From 1fb2c0160c4f5042a9bfd33edc8f5f71b3768873 Mon Sep 17 00:00:00 2001
From: Ryan Bates <ryan@railscasts.com>
Date: Wed, 28 Sep 2011 14:48:26 -0700
Subject: [PATCH] ignore cannot clause with attributes when not checking for
 with attributes - closes #406

---
 lib/cancan/rule.rb          | 7 ++++++-
 spec/cancan/ability_spec.rb | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/cancan/rule.rb b/lib/cancan/rule.rb
index fb5a452..5382b4b 100644
--- a/lib/cancan/rule.rb
+++ b/lib/cancan/rule.rb
@@ -97,7 +97,12 @@ module CanCan
     end
 
     def matches_attribute?(attribute)
-      @attributes.nil? || attribute.nil? || @attributes.include?(attribute.to_sym)
+      # don't consider attributes in a cannot clause when not matching - this can probably be refactored
+      if !@base_behavior && @attributes && attribute.nil?
+        false
+      else
+        @attributes.nil? || attribute.nil? || @attributes.include?(attribute.to_sym)
+      end
     end
 
     # TODO deperecate this
diff --git a/spec/cancan/ability_spec.rb b/spec/cancan/ability_spec.rb
index f7818a3..3617865 100644
--- a/spec/cancan/ability_spec.rb
+++ b/spec/cancan/ability_spec.rb
@@ -345,6 +345,7 @@ describe CanCan::Ability do
     @ability.can?(:update, :books, :author).should be_false
   end
 
+
   # Hash Association
 
   it "checks permission through association when hash is passed as subject" do