It would be super cool if there was a way to get a list of all permissions.
Because right now when you get a permission denied Exception somewhere it is sometimes quite hard to figure out what went wrong.
That would be most helpful in the Exception itself, ala:
Permission denied. You have the following permissions on the current object (class Event):
And maybe a list of all permissions for all roles somewhere, like rake list_permissions or so.
In the same light, it would also be nice if the readme included an overview of how compound rights are computed, and if rules are auto-inclusive or -exclusive.
What I mean is, if I have a a resource messages and do a
action :index do allow :admin end
Without any other rules does that mean that only admins are allow to list messages, and everyone else is not?
Or does that mean that everyone else is also, since I haven't defined a rule for them, and if I wanted to deny them I'd have to do a
action :index do deny :user, :moderator end
Furthermore, if I have multiple rules for one action for the same role, like I have a role 'writing; that allows users to write their own messages, but don't want them to be able to list all messages, how is that computed?
It seems to me, that I need to define the more restrictive rule first, and then the more general one, since earlier rules get amended by later more general rules, but overwritten by more specific ones.
Is that correct?