I used cancan and I know about declarative authorization, but, it seems, they doesn't give an opportunity for roles to depend on custom variables.
Models:
Domains (blah.qwe.com, wer.qwe.com, ert.qwe.com) - I need them in one DB and application.
Users (can have several roles)
Roles (each role works only in it's domain; abilities are editable)
...
For example, I have a user, he's an owner of blah.qwe.com domain, but he's simple user in wer.qwe.ru and in ert.qwe.com he's banned and can do nothing at all.
@current_domain is loaded in the before_filter (by the current_domain method) in application controller and current_user is loaded by devise. What's the solution to make authorization dependent on currently requested resource (like in cancan), current_user and current_domain (and maybe with other before_filter loaded variables)? Is there a solution in cancan or I should modify it or write my own custom authorization system?
