# File lib/declarative_authorization/authorization.rb, line 134
    def permit! (privilege, options = {})
      return true if Authorization.ignore_access_control
      options = {
        :object => nil,
        :skip_attribute_test => false,
        :context => nil
      }.merge(options)
      
      # Make sure we're handling all privileges as symbols.
      privilege = privilege.is_a?( Array ) ?
                  privilege.flatten.collect { |priv| priv.to_sym } :
                  privilege.to_sym
      
      #
      # If the object responds to :proxy_reflection, we're probably working with
      # an association proxy.  Use 'new' to leverage ActiveRecord's builder
      # functionality to obtain an object against which we can check permissions.
      #
      # Example: permit!( :edit, :object => user.posts )
      #
      if options[:object].respond_to?( :proxy_reflection ) && options[:object].respond_to?( :new )
        options[:object] = options[:object].new
      end
      
      options[:context] ||= options[:object] && (
        options[:object].class.respond_to?(:decl_auth_context) ?
            options[:object].class.decl_auth_context :
            options[:object].class.name.tableize.to_sym
      ) rescue NoMethodError
      
      user, roles, privileges = user_roles_privleges_from_options(privilege, options)

      return true if roles.is_a?(Array) and not (roles & @omnipotent_roles).empty?

      # find a authorization rule that matches for at least one of the roles and 
      # at least one of the given privileges
      attr_validator = AttributeValidator.new(self, user, options[:object], privilege, options[:context])
      rules = matching_auth_rules(roles, privileges, options[:context])
      if rules.empty?
        raise NotAuthorized, "No matching rules found for #{privilege} for #{user.inspect} " +
          "(roles #{roles.inspect}, privileges #{privileges.inspect}, " +
          "context #{options[:context].inspect})."
      end
      
      # Test each rule in turn to see whether any one of them is satisfied.
      unless rules.any? {|rule| rule.validate?(attr_validator, options[:skip_attribute_test])}
        raise AttributeAuthorizationError, "#{privilege} not allowed for #{user.inspect} on #{(options[:object] || options[:context]).inspect}."
      end
      true
    end