chrisbloom7 · August 6, 2025 18:53 · Aug 6, 2025 · Aug 6, 2025 · Aug 6, 2025
diff --git a/abilities_debug.rb b/abilities_debug.rb
@@ -1,10 +1,3 @@
-user = User.find(...)
-action = :some_action
-subject = SomeThing
-ability = Ability.new(user, ...)
-
-audit_ability(ability:, action:, subject:)
-
 def audit_ability(ability:, action:, subject:)
   begin
     ability.authorize!(action, subject)
@@ -25,4 +18,11 @@ def audit_ability(ability:, action:, subject:)
       puts "CanCanCan::AccessDenied: User does not have ability to #{exception.action} for #{exception.subject.inspect} for indeterminate reasons"
     end
   end
-end
+end
+
+user = User.find(...)
+action = :some_action
+subject = SomeThing
+ability = Ability.new(user, ...)
+
+audit_ability(ability:, action:, subject:)
diff --git a/abilities_debug.rb b/abilities_debug.rb
@@ -1,23 +1,28 @@
+user = User.find(...)
 action = :some_action
-subject = SomeThing.new(...)
+subject = SomeThing
+ability = Ability.new(user, ...)
 
-begin
-  ability.authorize!(action, subject)
-rescue CanCan::AccessDenied => exception
-  matching_rules = ability.send(:relevant_rules_for_match, exception.action, exception.subject)
-  failed_rules = matching_rules.reject do |rule|
-    rule.matches_conditions?(exception.action, exception.subject)
-  end
-
-  if matching_rules.any? && failed_rules.any?
-    describe_rules = failed_rules.map { |rule| { conditions: rule.conditions, block: rule.instance_variable_get(:@block) } }
+audit_ability(ability:, action:, subject:)
+
+def audit_ability(ability:, action:, subject:)
+  begin
+    ability.authorize!(action, subject)
+    puts "CanCanCan: User has ability to #{action} for #{subject.inspect}"
+  rescue CanCanCan::AccessDenied => exception
+    failed_rules = ability.send(:relevant_rules_for_match, exception.action, exception.subject).reject do |rule|
+      rule.matches_conditions?(exception.action, exception.subject)
+    end
 
-    puts "CanCanCan::AccessDenied: User has ability to #{exception.action} for\n"
-    pp exception.subject
-    puts "\nbut failed to satisfy conditions:\n\n- " \
-                        "#{describe_rules.join("\n- ")}"
-  else
-    puts "CanCanCan::AccessDenied: User does not have ability to #{exception.action} " \
-                        "#{exception.subject.inspect}"
+    if failed_rules.any?
+      puts "CanCanCan::AccessDenied: User does not have ability to #{exception.action} for #{exception.subject.inspect} due to the following conditions:\n"
+
+      failed_rules.map do |rule|
+        pp { conditions: rule.conditions, block: rule.instance_variable_get(:@block) }
+        puts ""
+      end
+    else
+      puts "CanCanCan::AccessDenied: User does not have ability to #{exception.action} for #{exception.subject.inspect} for indeterminate reasons"
+    end
   end
-end
+end
diff --git a/abilities_debug.rb b/abilities_debug.rb
@@ -0,0 +1,23 @@
+action = :some_action
+subject = SomeThing.new(...)
+
+begin
+  ability.authorize!(action, subject)
+rescue CanCan::AccessDenied => exception
+  matching_rules = ability.send(:relevant_rules_for_match, exception.action, exception.subject)
+  failed_rules = matching_rules.reject do |rule|
+    rule.matches_conditions?(exception.action, exception.subject)
+  end
+
+  if matching_rules.any? && failed_rules.any?
+    describe_rules = failed_rules.map { |rule| { conditions: rule.conditions, block: rule.instance_variable_get(:@block) } }
+
+    puts "CanCanCan::AccessDenied: User has ability to #{exception.action} for\n"
+    pp exception.subject
+    puts "\nbut failed to satisfy conditions:\n\n- " \
+                        "#{describe_rules.join("\n- ")}"
+  else
+    puts "CanCanCan::AccessDenied: User does not have ability to #{exception.action} " \
+                        "#{exception.subject.inspect}"
+  end
+end
No results found