CanCan questions

I've used Aegis in the past for role-based authorisation, but have
seen a lot of talk about CanCan; so I thought I'd give it a go and
have been fiddling with it over the last couple of days. It seems to
have a slightly nicer DSL and simpler implementation for authorising
CRUD operations, but I'm stumped at the moment for how to have
arbitrary authorisations.

For instance; if I have some users that are allowed to give away free
products, in Aegis I can have a permission method like this:

  permission :give_trials do |user|
    # role checks here

but how do I do the same thing in CanCan? It wants me to pass in a
Model, but for some checks there isn't a 1:1 mapping.

Secondly, Aegis is an extension to the User model, while CanCan
extends the controller - so how can I test stuff in the console with

Noone using CanCan day-to-day then? Ho hum... back to Aegis.