ruby script/plugin install http://ocher.one.pl/svn/ruby/acl_system2_ownership/

Example:

class UsersController < ApplicationController
  before_filter :login_required, :only => [:update_photo]
  before_filter :find_photo   # sets @photo
  owner '@photo.user'
  access_control :update_photo => '(admin | owner)'
end

Above example gives access to users with admin role and to the owner of the @photo object which is to be updated.

page_owner
----------

There is a second virtual role added by this plugin, called 'page_owner'. It also takes a string which returns user object as a parameter. It's sometimes handy to have an ability to set two various users which can have access to a page or some resources on page.
For example there are whiteboards, everybody can post new entries on them, and authors of that entries are owners. But whiteboard belongs to one specific user and he is the page_owner in that scenario, so:

owner '@author', :page_owner => '@user'
access_control :destroy => '(owner | page_owner)'

And now owner and page_owner have ability do delete whiteboard entries.

Various owners for different actions
------------------------------------

There is a possibility to define various owners for different actions:

owner '@album.user', {}, :new => '@user', :index => '@another_user', :create => '@user', :show => nil

Some actions don't have any owner, and then we can just set owners of such actions to be nil.

There is currently no advanced documentation for this plugin.