def has_permission_on (*args, &block)
options = args.extract_options!
context = args.flatten
raise DSLError, "has_permission_on only allowed in role blocks" if @current_role.nil?
options = {:to => [], :join_by => :or}.merge(options)
privs = options[:to]
privs = [privs] unless privs.is_a?(Array)
raise DSLError, "has_permission_on either needs a block or :to option" if !block_given? and privs.empty?
file, line = file_and_line_number_from_call_stack
rule = AuthorizationRule.new(@current_role, privs, context, options[:join_by],
:source_file => file, :source_line => line)
@auth_rules << rule
if block_given?
@current_rule = rule
yield
raise DSLError, "has_permission_on block content specifies no privileges" if rule.privileges.empty?
@current_rule = nil
end
end