Rails - CanCan - accessible_by

Can anyone explain to me how CanCan'开发者_如何转开发s accessible_by works? How does it know what the relationship is between the user and the thing that needs restricting?

It checks the current user against a set of rules described in the abilities initializer which includes CanCan::Ability. When you call accessible_by it checks the rules specifed in the Ability class, and returns the records that the user has access to.
The gem's wiki is very good... here: defining abilities

There is a great railscast about CanCan (made by its creator):

http://railscasts.com/episodes/192-authorization-with-cancan