diff --git a/app/controllers/application.rb b/app/controllers/application.rb
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -5,6 +5,18 @@
   # Pick a unique cookie name to distinguish our session data from others'
   session :session_key => '_grader_session_id'
 
+  SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
+
+  def authorization_by_roles(allowed_roles)
+    return false unless authenticate
+    user = User.find(session[:user_id])
+    unless user.roles.detect { |role| allowed_roles.member?(role.name) }
+      flash[:notice] = 'You are not authorized to view the page you requested'
+      redirect_to :controller => 'main', :action => 'login'
+      return false
+    end
+  end
+
   protected
   def authenticate
     unless session[:user_id]
@@ -13,7 +25,7 @@
     end
 
     # check if run in single user mode
-    if defined?(SINGLE_USER_MODE) and (SINGLE_USER_MODE)
+    if (Configuration[SINGLE_USER_MODE_CONF_KEY])
       user = User.find(session[:user_id])
       if user==nil or user.login != 'root'
         redirect_to :controller => 'main', :action => 'login'
@@ -30,7 +42,7 @@
     unless user.roles.detect { |role|
 	role.rights.detect{ |right|
 	  right.controller == self.class.controller_name and
-	    (right.action == 'all' or right.action == action_name)
+          (right.action == 'all' or right.action == action_name)
 	}
       }
       flash[:notice] = 'You are not authorized to view the page you requested'