I've found a very weird idiosyncrasy in the case that the Subject does not exist (checking for creation permissions is a good example of this).

Here's a rule pack:

def self.allowed(viewer, user)
    rules = []

    if viewer.is_admin?
        rules << :create_user
    end

    return rules unless user.instance_of?(User)

    # more rules here

    return rules
end

The above rule pack is IGNORED if used as written (declaration before the instance type check)

However, if I change the conditional statement to if viewer && viewer.is_admin? it works.

I have no idea WHY this occurs, but it is a very strange thing and it had me pulling my hair out trying to get this gem to work properly.