STI parent access denied after adding cannot on child

[gryphon]

Steps to reproduce

We have the following STI inheritance: Toyota < Car

Setting the rules:

can :read, Car
cannot :read, Toyota

Checking the roles:

can? :read, Car # results to false

Expected behavior

can? :read, Car # should be true

Because we granted an access to all types of Car except Toyota

Actual behavior

can? :read, Car # results to false

System configuration

Rails version: 7.0.2

Ruby version: 3.0.3

CanCanCan version: 3.3.0

[ghost]

There is currently an open pull request: #689 which should fix this issue.

[gryphon]

Seems that this issue is not still fixed.
There is the test in repo but it works only for non-STI relation:

    it 'cannot rules are not effecting parent class' do
      u1 = User.create!(name: 'pippo')
      ability = Ability.new(u1)
      ability.can :manage, Parent
      ability.cannot :manage, Child
      expect(ability).not_to be_able_to(:index, Child)
      expect(ability).to be_able_to(:index, Parent)
    end

If we have Child inherited from Parent using STI, this would not pass.