- before_filter :authorize_web
- before_filter :require_user
- before_filter :lookup_this_user
- before_filter :require_administrator
- before_filter :require_valid_role
- before_filter :not_in_role, :only => [:grant]
- before_filter :in_role, :only => [:revoke]
- around_filter :setup_nonce