# File lib/declarative_authorization/reader.rb, line 277
      def has_permission_on (*args, &block)
        options = args.extract_options!
        context = args.flatten
        
        raise DSLError, "has_permission_on only allowed in role blocks" if @current_role.nil?
        options = {:to => [], :join_by => :or}.merge(options)
        
        privs = options[:to] 
        privs = [privs] unless privs.is_a?(Array)
        raise DSLError, "has_permission_on either needs a block or :to option" if !block_given? and privs.empty?

        file, line = file_and_line_number_from_call_stack
        rule = AuthorizationRule.new(@current_role, privs, context, options[:join_by],
                   :source_file => file, :source_line => line)
        @auth_rules << rule
        if block_given?
          @current_rule = rule
          yield
          raise DSLError, "has_permission_on block content specifies no privileges" if rule.privileges.empty?
          # TODO ensure?
          @current_rule = nil
        end
      end