date = new Date();
+        date.setTime(date.getTime() + (days*24*60*60*1000));
+        expires = "; expires=" + date.toUTCString();
+    }
+    document.cookie = name + "=" + (value || "")  + expires + "; path=/";
+}
+
 function queryStringUrlReplacement(url, param, value) {
     const re = new RegExp(`[\\?&]${param}=([^&#]*)`, "i");
     const match = re.exec(url);
diff --git a/isle/templates/activities.html b/isle/templates/activities.html
index 8e04fbf..0f742b2 100644
--- a/isle/templates/activities.html
+++ b/isle/templates/activities.html
@@ -18,7 +18,7 @@ <h2>Активности</h2>
         </div>
 	{% endcomment %}
     </div>
-    {% if request.user.is_assistant %}
+    {% if is_assistant %}
         <a class="pull-right export_event_csv" href="{% url 'get_activities_csv' %}">
             <span class="glyphicon glyphicon-download-alt"></span>&nbsp;Экспортировать все
         </a>
@@ -71,7 +71,7 @@ <h2>Активности</h2>
     <!-- event handlers of buttons are binded in js file below -->
     <script type="text/javascript" src="{% static 'js/pages/activities.js' %}"></script>
     <script type="text/javascript" src="{% static 'js/pages/index.js' %}"></script>
-    {% if request.user.is_assistant %}
+    {% if is_assistant %}
         <script type="text/javascript" src="{% static 'js/pages/index_assistant.js' %}"></script>
     {% endif %}
 {% endblock %}
\ No newline at end of file
diff --git a/isle/templates/base.html b/isle/templates/base.html
index 8faf13e..e3b04e5 100644
--- a/isle/templates/base.html
+++ b/isle/templates/base.html
@@ -72,7 +72,7 @@
         {% block js %}
             <script type="text/javascript" src="{% static 'js/libs/jquery.min.js' %}"></script>
             <script type="text/javascript" src="{% static 'js/libs/bootstrap.min.js' %}"></script>
-            {% if request.user.is_assistant %}
+            {% if request.user.has_assistant_role %}
                 <script type="text/javascript" src="{% static 'js/pages/base.js' %}"></script>
             {% endif %}
         {% endblock %}
diff --git a/isle/templates/base_results_upload.html b/isle/templates/base_results_upload.html
index 8c7cbc8..1418299 100644
--- a/isle/templates/base_results_upload.html
+++ b/isle/templates/base_results_upload.html
@@ -133,7 +133,7 @@ <h4>{% blocktrans with n1=block.order n2=result.order %}{{ n1 }}.{{ n2 }}. {% en
                                                     {% endif %}
                                                     <span class="glyphicon glyphicon-pencil result-action-buttons pull-right edit-result-comment"></span>
                                                     <span data-url="{{ result_item.get_page_url }}" class="glyphicon glyphicon-eye-open result-action-buttons pull-right view-result-page"></span>
-                                                    {% if request.user.is_assistant %}
+                                                    {% if is_assistant %}
                                                         <span class="glyphicon glyphicon-move result-action-buttons pull-right move-deleted-result"></span>
                                                     {% endif %}
                                                 </div>
@@ -178,7 +178,7 @@ <h5 class="result-entry" id="result-entry-{{ forloop.counter }}">Результ
                     <div data-result="{{ result.result.id }}">
                         <ul id="trace-ul" class="list-group list-group-flush">
                             {% for link in result.links %}
-                                <li class="list-group-item {% if link.confirmed and team_upload and not link.initiator_user.is_assistant %}confirmed-team-link{% elif team_upload and link.initiator_user.is_assistant %}assistant-team-link{% endif %}">
+                                <li class="list-group-item {% if link.confirmed and team_upload and not link.loaded_by_assistant %}confirmed-team-link{% elif team_upload and link.initiator_user.is_assistant %}assistant-team-link{% endif %}">
                                     <a class="link_preview" href="{{ link.get_url }}" {{ link.render_metadata|safe }}>{{ link.get_name }}</a>&nbsp;
                                     {% if can_upload %}
                                         <button name="material_id" value="{{ link.id }}" class="btn btn-warning btn-sm pull-right delete-material-btn">
@@ -199,7 +199,7 @@ <h4 class="mt-60">Отдельные файлы</h4>
 
         <ul class="list-group list-group-flush">
             {% for link in links %}
-                <li class="list-group-item {% if link.confirmed and team_upload and not link.initiator_user.is_assistant %}confirmed-team-link{% elif team_upload and link.initiator_user.is_assistant %}assistant-team-link{% endif %}">
+                <li class="list-group-item {% if link.confirmed and team_upload and not link.loaded_by_assistant %}confirmed-team-link{% elif team_upload and link.initiator_user.is_assistant %}assistant-team-link{% endif %}">
                     <a href="{{ link.get_url }}" {{ link.render_metadata|safe }}>{{ link.get_name }}</a>&nbsp;
                     {% if can_upload %}
                     <button name="material_id" value="{{ link.id }}" class="btn btn-warning btn-sm pull-right delete-material-btn">
@@ -217,7 +217,7 @@ <h4 class="mt-60">Отдельные файлы</h4>
                         {% blocktrans %}Удалить{% endblocktrans %}
                     </button>
                     {% endif %}
-                    {% if request.user.is_assistant %}
+                    {% if is_assistant %}
                         <span class="glyphicon glyphicon-move result-action-buttons pull-right move-unattached-file" data-file-id="{{ link.id }}"></span>
                     {% endif %}
                     <div><span>{{ link.comment }}</span></div>
@@ -231,7 +231,7 @@ <h4 class="mt-60">Отдельные файлы</h4>
     {{ block.super }}
     <script type="text/javascript">
         const pageType = "loadMaterials_v2";
-        const isAssistant = eval("{{ request.user.is_assistant|lower }}");
+        const isAssistant = eval("{{ is_assistant|lower }}");
         const eventUpload = eval("{{ event_upload|lower }}");
         const teamUpload = eval("{{ team_upload|lower }}");
         const fromUser = eval("{{ user_upload|lower }}");
diff --git a/isle/templates/create_blocks.html b/isle/templates/create_blocks.html
index 3e3118b..66fbb9d 100644
--- a/isle/templates/create_blocks.html
+++ b/isle/templates/create_blocks.html
@@ -93,7 +93,7 @@ <h5>Файл разметки модуля</h5>
                             <button name="material_id" value="{{ link.id }}" class="btn btn-warning btn-sm pull-right delete-material-btn">
                                 {% blocktrans %}Удалить{% endblocktrans %}
                             </button>
-                            {% if not request.user.is_assistant %}<div><span>{{ link.comment }}</span></div>{% endif %}
+                            {% if not is_assistant %}<div><span>{{ link.comment }}</span></div>{% endif %}
                         </li>
                     {% endfor %}
                     <li class="list-group-item form-inline list-group-border">
diff --git a/isle/templates/event_view.html b/isle/templates/event_view.html
index 7342756..57d997d 100644
--- a/isle/templates/event_view.html
+++ b/isle/templates/event_view.html
@@ -4,7 +4,7 @@
 {% block title %}Страница мероприятия "{{ event.title }}"{% endblock %}
 
 {% block content %}
-    {% if request.user.is_assistant %}
+    {% if is_assistant %}
         <div>
             <a href="{% url 'index' %}">Активности</a>
             &nbsp;/&nbsp;
@@ -29,7 +29,7 @@ <h6>
                 </h6>
             </div>
             <div>
-                {% if request.user.is_assistant %}
+                {% if is_assistant %}
                 <a href="{{ event.activity.get_labs_link }}">Открыть в LABS</a> <span class="text-muted">|</span> <a href="{{ event.get_xle_link }}">Открыть в расписании</a>
                 {% else %}
                     <a href="{{ event.get_xle_link }}">Открыть в расписании</a>
@@ -37,7 +37,7 @@ <h6>
             </div>
         </div>
         <div>
-            {% if request.user.is_assistant %}
+            {% if is_assistant %}
                 <a class="pull-right export_event_csv" href="{% url 'get_event_csv' uid=event.uid %}">
                     <span class="glyphicon glyphicon-download-alt"></span>&nbsp;Экспортировать все
                 </a>
@@ -72,7 +72,7 @@ <h6>
     {% endif %}
 
     <nav class="nav nav-pills nav-justified">
-        {% if not request.user.is_assistant and not event_entry.approved %}
+        {% if not is_assistant and not event_entry.approved %}
             <a class="nav-item btn btn-primary text-white item-margin" id="i-was-here">
                 {% if event_entry.approve_text %}Изменить подтверждение присутствия{% else %}Я тут точно был!{% endif %}
             </a>      
@@ -83,7 +83,7 @@ <h6>
         <div class="col">
             <div class="inline-divs-wrapper mt-40">
                 <div><h3>Участники</h3></div>
-                {% if request.user.is_assistant %}
+                {% if is_assistant %}
                 <div>
                     <a class="nav-item btn btn-warning" href="{% url 'add-user' uid=event.uid %}">
                         <span class="glyphicon glyphicon-plus mr-10"></span>
@@ -101,7 +101,7 @@ <h6>
                             <th class="text-center align-middle table-item" scope="col">Чекин</th>
                             <th class="text-center align-middle table-item" scope="col">Присутствие</th>
                             <th class="text-center align-middle table-item" scope="col">Результаты</th>
-                            {% if request.user.is_assistant %}
+                            {% if is_assistant %}
                                 <th scope="col"></th>
                             {% endif %}
                         </tr>
@@ -118,16 +118,16 @@ <h6>
                             </td>
                             <td class="text-center align-middle table-item"><input type="checkbox" data-user="{{ student.id }}" class="attendance"
                                     {% if student.attend %}checked {% endif %}
-                                    {% if not request.user.is_assistant %} disabled{% endif %}>
+                                    {% if not is_assistant %} disabled{% endif %}>
                             </td>
                             <td>
                                 {% if event.is_active %}
-                                {% if student.unti_id == request.user.unti_id or request.user.is_assistant %}
+                                {% if student.unti_id == request.user.unti_id or is_assistant %}
                                 <a class="btn btn-primary btn-sm btn-block" href="{% url 'load-materials' uid=event.uid unti_id=student.unti_id %}">{% trans "Загрузить" %}</a>
                                 {% endif %}
                                 {% endif %}
                             </td>
-                            {% if request.user.is_assistant %}
+                            {% if is_assistant %}
                                 <td>
                                     {% if student.can_delete %}
                                         <button class="btn btn-danger btn-sm btn-delete-attendance" data-user-id="{{ student.id }}">
@@ -169,7 +169,7 @@ <h3>Команды</h3>
                 </tr>
             </thead>
             {% for team in teams %}
-                <tr class="{% if team.confirmed and team.creator and not team.creator.is_assistant %}confirmed-team-link{% elif team.confirmed %}assistant-team-link{% endif %}">
+                <tr class="{% if team.confirmed and team.creator and not team.created_by_assistant %}confirmed-team-link{% elif team.confirmed %}assistant-team-link{% endif %}">
                     <td>
                         <a href="{% url 'load-team-materials' uid=event.uid team_id=team.id %}">{{ team.name }}</a>
                     </td>
@@ -188,7 +188,7 @@ <h3>Команды</h3>
                     <td>{{ team.traces_number }}</td>
                     <td>
                         {% if event.is_active %}
-                            {% if request.user.is_assistant or team.id in user_teams %}
+                            {% if is_assistant or team.id in user_teams %}
                                 <a class="btn btn-primary btn-sm" href="{% url 'load-team-materials' uid=event.uid team_id=team.id %}">{% trans "Загрузить" %}</a>
                             {% endif %}
                         {% endif %}
@@ -209,7 +209,7 @@ <h3>Команды</h3>
 {% block js %}
     {{ block.super }}  
     <script type="text/javascript">
-        const isAssistant = eval("{{ request.user.is_assistant|lower }}");
+        const isAssistant = eval("{{ is_assistant|lower }}");
         const updateAttendanceViewUrl = "{% url 'update-attendance-view' uid=event.uid %}";
         const removeUserUrl = "{% url 'remove-user' uid=event.uid %}";
         const approveTextEdit = "{% url 'approve-text-edit' event_entry_id=event_entry_id %}"
diff --git a/isle/templates/events.html b/isle/templates/events.html
index 6585759..9980cac 100644
--- a/isle/templates/events.html
+++ b/isle/templates/events.html
@@ -1,7 +1,7 @@
 {% extends 'base.html' %}
 {% load static tz %}
 {% block content %}
-    {% if request.user.is_assistant %}
+    {% if is_assistant %}
         <div>
             <a href="{% url 'index' %}">Активности</a>
             &nbsp;/&nbsp;
@@ -34,7 +34,7 @@ <h2>Мероприятия</h2>
             </div>
         </div>
     {% endif %}
-    {% if request.user.is_assistant %}
+    {% if is_assistant %}
         <a class="pull-right export_event_csv" href="{% url 'get_filtered_events_csv' %}">
             <span class="glyphicon glyphicon-download-alt"></span>&nbsp;Экспортировать все
         </a>
@@ -43,7 +43,7 @@ <h2>Мероприятия</h2>
     {% url 'events' as reset_filter_url %}
     {% include 'includes/events_filter.html' %}
     <div class="text-muted index-statistics-block">
-        {% if request.user.is_assistant %}
+        {% if is_assistant %}
             Мероприятий: {{ objects|length }}. Загружено элементов: {{ elements_cnt }}. Загружено пользователями: {{ elements_user_cnt }}.
         {% else %}
             Мероприятий: {{ event_num }};&nbsp;&nbsp;Элементов цифрового следа: {{ trace_num }}
@@ -59,7 +59,7 @@ <h2>Мероприятия</h2>
                             <th>Автор</th>
                             <th><span class="sort-col glyphicon"></span>&nbsp;Дата и время начала</th>
                             <th>Дата и время окончания</th>
-                            {% if request.user.is_assistant %}
+                            {% if is_assistant %}
                                 <th>Количество участников/чекинов</th>
                                 <th>Загружено элементов</th>
                             {% else %}
@@ -80,7 +80,7 @@ <h2>Мероприятия</h2>
                                 <span class="nowrap">{{ event.get_dt_end|date:"d E, H:i" }}</span>
                             </td>
                             {% endlocaltime %}
-                            {% if request.user.is_assistant %}
+                            {% if is_assistant %}
                                 <td class="text-center">{{ event.prop_enrollments }} / {{ event.prop_checkins }}</td>
                                 <td class="text-center">{{ event.trace_cnt }}</td>
                             {% else %}
@@ -96,7 +96,7 @@ <h2>Мероприятия</h2>
     {% include 'includes/paginator.html' %}
     {% if not objects %}
         <div class="alert alert-danger" role="alert">
-            {% if request.user.is_assistant %}
+            {% if is_assistant %}
                 В выбранный день нет активных мероприятий
             {% else %}
                 Вы не записаны на мероприятия в выбранный день
@@ -114,7 +114,7 @@ <h2>Мероприятия</h2>
     </script>
     <!-- event handlers of buttons are binded in js file below -->
     <script type="text/javascript" src="{% static 'js/pages/index.js' %}"></script>
-    {% if request.user.is_assistant %}
+    {% if is_assistant %}
         <script type="text/javascript" src="{% static 'js/pages/index_assistant.js' %}"></script>
     {% endif %}
 {% endblock %}
diff --git a/isle/templates/includes/context_switcher.html b/isle/templates/includes/context_switcher.html
index fe51c3b..e8174bf 100644
--- a/isle/templates/includes/context_switcher.html
+++ b/isle/templates/includes/context_switcher.html
@@ -1,5 +1,5 @@
 <p class="mr-auto context-switcher-wrapper">
-    {% if request.user.is_authenticated and request.user.is_assistant %}
+    {% if AVAILABLE_CONTEXTS %}
         {% csrf_token %}
         <select class="context-switching-select form-control" data-url="{% url 'switch_context' %}">
             <option value="" {% if not request.user.chosen_context_id %}selected{% endif %}>Все контексты</option>
diff --git a/isle/templates/includes/events_filter.html b/isle/templates/includes/events_filter.html
index 798bb85..15371d5 100644
--- a/isle/templates/includes/events_filter.html
+++ b/isle/templates/includes/events_filter.html
@@ -15,3 +15,14 @@
         </div>
     </div>
 </div>
+{% if has_assistant_role %}
+    <div>
+        <form class="form-inline">
+            <label>Смотреть как</label>
+            <select id="select-view-mode" class="form-control">
+                <option value="as_assistant" {% if is_assistant %}selected{% endif %}>ассистент</option>
+                <option value="as_user" {% if not is_assistant %}selected{% endif %}>пользователь</option>
+            </select>
+        </form>
+    </div>
+{% endif %}
diff --git a/isle/templates/load_materials.html b/isle/templates/load_materials.html
index 255210c..0b4af71 100644
--- a/isle/templates/load_materials.html
+++ b/isle/templates/load_materials.html
@@ -61,7 +61,7 @@ <h3>{% trans "Добавление материалов" %}</h3>
         </form>
     </div>
     <div class="clearfix"></div>
-    {% if request.user.is_assistant and event_upload %}
+    {% if is_assistant and event_upload %}
         <div class="modal fade text-left" tabindex="-1" role="dialog" id="transfer-modal">
           <div class="modal-dialog">
             <div class="modal-content">
@@ -103,7 +103,7 @@ <h5>Команды:</h5>
             <h5 class="event-trace-name" {% if not trace.links %}style="display:none"{% endif %}>{{ trace.trace.name }}</h5>
             <ul id="trace-ul" class="list-group list-group-flush">
                 {% for link in trace.links %}
-                    <li class="list-group-item {% if link.confirmed and team_upload and not link.initiator_user.is_assistant %}confirmed-team-link{% elif team_upload and link.initiator_user.is_assistant %}assistant-team-link{% endif %}" data-comment="{{ link.comment }}" data-material-id="{{ link.id }}">
+                    <li class="list-group-item" data-comment="{{ link.comment }}" data-material-id="{{ link.id }}">
                         <a class="link_preview" href="{{ link.get_url }}" {{ link.render_metadata|safe }}>{{ link.get_name }}</a>&nbsp;
                         {% if can_upload %}
                             <span name="material_id" value="{{ link.id }}" class="glyphicon glyphicon-remove result-action-buttons pull-right delete-material-btn">
@@ -111,7 +111,7 @@ <h5 class="event-trace-name" {% if not trace.links %}style="display:none"{% endi
                             <span value="{{ link.id }}" class="glyphicon glyphicon-pencil result-action-buttons pull-right edit-event-block-material">
                             </span>
                         {% endif %}
-                        {% if request.user.is_assistant %}
+                        {% if is_assistant %}
                             <div>
                                 <span class="text-muted assistant-info-string">
                                     {{ link.get_info_string }}
@@ -133,7 +133,7 @@ <h4 class="mt-60">Отдельные файлы</h4>
 
         <ul class="list-group list-group-flush">
             {% for link in unattached_files %}
-                <li class="list-group-item {% if link.confirmed and team_upload and not link.initiator_user.is_assistant %}confirmed-team-link{% elif team_upload and link.initiator_user.is_assistant %}assistant-team-link{% endif %}">
+                <li class="list-group-item">
                     <a href="{{ link.get_url }}" {{ link.render_metadata|safe }}>{{ link.get_name }}</a>&nbsp;
                     <div><span>{{ link.comment }}</span></div>
                 </li>
@@ -146,7 +146,7 @@ <h4 class="mt-60">Отдельные файлы</h4>
     {{ block.super }}
     <script type="text/javascript">
         const pageType = "loadMaterials";
-        const isAssistant = eval("{{ request.user.is_assistant|lower }}");
+        const isAssistant = eval("{{ is_assistant|lower }}");
         const eventUpload = eval("{{ event_upload|lower }}");
         const teamUpload = eval("{{ team_upload|lower }}");
         const fromUser = eval("{{ user_upload|lower }}");
diff --git a/isle/utils.py b/isle/utils.py
index e72442f..cbde445 100644
--- a/isle/utils.py
+++ b/isle/utils.py
@@ -17,10 +17,10 @@
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext as _
 import requests
-from isle.api import Api, ApiError, ApiNotFound, LabsApi, XLEApi, DpApi
+from isle.api import Api, ApiError, ApiNotFound, LabsApi, XLEApi, DpApi, SSOApi
 from isle.models import (Event, EventEntry, User, Trace, EventType, Activity, EventOnlyMaterial, ApiUserChart, Context,
                          LabsEventBlock, LabsEventResult, LabsUserResult, EventMaterial, MetaModel, EventTeamMaterial,
-                         Team, Author)
+                         Team, Author, CasbinData)
 
 DEFAULT_CACHE = caches['default']
 EVENT_TYPES_CACHE_KEY = 'EVENT_TYPE_IDS'
@@ -742,3 +742,17 @@ def get_csv_encoding_for_request(request):
         os_family = ''
     overridden_encoding = settings.CSV_ENCODING_FOR_OS.get(os_family.lower())
     return overridden_encoding or settings.DEFAULT_CSV_ENCODING
+
+
+def update_casbin_data():
+    try:
+        data = SSOApi().get_casbin_data()
+        cdata = CasbinData.objects.first()
+        if cdata:
+            CasbinData.objects.filter(id=cdata.id).update(model=data['model'], policy=data['policy'])
+        else:
+            CasbinData.objects.create(model=data['model'], policy=data['policy'])
+    except ApiError:
+        pass
+    except (TypeError, KeyError):
+        logging.exception('Unexpected format for casbin data')
diff --git a/isle/views.py b/isle/views.py
index 155de2e..9df7260 100644
--- a/isle/views.py
+++ b/isle/views.py
@@ -51,6 +51,9 @@
     EventMaterialsCSV, EventGroupMaterialsCSV, BytesCsvStreamWriter, get_csv_encoding_for_request
 
 
+VIEW_MODE_COOKIE_NAME = 'index-view-mode'
+
+
 def login(request):
     return render(request, 'login.html', {'next': request.GET.get('next', reverse('index'))})
 
@@ -70,7 +73,7 @@ def _wrapped_view(request, *args, **kwargs):
             uid = kwargs.get('uid')
             if uid:
                 event = Event.objects.filter(uid=uid).first()
-                if event and request.user.is_authenticated and request.user.is_assistant and \
+                if event and request.user.is_authenticated and request.user.has_assistant_role() and \
                         request.user.chosen_context_id != event.context_id:
                     request.user.chosen_context_id = event.context_id
                     request.user.save(update_fields=['chosen_context_id'])
@@ -111,6 +114,27 @@ def update_context_with_search_parameters(self, ctx):
             'search': self.request.GET.get('search') or '',
         })
 
+    @cached_property
+    def current_user_has_assistant_role(self):
+        return self.request.user.has_assistant_role()
+
+    @cached_property
+    def current_mode_is_assistant(self):
+        """
+        просматривает ли пользователь страницу в режиме ассистента
+        """
+        if self.current_user_has_assistant_role:
+            return self.request.COOKIES.get(VIEW_MODE_COOKIE_NAME) != 'as_user'
+        return False
+
+    def get_context_data(self, **kwargs):
+        data = super().get_context_data(**kwargs)
+        data.update({
+            'is_assistant': self.current_mode_is_assistant,
+            'has_assistant_role': self.current_user_has_assistant_role,
+        })
+        return data
+
 
 class IndexPageEventsFilterMixin(SearchHelperMixin):
     @cached_property
@@ -127,7 +151,7 @@ def filter_search(self, qs):
         return qs
 
     def get_events(self):
-        if self.request.user.is_assistant:
+        if self.current_mode_is_assistant:
             events = Event.objects.filter(is_active=True)
         else:
             events = Event.objects.filter(id__in=EventEntry.objects.filter(user=self.request.user).
@@ -142,8 +166,12 @@ def get_events(self):
             events = events.filter(activity=self.activity_filter)
         events = self.filter_search(events)
         events = events.order_by('{}dt_start'.format('' if self.is_asc_sort() else '-'))
-        if self.request.user.is_assistant and self.request.user.chosen_context_id:
-            events = events.filter(context_id=self.request.user.chosen_context_id)
+        if self.current_mode_is_assistant:
+            if self.request.user.chosen_context_id and \
+                    self.request.user.is_assistant_for_context(self.request.user.chosen_context):
+                events = events.filter(context_id=self.request.user.chosen_context_id)
+            else:
+                events = events.filter(context__uuid__in=self.request.user.available_context_uuids)
         return events
 
     def is_asc_sort(self):
@@ -171,9 +199,9 @@ def get_context_data(self, **kwargs):
         })
         self.update_context_with_search_parameters(ctx)
         event_ids = [i.id for i in objects]
-        if self.request.user.is_assistant:
+        if self.current_mode_is_assistant:
             fdict = {
-                'initiator__in': User.objects.filter(is_assistant=True).values_list('unti_id', flat=True)
+                'loaded_by_assistant': True,
             }
             ctx.update({
                 'elements_cnt': EventMaterial.objects.filter(event_id__in=event_ids).count() +
@@ -221,12 +249,21 @@ def event(self):
     def dispatch(self, request, *args, **kwargs):
         return super().dispatch(request, *args, **kwargs)
 
+    @cached_property
+    def current_user_is_assistant(self):
+        return self.request.user.is_assistant_for_context(self.event.context)
+
+    def get_context_data(self, **kwargs):
+        data = super().get_context_data(**kwargs)
+        data['is_assistant'] = self.current_user_is_assistant
+        return data
+
 
 class GetEventMixinWithAccessCheck(GetEventMixin):
     def dispatch(self, request, *args, **kwargs):
         if not request.user.is_authenticated:
             return HttpResponseRedirect('{}?next={}'.format(reverse('login'), request.get_full_path()))
-        if request.user.is_assistant or EventEntry.objects.filter(user=request.user, event=self.event).exists():
+        if self.current_user_is_assistant or EventEntry.objects.filter(user=request.user, event=self.event).exists():
             return super().dispatch(request, *args, **kwargs)
         return render(request, 'to_xle.html', {
             'link': getattr(settings, 'XLE_URL', 'https://xle.2035.university/feedback'),
@@ -247,6 +284,7 @@ class EventView(GetEventMixinWithAccessCheck, TemplateView):
     template_name = 'event_view.html'
 
     def get_context_data(self, **kwargs):
+        data = super().get_context_data(**kwargs)
         users = list(get_event_participants(self.event))
         user_entry = [i for i in users if i.id == self.request.user.id]
         if user_entry:
@@ -256,7 +294,7 @@ def get_context_data(self, **kwargs):
         chat_bot_added = set(Attendance.objects.filter(event=self.event, confirmed_by_system=Attendance.SYSTEM_CHAT_BOT)
                              .values_list('user_id', flat=True))
         user_teams = list(Team.objects.filter(event=self.event, users=self.request.user).values_list('id', flat=True))
-        if not self.request.user.is_assistant:
+        if not self.current_user_is_assistant:
             num = dict(EventMaterial.objects.filter(event=self.event, user__in=users, is_public=True).
                        values_list('user_id').annotate(num=Count('event_id')))
             num[self.request.user.id] = EventMaterial.objects.filter(event=self.event, user=self.request.user).count()
@@ -274,14 +312,15 @@ def get_context_data(self, **kwargs):
         event_entry = EventEntry.objects.filter(event=self.event, user=self.request.user).first()
         teams = Team.objects.filter(event=self.event).select_related('creator').prefetch_related('users')
         teams = sorted(list(teams), key=lambda x: (int(x.id not in user_teams), x.name.lower()))
-        return {
+        data.update({
             'students': users,
             'event': self.event,
             'teams': teams,
             'user_teams': user_teams,
             'event_entry': event_entry,
             'event_entry_id': getattr(event_entry, 'id', 0),
-        }
+        })
+        return data
 
 
 @method_decorator(context_setter, name='get')
@@ -307,7 +346,7 @@ def get_unattached_files(self):
         return []
 
     def can_upload(self):
-        return self.request.user.is_assistant
+        return self.current_user_is_assistant
 
     def _can_set_public(self):
         return False
@@ -550,7 +589,7 @@ def action_move(self, request):
         """
         перемещение объекта результата из одного блока результата в другой
         """
-        if not request.user.is_assistant:
+        if not self.current_user_is_assistant:
             raise PermissionDenied
         item_result = self.results_model.objects.filter(**self._update_query_dict({
             'result_id': request.POST.get('labs_result_id'),
@@ -578,7 +617,7 @@ def action_move_unattached(self, request):
         """
         перемещение файла, у которого нет связей с трейсом или результатом, в результат
         """
-        if not request.user.is_assistant:
+        if not self.current_user_is_assistant:
             raise PermissionDenied
         try:
             material = self.material_model.objects.get(**self._update_query_dict({
@@ -784,7 +823,7 @@ def post(self, request, *args, **kwargs):
         resp = self.check_post_allowed(request)
         if resp is not None:
             return resp
-        if not request.user.is_assistant:
+        if not self.current_user_is_assistant:
             raise PermissionDenied
         if 'add_btn' not in request.POST:
             return self.delete_item(request)
@@ -828,7 +867,7 @@ def _can_set_public(self):
         return self.request.user.unti_id == int(self.kwargs['unti_id'])
 
     def can_upload(self):
-        return self.request.user.is_assistant or int(self.kwargs['unti_id']) == self.request.user.unti_id
+        return self.current_user_is_assistant or int(self.kwargs['unti_id']) == self.request.user.unti_id
 
     def get_materials(self):
         if self.can_upload():
@@ -873,7 +912,8 @@ class LoadUserMaterialsResult(BaseLoadMaterialsLabsResults, LoadMaterials):
     extra_context = {'user_upload': True}
 
     def get_material_fields(self, request):
-        return dict(event=self.event, user=self.user, is_public=True)
+        return dict(event=self.event, user=self.user, is_public=True,
+                    loaded_by_assistant=self.current_user_is_assistant)
 
     def _log_material_delete(self, material):
         logging.warning('User %s has deleted file %s for user %s' %
@@ -930,14 +970,6 @@ def _delete_item(self, material_id):
         return JsonResponse({})
 
 
-def choose_view(assistant_view, user_view):
-    def wrapped(request, *args, **kwargs):
-        if request.user.is_authenticated and request.user.is_assistant:
-            return assistant_view.as_view()(request, *args, **kwargs)
-        return user_view.as_view()(request, *args, **kwargs)
-    return wrapped
-
-
 class LoadTeamMaterials(BaseLoadMaterials):
     """
     Просмотр/загрузка командных материалов по эвенту
@@ -965,7 +997,7 @@ def get_materials(self):
         users = {i.unti_id: i for i in User.objects.filter(unti_id__in=filter(None, [j.initiator for j in qs]))}
         for item in qs:
             item.initiator_user = users.get(item.initiator)
-            if not self.request.user.is_assistant:
+            if not self.current_user_is_assistant:
                 item.is_owner = self.request.user in item.owners.all()
                 item.ownership_url = reverse('team-material-owner', kwargs={
                     'uid': self.event.uid, 'material_id': item.id, 'team_id': self.team.id})
@@ -973,12 +1005,12 @@ def get_materials(self):
 
     def can_upload(self):
         # командные файлы загружает ассистент или участники этой команды
-        return self.request.user.is_assistant or self.team.users.filter(id=self.request.user.id).exists()
+        return self.current_user_is_assistant or self.team.users.filter(id=self.request.user.id).exists()
 
     def post(self, request, *args, **kwargs):
         # загрузка и удаление файлов доступны только для эвентов, доступных для оцифровки, и по
         # командам, сформированным в данном эвенте
-        if not self.event.is_active or not (self.request.user.is_assistant or
+        if not self.event.is_active or not (self.current_user_is_assistant or
                 Team.objects.filter(event=self.event, id=self.kwargs['team_id']).exists()):
             return JsonResponse({}, status=403)
         try:
@@ -1014,7 +1046,7 @@ def make_file_path(self, fn):
 
     def get_material_fields(self, request):
         return dict(event=self.event, team=self.team, comment=request.POST.get('comment', ''),
-                    confirmed=self.request.user.is_assistant)
+                    confirmed=self.current_user_is_assistant)
 
 
 class LoadTeamMaterialsResult(BaseLoadMaterialsLabsResults, LoadTeamMaterials):
@@ -1024,7 +1056,7 @@ class LoadTeamMaterialsResult(BaseLoadMaterialsLabsResults, LoadTeamMaterials):
     template_name = 'team_results.html'
 
     def get_material_fields(self, request):
-        return dict(event=self.event, team=self.team)
+        return dict(event=self.event, team=self.team, loaded_by_assistant=self.current_user_is_assistant)
 
     def _log_material_delete(self, material):
         logging.warning('User %s has deleted file %s for team %s' %
@@ -1091,7 +1123,7 @@ class LoadEventMaterials(BaseLoadMaterials):
     extra_context = {'with_comment_input': True, 'show_owners': True, 'event_upload': True}
 
     def post(self, request, *args, **kwargs):
-        if request.user.is_authenticated and request.user.is_assistant and 'change_material_info' in request.POST:
+        if request.user.is_authenticated and self.current_user_is_assistant and 'change_material_info' in request.POST:
             return self.change_material_info(request)
         return super().post(request, *args, **kwargs)
 
@@ -1133,7 +1165,7 @@ def get_unattached_files(self):
     def get_materials(self):
         qs = EventOnlyMaterial.objects.filter(event=self.event)
         for item in qs:
-            if not self.request.user.is_assistant:
+            if not self.current_user_is_assistant:
                 item.is_owner = self.request.user in item.owners.all()
                 item.ownership_url = reverse('event-material-owner', kwargs={
                     'uid': self.event.uid, 'material_id': item.id})
@@ -1176,7 +1208,7 @@ class BaseTeamView(GetEventMixin):
     form_class = CreateTeamForm
 
     def dispatch(self, request, *args, **kwargs):
-        if not request.user.is_authenticated or not (request.user.is_assistant or
+        if not request.user.is_authenticated or not (self.current_user_is_assistant or
                 self.has_permission(request)):
             return HttpResponseForbidden()
         return super().dispatch(request, *args, **kwargs)
@@ -1191,7 +1223,7 @@ def get_available_users(self):
 
     def post(self, request, **kwargs):
         form = self.form_class(data=request.POST, event=self.event, users_qs=self.get_available_users(),
-                               creator=request.user, instance=self.team)
+                               creator=self.request.user, instance=self.team)
         if not form.is_valid():
             return JsonResponse({}, status=400)
         team, members_changed = form.save()
@@ -1242,7 +1274,7 @@ class AddUserToEvent(GetEventMixin, TemplateView):
     template_name = 'add_user.html'
 
     def dispatch(self, request, *args, **kwargs):
-        if request.user.is_authenticated and request.user.is_assistant:
+        if request.user.is_authenticated and self.current_user_is_assistant:
             return super().dispatch(request, *args, **kwargs)
         return HttpResponseForbidden()
 
@@ -1279,7 +1311,7 @@ def post(self, request, uid=None):
 
 class RemoveUserFromEvent(GetEventMixin, View):
     def post(self, request, uid=None):
-        if not request.user.is_authenticated or not request.user.is_assistant:
+        if not request.user.is_authenticated or not self.current_user_is_assistant:
             return JsonResponse({}, status=403)
         try:
             entry = EventEntry.objects.get(event=self.event, user_id=request.POST.get('user_id'),
@@ -1297,7 +1329,7 @@ class UserAutocomplete(autocomplete.Select2QuerySetView):
     def get_queryset(self):
         event_id = self.forwarded.get('event_id')
         chosen = self.forwarded.get('users') or []
-        if not self.request.user.is_authenticated or not self.request.user.is_assistant or not event_id:
+        if not self.request.user.is_authenticated or not self.request.user.has_assistant_role() or not event_id:
             return User.objects.none()
         qs = User.objects.exclude(
             id__in=EventEntry.objects.filter(event_id=event_id).values_list('user_id', flat=True)
@@ -1331,13 +1363,15 @@ def get_result_label(self, result):
 
 class ResultTypeAutocomplete(autocomplete.Select2QuerySetView):
     def get_queryset(self):
-        if not self.request.user.is_authenticated or not self.request.user.is_assistant:
+        if not self.request.user.is_authenticated:
             return []
         try:
             event = Event.objects.get(id=self.forwarded.get('event'))
         except (TypeError, ValueError, Event.DoesNotExist):
             logging.warning("User %s hasn't provided event parameter for ResultTypeAutocomplete")
             raise SuspiciousOperation
+        if not self.request.user.is_assistant_for_context(event.context):
+            return []
         return BlockType.result_types_for_event(event)
 
     def get_result_label(self, result):
@@ -1353,7 +1387,8 @@ class EventItemAutocompleteBase(autocomplete.Select2QuerySetView):
     def get_queryset(self):
         exclude = self.forwarded.get('exclude') or []
         event_id = str(self.forwarded.get('event'))
-        if not event_id.isdigit() or not (self.request.user.is_authenticated and self.request.user.is_assistant):
+        event = Event.objects.get(id=event_id)
+        if not event_id.isdigit() or not (self.request.user.is_authenticated and self.request.user.is_assistant_for_context(event.context)):
             return self.model.objects.none()
         return self.model.objects.filter(**self.get_filters(event_id)).exclude(id__in=exclude)
 
@@ -1510,7 +1545,7 @@ def post(self, request, uid=None):
         if not user_id or 'status' not in request.POST:
             return JsonResponse({}, status=400)
         user = User.objects.filter(id=user_id).first()
-        if not request.user.is_assistant:
+        if not self.current_user_is_assistant:
             return JsonResponse({}, status=400)
         is_confirmed = request.POST.get('status') == 'true'
         Attendance.objects.update_or_create(
@@ -1544,7 +1579,7 @@ def post(self, request, uid=None):
 
 class ConfirmTeamMaterial(GetEventMixin, View):
     def post(self, request, uid=None, team_id=None):
-        if not request.user.is_authenticated or not request.user.is_assistant:
+        if not request.user.is_authenticated or not self.current_user_is_assistant:
             return JsonResponse({}, status=403)
         try:
             team = Team.objects.get(event=self.event, id=team_id)
@@ -1560,7 +1595,7 @@ def post(self, request, uid=None, team_id=None):
 
 class BaseOwnershipChecker(GetEventMixin, View):
     def post(self, request, **kwargs):
-        if request.user.is_assistant or not EventEntry.objects.filter(event=self.event, user=request.user):
+        if self.current_user_is_assistant or not EventEntry.objects.filter(event=self.event, user=request.user):
             return JsonResponse({}, status=403)
         material = self.get_material()
         confirm = request.POST.get('confirm')
@@ -1681,7 +1716,7 @@ def get_context_data(self):
 
 class TransferView(GetEventMixin, View):
     def dispatch(self, request, *args, **kwargs):
-        if request.user.is_authenticated and not request.user.is_assistant:
+        if request.user.is_authenticated and not self.current_user_is_assistant:
             return HttpResponseForbidden()
         return super().dispatch(request, *args, **kwargs)
 
@@ -1750,17 +1785,16 @@ def filter_search(self, qs):
     def get_activities(self):
         if not self.only_my_activities():
             qs = Activity.objects.filter(is_deleted=False)
-            if self.request.user.is_assistant:
+            if self.current_mode_is_assistant:
                 qs = self.filter_context(qs)
             else:
                 qs = qs.filter(id__in=EventEntry.objects.filter(
                     user=self.request.user).values_list('event__activity_id', flat=True)
                 )
         else:
-            qs = self.filter_context(Activity.objects.filter(
+            qs = Activity.objects.filter(
                 is_deleted=False,
                 id__in=ActivityEnrollment.objects.filter(user=self.request.user).values_list('activity_id', flat=True))
-            )
         min_dt, max_dt = self.get_datetimes()
         if min_dt:
             qs = qs.filter(event__dt_start__gte=min_dt)
@@ -1770,11 +1804,13 @@ def get_activities(self):
         return qs.distinct().order_by('title', 'id')
 
     def filter_context(self, qs):
-        if self.request.user.is_assistant and self.request.user.chosen_context_id:
-            return qs.filter(id__in=Event.objects.filter(
-                context_id=self.request.user.chosen_context_id).values_list('activity_id', flat=True)
-            )
-        return qs
+        if self.request.user.chosen_context_id:
+            if self.request.user.is_assistant_for_context(self.request.user.chosen_context):
+                return qs.filter(id__in=Event.objects.filter(
+                    context_id=self.request.user.chosen_context_id).values_list('activity_id', flat=True)
+                )
+            return qs.none()
+        return qs.filter(event__context__uuid__in=self.request.user.available_context_uuids)
 
     def only_my_activities(self):
         return self.request.GET.get('activities') == 'my'
@@ -1861,7 +1897,7 @@ class ImportEventBlocks(GetEventMixin, TemplateView):
     template_name = 'includes/_blocks_form.html'
 
     def get_context_data(self, **kwargs):
-        if not self.request.user.is_assistant:
+        if not self.current_user_is_assistant:
             raise PermissionDenied
         try:
             event = Event.objects.get(id=self.request.GET.get('id'), activity_id=self.event.activity_id)
@@ -1875,7 +1911,7 @@ class CheckEventBlocks(GetEventMixin, View):
     проверка того, что для текущей структуры мероприятия нет файлов мероприятия, привязанных к блокам
     """
     def get(self, request, **kwargs):
-        if request.user.is_assistant:
+        if self.current_user_is_assistant:
             return JsonResponse({
                 'blocks_with_materials': EventOnlyMaterial.objects.filter(event_block__event=self.event).exists(),
             })
@@ -1884,7 +1920,7 @@ def get(self, request, **kwargs):
 
 class DeleteEventBlock(GetEventMixin, View):
     def get(self, request, **kwargs):
-        if request.user.is_authenticated and request.user.is_assistant:
+        if request.user.is_authenticated and self.current_user_is_assistant:
             block = EventBlock.objects.filter(id=kwargs['block_id']).first()
             if not block:
                 raise Http404
@@ -1892,7 +1928,7 @@ def get(self, request, **kwargs):
         raise PermissionDenied
 
     def post(self, request, **kwargs):
-        if request.user.is_authenticated and request.user.is_assistant:
+        if request.user.is_authenticated and self.current_user_is_assistant:
             EventBlock.objects.filter(id=kwargs['block_id']).delete()
             return JsonResponse({'redirect': reverse('create-blocks', kwargs={'uid': self.event.uid})})
         raise PermissionDenied
@@ -1903,7 +1939,7 @@ class BaseCreateResult(GetEventMixin, View):
     result_model = UserResult
 
     def post(self, request, **kwargs):
-        if not request.user.is_assistant:
+        if not self.current_user_is_assistant:
             raise PermissionDenied
         instance = None
         if request.POST.get('result_id'):
@@ -1961,7 +1997,7 @@ class RolesFormsetRender(GetEventMixin, TemplateView):
     template_name = 'includes/_user_roles_formset.html'
 
     def get_context_data(self, **kwargs):
-        if not self.request.user.is_assistant:
+        if not self.current_user_is_assistant:
             raise PermissionDenied
         try:
             result = TeamResult.objects.get(id=self.request.GET.get('id'))
@@ -1981,7 +2017,7 @@ def post(self, request, **kwargs):
         изменение блока, пользователей и команд у файла мероприятия ассистентом
         """
         pref = request.POST.get('custom_form_prefix')
-        if not request.user.is_assistant or not pref:
+        if not self.current_user_is_assistant or not pref:
             raise PermissionDenied
         try:
             material = EventOnlyMaterial.objects.get(id=EventBlockEditRenderer.parse_material_id_from_prefix(pref))
@@ -2004,7 +2040,7 @@ class EventBlockEditRenderer(GetEventMixin, TemplateView):
     template_name = 'includes/_material_event_block.html'
 
     def get_context_data(self, **kwargs):
-        if not self.request.user.is_assistant:
+        if not self.current_user_is_assistant:
             raise PermissionDenied
         try:
             material = EventOnlyMaterial.objects.get(id=self.request.GET.get('id'))
@@ -2480,7 +2516,7 @@ def get_csv_response(self, obj):
 
 class EventCsvData(GetEventMixin, CSVResponseGeneratorMixin, View):
     def get(self, request, *args, **kwargs):
-        if not request.user.is_assistant:
+        if not self.current_user_is_assistant:
             raise PermissionDenied
         obj = EventMaterialsCSV(self.event)
         if request.GET.get('check_empty'):
@@ -2491,7 +2527,7 @@ def get(self, request, *args, **kwargs):
 @method_decorator(login_required, name='dispatch')
 class BaseCsvEventsDataView(CSVResponseGeneratorMixin, View):
     def get(self, request):
-        if not request.user.is_assistant:
+        if not request.user.has_assistant_role():
             raise PermissionDenied
         events = self.get_events_for_csv()
         activity_filter = getattr(self, 'activity_filter', None)
@@ -2556,7 +2592,7 @@ def switch_context(request):
     """
     Установка нового контекста для пользователя. Возвращает урл редиректа
     """
-    if not request.user.is_assistant:
+    if not request.user.has_assistant_role():
         raise PermissionDenied
     try:
         if 'context_id' in request.POST and request.POST['context_id'] == '':
@@ -2574,7 +2610,14 @@ def switch_context(request):
                 redirect_url = reverse('events')
         except Resolver404:
             redirect_url = reverse('index')
-        return JsonResponse({'redirect': redirect_url})
+        resp = JsonResponse({'redirect': redirect_url})
+        if context:
+            # если пользователь ассистент в выбранном контексте, по дефолту показывать мероприятия в режиме ассистента
+            resp.set_cookie(
+                VIEW_MODE_COOKIE_NAME,
+                'as_assistant' if request.user.is_assistant_for_context(context) else 'as_user'
+            )
+        return resp
     except (Context.DoesNotExist, ValueError, TypeError):
         raise Http404
 
@@ -2582,7 +2625,7 @@ def switch_context(request):
 @method_decorator(login_required, name='dispatch')
 class LoadCsvDump(View):
     def get(self, request, **kwargs):
-        if not request.user.is_assistant:
+        if not request.user.has_assistant_role():
             raise PermissionDenied
         obj = get_object_or_404(CSVDump, id=kwargs['dump_id'], status=CSVDump.STATUS_COMPLETE)
         resp = FileResponse(default_storage.open(obj.csv_file.name))
@@ -2600,7 +2643,7 @@ def get_queryset(self):
         return self.model.objects.filter(owner=self.request.user).order_by('-datetime_ordered').select_related('owner')
 
     def get_context_data(self, *, object_list=None, **kwargs):
-        if not self.request.user.is_assistant:
+        if not self.request.user.has_assistant_role():
             raise PermissionDenied
         data = super().get_context_data(object_list=object_list, **kwargs)
         context_ids = {}
diff --git a/requirements.txt b/requirements.txt
index a0ac347..00db843 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,6 +28,7 @@ django-filter==2.1.0
 raven==6.10.0
 coreapi==2.3.3
 markdown==2.6.7
+casbin==0.3
 
 -e git+https://github.com/EduScaled/carrier-client@master#egg=carrier_client
 -e git+https://github.com/EduScaled/django-carrier-client@master#egg=django_carrier_client