CanCan questions

I've used Aegis in the past for role-based authorisation, but have seen a lot of talk about CanCan; so I thought I'd give it a go and have been fiddling with it over the last couple of days. It seems to have a slightly nicer DSL and simpler implementation for authorising CRUD operations, but I'm stumped at the moment for how to have arbitrary authorisations.

For instance; if I have some users that are allowed to give away free products, in Aegis I can have a permission method like this:

  permission :give_trials do |user|     # role checks here   end

but how do I do the same thing in CanCan? It wants me to pass in a Model, but for some checks there isn't a 1:1 mapping.

Secondly, Aegis is an extension to the User model, while CanCan extends the controller - so how can I test stuff in the console with CanCan?

Noone using CanCan day-to-day then? Ho hum... back to Aegis.