Cancan authentication with Rails

I have a complex scenario for authentication for it, i开发者_如何学运维 came up with this model structure.

see model structure

Can any one guide how to use cancan to embed authentication with this structure.

def initialize (user)
    user ||= User.new # Guest user
        user.roles.each do |role|
      role.permissions.each do |p|
        can :read, p.resource.class_name.to_s.classify.constantize do |subject|
          p.resource.class_name == subject.id and p.can_read
        end
        can :create, p.resource.class_name.to_s.classify.constantize do |subject|
          p.resource.class_name == subject.id and p.can_create
        end
        can :update, p.resource.class_name.to_s.classify.constantize do |subject|
          p.resource.class_name == subject.id and p.can_update
        end
        can :destroy, p.resource.class_name.to_s.classify.constantize do |subject|
          p.resource.class_name == subject.id and p.can_delete
        end
      end
    end
end

p.resource.class_name == subject.id and p.can_read
    end
    can :create, p.resource.class_name.to_s.classify.constantize do |subject|
      p.resource.class_name == subject.id and p.can_create
    end
    can :update, p.resource.class_name.to_s.classify.constantize do |subject|
      p.resource.class_name == subject.id and p.can_update