Notify developers of limitations in using load_resource with block `can` definitions

I just completed an enhancement request for our application to enable more fine-grained permissions on objects based on relationships defined between two resources. I had written a few unit tests to make sure the can? and cannot? methods were reporting the proper permissions, and the tests all passed fine. However, once we started doing whitebox testing on our staging server we noticed that suddenly no one could see any of these resources, even admins who have can :manage, :all permissions. I wrote another unit test which indicated that admins did indeed have permission to those objects, and then started poking around in the CanCan internals to see what was going on. After an hour or so I stumbled across the note in the wiki stating that the accessible_by method, which is used by load_resources, doesn't play well with block can definitions. When I used the accessible_by scope in the command line I saw the "CanCan::Error Exception: The accessible_by call cannot be used with a block 'can' definition." error being reported. But nothing appears to ever be reported when controllers use the load_resource before filter and instead the instance variables are just nil. It would be helpful if that exception was allowed to bubble up to the controller so developers could see that there was something that needed to be overwritten in the controller action. (I realize that a functional test could have helped me spot this earlier, but as stated in the CanCan wiki, "It can be difficult to thoroughly test user permissions at the functional/integration level because there are often many branching possibilities.") At the very least, perhaps just generate a warning to the log file.

ryanb / cancan

Notify developers of limitations in using load_resource with block `can` definitions #808