refactoring fully authorized check and catching bug

lib/cancan/ability.rb

@@ -220,14 +220,19 @@ module CanCan
       if cannot?(action, subject, *args)
         message ||= unauthorized_message(action, subject)
         raise AccessDenied.new(message, action, subject)
-      else
+      elsif sufficient_attribute_check?(action, subject, attribute) && sufficient_condition_check?(action, subject)
-        not_fully_authorized = false
+        fully_authorized!(action, subject)
-        not_fully_authorized = true if %w[create update].include?(action.to_s) && attribute.nil? && has_attributes?(action, subject)
-        not_fully_authorized = true if subject.kind_of?(Symbol) && has_instance_conditions?(action, subject)
-        fully_authorized!(action, subject) unless not_fully_authorized
       end
     end
 
+    def sufficient_attribute_check?(action, subject, attribute)
+      !(%w[create update].include?(action.to_s) && attribute.nil? && has_attributes?(action, subject))
+    end
+
+    def sufficient_condition_check?(action, subject)
+      !((subject.kind_of?(Symbol) || subject.kind_of?(String)) && has_instance_conditions?(action, subject))
+    end
+
     def unauthorized_message(action, subject)
       keys = unauthorized_message_keys(action, subject)
       variables = {:action => action.to_s}

spec/cancan/ability_spec.rb

@@ -259,6 +259,8 @@ describe CanCan::Ability do
     @ability.can :update, :ranges, :begin => 1
     @ability.authorize! :update, :ranges
     @ability.should_not be_fully_authorized(:update, :ranges)
+    @ability.authorize! "update", "ranges"
+    @ability.should_not be_fully_authorized(:update, :ranges)
   end
 
   it "is not fully authorized when a block exists but no instance is used" do