Authorization in Rails 3 dependent on variables (not only user and current resource)

I used cancan and I know about declarative authorization, but, it seems, they doesn't give an opportunity for roles to depend on custom variables.

Models:

• Domains (blah.qwe.com, wer.qwe.com, ert.qwe.com) - I need them in one DB and application.

• Users (can have several roles)

• Roles (each role works only in it's domain; abilities are editable)

• ...

For开发者_运维百科 example, I have a user, he's an owner of blah.qwe.com domain, but he's simple user in wer.qwe.ru and in ert.qwe.com he's banned and can do nothing at all.

@current_domain is loaded in the before_filter (by the current_domain method) in application controller and current_user is loaded by devise. What's the solution to make authorization dependent on currently requested resource (like in cancan), current_user and current_domain (and maybe with other before_filter loaded variables)? Is there a solution in cancan or I should modify it or write my own custom authorization system?

Did you check this? You can include whatever you want from the request in the ability calculation.