Index: lib/authorization.rb
===================================================================
--- lib/authorization.rb	(revision 2834)
+++ lib/authorization.rb	(working copy)
@@ -322,7 +322,7 @@
     #
     # this is required to get "policy_id" for policy-based aurhorized objects (like workflows / blobs / packs / contributions)
     # and to get objects themself for other object types (networks, experiments, jobs, tavernaenactors, runners)
-    if (thing_contribution.nil? && ["Workflow", "Blog", "Blob", "Pack", "Ontology", "Contribution"].include?(thing_type)) || 
+    if (thing_contribution.nil? && (Conf.contributable_models + ["Ontology", "Contribution"]).include?(thing_type)) ||
        (thing_instance.nil? && ["Network", "Comment", "Bookmark", "Experiment", "Job", "TavernaEnactor", "Runner", "Picture", "ClientApplication", "Predicate", "Relationship"].include?(thing_type))
       
       found_thing = find_thing(thing_type, thing_id)
@@ -332,7 +332,7 @@
         logger.error("UNEXPECTED ERROR - Couldn't find object to be authorized:(#{thing_type}, #{thing_id}); action: #{action_name}; user: #{user_id}")
         return false
       else
-        if ["Workflow", "Blog", "Blob", "Pack", "Contribution"].include?(thing_type)
+        if Conf.contributable_models.include?(thing_type)
           # "contribution" are only found for these three types of object (and the contributions themself),
           # for all the rest - use instances
           thing_contribution = found_thing
@@ -348,7 +348,7 @@
     is_authorized = false
     
     case thing_type
-      when "Workflow", "Blog", "Blob", "Pack", "Contribution"
+      when "Contribution", *Conf.contributable_models
         unless user_id.nil?
           # access is authorized and no further checks required in two cases:
           # ** user is the owner of the "thing"
@@ -628,7 +628,7 @@
     
     begin
       case thing_type
-        when "Workflow", "Blog", "Blob", "Pack"
+        when *Conf.contributable_models
           # "find_by_sql" works faster itself PLUS only a subset of all fields is selected;
           # this is the most frequent query to be executed, hence needs to be optimised
           found_instance = Contribution.find_by_sql "SELECT contributor_id, contributor_type, policy_id FROM contributions WHERE contributable_id=#{thing_id} AND contributable_type='#{thing_type}'"