Best authorization solution

Hi everyone

I have now spent a great deal of time investigating on my own so now I
will delegate the question to you. Which is the best solution for
adding authorization/access control to a rails app. My requirements
are:

* Must be group/role based. Structure:
  - A user habtm groups
  - A group habtm roles
  - A role is allowed/denied to do specific things on models/model
instances.

* Active development. The project should be alive.

Gold star features:

* Cached/efficient queries.
* Fine grained access control to specific features on an instance.
* Some way of grouping target objects, for example "the
fan_mail_reader role can read all mails that have the attribute
fan_mail == true. This can certainly be handled outside authorization
but would be handy.

I think the whole community could benefit from a little light shedding
on this area. There are many solutions out there, but many lack
important features or are very outdated. The closest one in features
in my opinion is ActiveACL but that is from 2005 and requires plugins
that I cannot find anymore.

I have great hopes that someone can help me and others that are in the
same situation.

Kindest regards

Erik Lindblad