diff --git a/app/controllers/environment_admin/role_controller.rb b/app/controllers/environment_admin/role_controller.rb
index a69cd8c..ce17804 100644
--- a/app/controllers/environment_admin/role_controller.rb
+++ b/app/controllers/environment_admin/role_controller.rb
@@ -8,16 +8,16 @@ class RoleController < EnvironmentAdminController
   end
 
   def new
-    @role = Role.new(:name => '', :permissions => [])
+    @role = Role.new
   end
 
   def create
-    role = Role.new(params[:role])
-    if role.save
-      redirect_to :action => 'show', :id => role
+    @role = Role.new(params[:role])
+    if @role.save
+      redirect_to :action => 'show', :id => @role
     else
       flash[:notice] = _('Failed to create role')
-      redirect_to :action => 'index'
+      render :action => 'new'
     end
   end
 
@@ -26,9 +26,9 @@ class RoleController < EnvironmentAdminController
   end
 
   def update
-    role = Role.find(params[:id])
-    if role.update_attributes(params[:role])
-      redirect_to :action => 'show', :id => role
+    @role = Role.find(params[:id])
+    if @role.update_attributes(params[:role])
+      redirect_to :action => 'show', :id => @role
     else
       flash[:notice] = _('Failed to edit role')
       render :action => 'edit'
@@ -36,8 +36,8 @@ class RoleController < EnvironmentAdminController
   end
 
   def destroy
-    role = Role.find(params[:id])
-    if role.destroy
+    @role = Role.find(params[:id])
+    if @role.destroy
       redirect_to :action => 'index'
     else
       flash[:notice] = _('Failed to edit role')
diff --git a/app/models/role.rb b/app/models/role.rb
index 370e4b5..08e3e32 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -10,20 +10,28 @@ class Role < ActiveRecord::Base
     }
   }
 
+  PERMISSIONS_LIST = PERMISSIONS.values.map{|h| h.keys }.flatten
+
   def self.permission_name(p)
     msgid = PERMISSIONS.values.inject({}){|s,v| s.merge(v)}[p]
     gettext(msgid)
   end
-  
-  has_many :role_assignments
 
+  has_many :role_assignments
   serialize :permissions, Array
-  
+  validates_uniqueness_of :name
+
+  def validate
+    unless (permissions - PERMISSIONS_LIST).empty?
+      errors.add :permissons, 'non existent permission'
+    end
+  end
+ 
   def initialize(*args)
     super(*args)
-    permissions = []
+    self[:permissions] ||= []
   end
-  
+
   def has_permission?(perm)
     permissions.include?(perm)
   end
diff --git a/app/views/role/show.rhtml b/app/views/role/show.rhtml
index e86632a..3001cc6 100644
--- a/app/views/role/show.rhtml
+++ b/app/views/role/show.rhtml
@@ -1,6 +1,4 @@
 <h1> <%= _(@role.name)  %></h1>
-
-
 <ul>
   <% @role.permissions.each do |p| %>
     <li> <%= Role.permission_name(p) %> </li> 
diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml
index d18e60e..1ed06d3 100644
--- a/test/fixtures/roles.yml
+++ b/test/fixtures/roles.yml
@@ -2,6 +2,8 @@
 one:
   id: 1
   name: 'member'
+  permissions: <%= [].to_yaml %>
 two:
   id: 2
   name: 'owner'
+  permissions: <%= [].to_yaml %>
diff --git a/test/functional/role_controller_test.rb b/test/functional/role_controller_test.rb
index b79b515..60270c6 100644
--- a/test/functional/role_controller_test.rb
+++ b/test/functional/role_controller_test.rb
@@ -10,9 +10,61 @@ class RoleControllerTest < Test::Unit::TestCase
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
   end
+  all_fixtures
 
-  # Replace this with your real tests.
-  def test_truth
-    assert true
+  def test_index_should_get_roles
+    get 'index'
+    assert assigns(:roles)
+  end
+
+  def test_show_should_fetch_role
+    get 'show', :id => 1
+    assert assigns(:role)
+    assert_equal 1, assigns(:role).id 
+  end
+
+  def test_should_create_with_valid_paramters
+    Role.any_instance.stubs(:valid?).returns(true)
+    post 'create'
+    assert !assigns(:role).new_record?
+    assert_nil flash[:notice]
+    assert_response :redirect
+  end
+  
+  def test_should_not_create_with_invalid_paramters
+    Role.any_instance.stubs(:valid?).returns(false)
+    post 'create'
+    assert assigns(:role).new_record?
+    assert_not_nil flash[:notice]
+    assert_response :success
+  end
+
+  def test_can_edit
+    get 'edit', :id => 1
+    assert_not_nil assigns(:role)
+    assert_equal 1, assigns(:role).id 
+  end
+
+  def test_should_update_to_valid_parameters
+    Role.any_instance.stubs(:valid?).returns(true)
+    post 'update', :id => 1
+    assert_not_nil assigns(:role)
+    assert_nil flash[:notice]
+    assert_response :redirect
+  end
+  
+  def test_should_not_update_to_invalid_paramters
+    Role.any_instance.stubs(:valid?).returns(false)
+    post 'update', :id => 1
+    assert_not_nil assigns(:role)
+    assert_not_nil flash[:notice]
+    assert_response :success
+  end
+
+  def test_should_destroy
+    assert_difference Role, :count, -1 do
+      post 'destroy', :id => 1
+      assert_not_nil assigns(:role)
+    end
   end
 end
diff --git a/test/unit/role_assignment_test.rb b/test/unit/role_assignment_test.rb
index ea1da5e..584f324 100644
--- a/test/unit/role_assignment_test.rb
+++ b/test/unit/role_assignment_test.rb
@@ -1,10 +1,21 @@
 require File.dirname(__FILE__) + '/../test_helper'
 
 class RoleAssignmentTest < Test::Unit::TestCase
-  fixtures :role_assignments
+  all_fixtures
+  
+  def test_has_generic_permission
+    role = Role.create(:name => 'new_role', :permissions => ['permission'])
+    ra = RoleAssignment.create(:role => role)
+    assert ra.has_permission?('permission', nil)
+    assert !ra.has_permission?('not_permitted', nil)
+  end
 
-  # Replace this with your real tests.
-  def test_truth
-    assert true
+  def test_has_specific_permission
+    role = Role.create(:name => 'new_role', :permissions => ['permission'])
+    resource_A = Profile.create(:identifier => 'resource_a', :name => 'Resource A')
+    resource_B = Profile.create(:identifier => 'resource_b', :name => 'Resource B')
+    ra = RoleAssignment.create(:role => role, :resource => resource_A)
+    assert ra.has_permission?('permission', resource_A)
+    assert !ra.has_permission?('permission', resource_B)
   end
 end
diff --git a/test/unit/role_test.rb b/test/unit/role_test.rb
index 05d6652..defda7e 100644
--- a/test/unit/role_test.rb
+++ b/test/unit/role_test.rb
@@ -1,10 +1,38 @@
 require File.dirname(__FILE__) + '/../test_helper'
 
 class RoleTest < Test::Unit::TestCase
-  fixtures :roles
+  all_fixtures
 
-  # Replace this with your real tests.
-  def test_truth
-    assert true
+  def test_role_creation
+    assert_difference Role, :count do
+      role = Role.new(:name => 'new_role')
+      assert role.save
+    end
+  end
+  
+  def test_uniqueness_of_name
+    Role.create(:name => 'role_name')
+    role = Role.new(:name => 'role_name')
+    assert ! role.save    
+  end
+
+  def test_name_of_permission
+    assert_equal 'Edit profile', Role.permission_name('edit_profile')
+  end
+
+  def test_permission_setting
+    role = Role.new(:name => 'permissive_role', :permissions => ['edit_profile'])
+    assert role.save
+    assert role.has_permission?('edit_profile')
+    role.permissions << 'post_content'
+    assert role.save
+    assert role.has_permission?('post_content')
+    assert role.has_permission?('edit_profile')
+  end
+
+  def test_permission_existece
+    role = Role.new(:name => 'role_with_non_existent_permission')
+    role.permissions << 'non_existent_permission'
+    assert ! role.save
   end
 end
--
libgit2 0.21.2