diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 1573abb..eb7d608 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base
 
   # Be sure to include AuthenticationSystem in Application Controller instead
   include AuthenticatedSystem
-  extend PermissionCheck
+  include PermissionCheck
   init_gettext 'noosfero'
 
   include NeedsProfile
@@ -42,11 +42,19 @@ class ApplicationController < ActionController::Base
 
   def render_not_found(path)
     @path = path
-    render :file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'not_found.rhtml'), :layout => 'not_found', :status => 404
+    render(:file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'not_found.rhtml'), :layout => 'not_found', :status => 404) && false
   end
 
   def load_admin_controller
     # TODO: check access control
   end
 
+  def load_profile
+    @profile = Profile.find_by_identifier(params[:profile])
+  end
+
+  def user
+    current_user.person if logged_in?
+  end
+
 end
diff --git a/app/controllers/environment_admin/admin_panel_controller.rb b/app/controllers/environment_admin/admin_panel_controller.rb
index 665c19c..fbff437 100644
--- a/app/controllers/environment_admin/admin_panel_controller.rb
+++ b/app/controllers/environment_admin/admin_panel_controller.rb
@@ -1,6 +1,6 @@
 class AdminPanelController < EnvironmentAdminController
 
-  protect [:index], 'view_environment_admin_panel', :environment
+  protect 'view_environment_admin_panel', :environment
 
   #FIXME This is not necessary because the application controller define the envrioment 
   # as the default holder
@@ -8,8 +8,9 @@ class AdminPanelController < EnvironmentAdminController
 
   design :holder => 'environment'
 
+  protected
+
   def load_default_enviroment
     @environment = Environment.default
   end
-
 end
diff --git a/app/controllers/environment_admin/categories_controller.rb b/app/controllers/environment_admin/categories_controller.rb
index 2167670..544acaa 100644
--- a/app/controllers/environment_admin/categories_controller.rb
+++ b/app/controllers/environment_admin/categories_controller.rb
@@ -1,6 +1,6 @@
 class CategoriesController < EnvironmentAdminController
 
-  protect [:index, :new, :edit, :remove], 'manage_environment_categories', :environment
+  protect 'manage_environment_categories', :environment
   
   helper :categories
 
diff --git a/app/controllers/environment_admin/environment_role_manager_controller.rb b/app/controllers/environment_admin/environment_role_manager_controller.rb
index a84d065..160c82d 100644
--- a/app/controllers/environment_admin/environment_role_manager_controller.rb
+++ b/app/controllers/environment_admin/environment_role_manager_controller.rb
@@ -1,5 +1,5 @@
 class EnvironmentRoleManagerController < ApplicationController
-  protect [:index, :change_roles, :update_roles, :change_role, :add_role, :remove_role, :unassociate, :make_admin], 'manage_environment_roles', :environment
+  protect 'manage_environment_roles', :environment
   
   def index
     @admins = Person.find(:all, :conditions => ['role_assignments.resource_type = ?', 'Environment'], :include => :role_assignments )
diff --git a/app/controllers/environment_admin/features_controller.rb b/app/controllers/environment_admin/features_controller.rb
index 254082a..174a916 100644
--- a/app/controllers/environment_admin/features_controller.rb
+++ b/app/controllers/environment_admin/features_controller.rb
@@ -1,5 +1,5 @@
 class FeaturesController < EnvironmentAdminController
-  protect [:index, :update], 'edit_environment_features', :environment
+  protect 'edit_environment_features', :environment
   
   acts_as_environment_admin_controller
 
diff --git a/app/controllers/environment_admin/region_validators_controller.rb b/app/controllers/environment_admin/region_validators_controller.rb
index ab43fd7..a95d441 100644
--- a/app/controllers/environment_admin/region_validators_controller.rb
+++ b/app/controllers/environment_admin/region_validators_controller.rb
@@ -2,7 +2,7 @@ class RegionValidatorsController < ApplicationController
 
   before_filter :load_region_and_search, :except => 'index'
 
-#  protect [:index, :region, :search, :add, :remove], 'manage_environment_validators', :environment
+#  protect 'manage_environment_validators', :environment
 
   def index
     @regions = Region.top_level_for(environment)
diff --git a/app/controllers/environment_admin/role_controller.rb b/app/controllers/environment_admin/role_controller.rb
index ac7b09f..277e638 100644
--- a/app/controllers/environment_admin/role_controller.rb
+++ b/app/controllers/environment_admin/role_controller.rb
@@ -1,5 +1,5 @@
 class RoleController < EnvironmentAdminController
-  protect [:index, :show, :new, :create, :edit, :update, :destroy], 'manage_environment_roles', :environment
+  protect 'manage_environment_roles', :environment
 
   def index
     @roles = Role.find(:all)
diff --git a/app/controllers/profile_admin/cms_controller.rb b/app/controllers/profile_admin/cms_controller.rb
index dee7bcc..7cabe4d 100644
--- a/app/controllers/profile_admin/cms_controller.rb
+++ b/app/controllers/profile_admin/cms_controller.rb
@@ -1,11 +1,11 @@
 class CmsController < Comatose::AdminController
-  extend PermissionCheck
+  include PermissionCheck
   
   
   
   define_option :page_class, Article
   
-  protect [:edit, :new, :reorder, :delete], 'post_content', :profile
+  protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete]
 
   protected
 
diff --git a/app/controllers/profile_admin/enterprise_editor_controller.rb b/app/controllers/profile_admin/enterprise_editor_controller.rb
index 4f4342e..f8ee2fa 100644
--- a/app/controllers/profile_admin/enterprise_editor_controller.rb
+++ b/app/controllers/profile_admin/enterprise_editor_controller.rb
@@ -1,15 +1,12 @@
 class EnterpriseEditorController < ProfileAdminController
+  needs_profile
+  protect 'edit_profile', :profile, :exept => :destroy
+  protect 'destroy_profile', :profile, :only => :destroy
   
-  before_filter :login_required, :check_enterprise
-
-  protect [:edit, :update], 'edit_profile', :profile
-  protect [:destroy], 'destroy_profile', :profile
-
-  
+  before_filter :check_enterprise
 
   # Show details about an enterprise  
   def index
-    @enterprise = @profile
   end
 
   # Provides an interface to editing the enterprise details
@@ -30,7 +27,7 @@ class EnterpriseEditorController < ProfileAdminController
   
   # Elimitates the enterprise of the system
   def destroy 
-    raise "bli"
+    #raise "bli"
     if @enterprise.destroy!
       flash[:notice] = _('Enterprise sucessfully erased from the system')
       redirect_to :controller => 'profile_editor', :action => 'index', :profile => current_user.login 
@@ -41,7 +38,7 @@ class EnterpriseEditorController < ProfileAdminController
 
   # Activate a validated enterprise
   def activate
-    if @enterprise.activate
+    if @enterprise.activatepermission.nil?
       flash[:notice] = _('Enterprise successfuly activacted')
     else
       flash[:notice] = _('Failed to activate the enterprise')
@@ -51,8 +48,17 @@ class EnterpriseEditorController < ProfileAdminController
 
   protected
 
+  def permission
+     'bli'
+  end
+  def permission=(perm)
+    @p = perm
+  end
   def check_enterprise
-    redirect_to :controller => 'profile_editor', :profile => current_user.login unless @profile.is_a?(Enterprise)
-    @enterprise = @profile
+    if profile.is_a?(Enterprise)
+      @enterprise = profile
+    else 
+      redirect_to :controller => 'account'  #:controller => 'profile_editor', :profile => current_user.login and return
+    end
   end
 end
diff --git a/app/controllers/profile_admin/membership_editor_controller.rb b/app/controllers/profile_admin/membership_editor_controller.rb
index dbb3ad3..da527b4 100644
--- a/app/controllers/profile_admin/membership_editor_controller.rb
+++ b/app/controllers/profile_admin/membership_editor_controller.rb
@@ -2,9 +2,11 @@ class MembershipEditorController < ProfileAdminController
 
   before_filter :login_required
 
-   
- 
-  protect [:index, :new_enterprise, :create_enterprise ], 'edit_profile', :profile
+  def target
+    environment
+  end
+
+  protect 'edit_profile', :profile, :only => [:index, :new_enterprise, :create_enterprise ]
 
   def index
     @memberships = current_user.person.enterprise_memberships
diff --git a/app/controllers/profile_admin/profile_editor_controller.rb b/app/controllers/profile_admin/profile_editor_controller.rb
index 6bf5be1..bf4d02c 100644
--- a/app/controllers/profile_admin/profile_editor_controller.rb
+++ b/app/controllers/profile_admin/profile_editor_controller.rb
@@ -1,6 +1,6 @@
 class ProfileEditorController < ProfileAdminController
 
-  #protect [:index, :edit], 'edit_profile', :profile
+  #protect 'edit_profile', :profile, only => [:index, :edit]
 
   helper :profile
   
@@ -12,7 +12,7 @@ class ProfileEditorController < ProfileAdminController
    def block_types
     %w[
        FavouriteLinks
-     ]
+      ]
    end
 
 # FIXME Put other Blocks to works
diff --git a/app/controllers/profile_admin/profile_members_controller.rb b/app/controllers/profile_admin/profile_members_controller.rb
index 287d26f..61b5574 100644
--- a/app/controllers/profile_admin/profile_members_controller.rb
+++ b/app/controllers/profile_admin/profile_members_controller.rb
@@ -1,6 +1,6 @@
 class ProfileMembersController < ProfileAdminController
 
-  protect [:index, :change_roles, :update_roles, :change_role, :add_role, :remove_role, :unassociate], 'manage_memberships', :profile
+  protect 'manage_memberships', :profile
 
   def index
     @members = profile.people.uniq
diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb
index ad097c3..3662bd7 100644
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -4,10 +4,6 @@ class AccountController < PublicController
 
   design :holder => 'environment'
 
-  def load_default_environment
-    @environment = Environment.default
-  end
-
   # say something nice, you goof!  something sweet.
   def index
     unless logged_in?
@@ -127,5 +123,7 @@ class AccountController < PublicController
     @profile = current_user.person
   end
 
-
+  def load_default_environment
+    @environment = Environment.default
+  end
 end
diff --git a/app/models/environment.rb b/app/models/environment.rb
index c7da88e..281fe51 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -11,7 +11,7 @@ class Environment < ActiveRecord::Base
     'manage_environment_roles' => N_('Manage environment roles'),
     'manage_environment_validators' => N_('Manage environment validators'),
   }
- 
+
   # returns the available features for a Environment, in the form of a
   # hash, with pairs in the form <tt>'feature_name' => 'Feature name'</tt>.
   def self.available_features
diff --git a/app/views/enterprise_editor/index.rhtml b/app/views/enterprise_editor/index.rhtml
index a492a91..1fc4957 100644
--- a/app/views/enterprise_editor/index.rhtml
+++ b/app/views/enterprise_editor/index.rhtml
@@ -1,23 +1,23 @@
-<h3> <%= @profile.name %> </h3>
+<h3> <%= @enterprise.name %> </h3>
 
 <%= error_messages_for 'profile' %>
 
-<p> <%= _('Identifier: ') %> <%= @profile.identifier %> </p>
-<p> <%= _('Address: ') %> <%= @profile.address %> </p>
-<p> <%= _('Contact phone: ') %> <%= @profile.contact_phone %> </p>
-<p> <%= _('Contact person: ') %> <%= @profile.organization_info.contact_person %> </p>
-<p> <%= _('Acronym: ') %> <%= @profile.organization_info.acronym %> </p>
-<p> <%= _('Foundation year: ') %> <%= @profile.organization_info.foundation_year %> </p>
-<p> <%= _('Legal Form: ') %> <%= @profile.organization_info.legal_form %> </p>
-<p> <%= _('Economic activity: ') %> <%= @profile.organization_info.economic_activity %> </p>
-<p> <%= _('Management infomation: ') %> <%= @profile.organization_info.management_information %> </p>
-<p> <%= _('Tags:') %> <%= @profile.tag_list %> </p>
+<p> <%= _('Identifier: ') %> <%= @enterprise.identifier %> </p>
+<p> <%= _('Address: ') %> <%= @enterprise.address %> </p>
+<p> <%= _('Contact phone: ') %> <%= @enterprise.contact_phone %> </p>
+<p> <%= _('Contact person: ') %> <%= @enterprise.organization_info.contact_person %> </p>
+<p> <%= _('Acronym: ') %> <%= @enterprise.organization_info.acronym %> </p>
+<p> <%= _('Foundation year: ') %> <%= @enterprise.organization_info.foundation_year %> </p>
+<p> <%= _('Legal Form: ') %> <%= @enterprise.organization_info.legal_form %> </p>
+<p> <%= _('Economic activity: ') %> <%= @enterprise.organization_info.economic_activity %> </p>
+<p> <%= _('Management infomation: ') %> <%= @enterprise.organization_info.management_information %> </p>
+<p> <%= _('Tags:') %> <%= @enterprise.tag_list %> </p>
 
-<%= link_to _('Edit enterprise'), :action => 'edit', :id => @profile %>
+<%= link_to _('Edit enterprise'), :action => 'edit', :id => @enterprise %>
 <%= help _('Change the information about the enterprise') %>
-<%= link_to _('Delete enterprise'), :action => 'destroy', :id => @profile %>
+<%= link_to _('Delete enterprise'), :action => 'destroy', :id => @enterprise %>
 <%= help _('Remove the enterprise from the system') %>
-<%= link_to _('Activate'), :action => 'activate', :id => @profile unless @profile.active? %>
-<%= help _('Activate an approved enterprise') unless @profile.active? %>
+<%= link_to _('Activate'), :action => 'activate', :id => @enterprise unless @enterprise.active? %>
+<%= help _('Activate an approved enterprise') unless @enterprise.active? %>
 
 <%= link_to _('Back'), :controller => :profile_editor %>
diff --git a/db/migrate/013_access_control_migration.rb b/db/migrate/013_access_control_migration.rb
index 543fc08..26058ec 100644
--- a/db/migrate/013_access_control_migration.rb
+++ b/db/migrate/013_access_control_migration.rb
@@ -11,6 +11,7 @@ class AccessControlMigration < ActiveRecord::Migration
       t.column :resource_id,   :integer
       t.column :resource_type, :string
       t.column :role_id,       :integer
+      t.column :is_global,     :boolean
     end
   end
 
diff --git a/test/functional/admin_panel_controller_test.rb b/test/functional/admin_panel_controller_test.rb
index c960a56..224975d 100644
--- a/test/functional/admin_panel_controller_test.rb
+++ b/test/functional/admin_panel_controller_test.rb
@@ -11,7 +11,7 @@ class AdminPanelControllerTest < Test::Unit::TestCase
     @controller = AdminPanelController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-    login_as(:ze)
+    login_as(create_admin_user(Environment.default))
   end
 
   def test_index
@@ -21,5 +21,6 @@ class AdminPanelControllerTest < Test::Unit::TestCase
     assert_tag :tag => 'a', :attributes => { :href => /edit_template/ }
     assert_tag :tag => 'a', :attributes => { :href => /features/ }
     assert_tag :tag => 'a', :attributes => { :href => /role/ }
+    assert_tag :tag => 'a', :attributes => { :href => /region_validators/ }
   end
 end
diff --git a/test/functional/application_controller_test.rb b/test/functional/application_controller_test.rb
index bf8f887..7d7c31d 100644
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -5,8 +5,6 @@ require 'test_controller'
 class TestController; def rescue_action(e) raise e end; end
 
 class ApplicationControllerTest < Test::Unit::TestCase
-
-#  all_fixtures:profiles, :environments, :domains, :design_boxes
   all_fixtures
   def setup
     @controller = TestController.new
diff --git a/test/functional/enterprise_editor_controller_test.rb b/test/functional/enterprise_editor_controller_test.rb
index 0dfbf5f..ebbf365 100644
--- a/test/functional/enterprise_editor_controller_test.rb
+++ b/test/functional/enterprise_editor_controller_test.rb
@@ -11,8 +11,39 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase
     @response   = ActionController::TestResponse.new
   end
 
-  # Replace this with your real tests.
-  def test_truth
-    assert true
+  should 'not see index if do not logged in' do
+    ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enteprise')
+    get 'index', :profile => 'test_enterprise'
+
+    assert_response :success
+    assert_template 'access_denied.rhtml'
+  end
+
+  should 'not see index if do not have permission to edit profile' do
+    user = create_user('test_user')
+    ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enteprise')
+    login_as :test_user
+
+    get 'index', :profile => 'test_enterprise'
+
+    assert_response :success
+    assert @controller.send(:profile)
+    assert_equal ent.identifier, @controller.send(:profile).identifier
+    assert_template 'access_denied.rhtml'
+  end
+
+  should 'see index if have permission' do
+    user = create_user('test_user').person
+    ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enterprise')
+    role = Role.create!(:name => 'test_role', :permissions => ['edit_profile'])
+    assert user.add_role(role, ent)
+    assert user.has_permission?('edit_profile', ent)
+    login_as :test_user
+
+    get 'index', :profile => 'test_enterprise'
+
+    assert_response :success
+    assert @controller.send(:profile)
+    assert_template 'index'
   end
 end
--
libgit2 0.21.2