When using CanCan, how can I specify permissions for all subclasses of a given class?

In my model, I have a fair number of subclasses of the model Item. I would like to be able to specify that for a given role, their permissions for Item apply to all of the subclasses of Item without listing them explicitly; if I add new Item subclasses I don't want to have to remember to update permissions. How can I achieve this?

For example, this permission

if user.role? :customer_service
   can :read, Item
end

does not allow a customer service rep to read开发者_如何学JAVA details of a Cabinet, where Cabinet < Item.

I think you could do this by sending a block to the can declaration. Perhaps like this:

if user.role? :cutomer_service
  can do |action, subject_class, subject|
    # Checks if action is :read and if subject_class is a subclass of Item
    action == :read && subject_class < Item
  end
end

I have not tested this, but I think it should work.