Foreman's permission system infers the aclable routing paths from the model/resource type name. For example in https://github.com/Katello/katello/blob/roles/app/policies/katello/permissions/sync_plan_permissions.rb#L9 for sync plan permissions, the route to be acl'ed when "view_sync_plans" permission is selected is determined from doing some magic and translating the resource type name Katello::SyncPlan => Katello.find(sync_plans_path). The issue occurs when model name does not exactly correspond to the paths. Take the example of some permission policy that looks like
permission :view_lifecycle_environments, {
'katello/api/v2/environments' => [:index, :show]
},
:resource_type => 'Katello::KTEnvironment'

Now the Katello::KTEnvironment gets translated to -> Katello.find(kt_environments_path) .. Unfortunately such a path does not exist, since in Katello even though we have a model named as KTEnvironment, the routing and the controllers all point to "environments_path". Katello.find(environments_path)'

We need a way in the foreman permissions system to set this up.