# File lib/declarative_authorization/development_support/change_supporter.rb, line 314
        def self.specific_actions (candidate)
          privilege = AnalyzerEngine::Privilege.for_sym(
              candidate.failed_tests.first.privilege, candidate.engine)
          context = candidate.failed_tests.first.context
          user = candidate.failed_tests.first.user
          ([privilege] + privilege.ancestors).collect do |ancestor_privilege|
            user.role_symbols.collect {|role_sym| AnalyzerEngine::Role.for_sym(role_sym, candidate.engine) }.
                collect {|role| [role] + role.ancestors}.flatten.uniq.collect do |role|
              # apply checks later if privilege is already present in that role
              new(ancestor_privilege.to_sym, context, role.to_sym)
            end
          end.flatten
        end