# File lib/declarative_authorization/authorization.rb, line 376
    def obligations (attr_validator)
      exceptions = []
      obligations = @attributes.collect do |attr|
        begin
          attr.obligation(attr_validator)
        rescue NotAuthorized => e
          exceptions << e
          nil
        end
      end

      if exceptions.length > 0 and (@join_operator == :and or exceptions.length == @attributes.length)
        raise NotAuthorized, "Missing authorization in collecting obligations: #{exceptions.map(&:to_s) * ", "}"
      end

      if @join_operator == :and and !obligations.empty?
        # cross product of OR'ed obligations in arrays
        arrayed_obligations = obligations.map {|obligation| obligation.is_a?(Hash) ? [obligation] : obligation}
        merged_obligations = arrayed_obligations.first
        arrayed_obligations[1..-1].each do |inner_obligations|
          previous_merged_obligations = merged_obligations
          merged_obligations = inner_obligations.collect do |inner_obligation|
            previous_merged_obligations.collect do |merged_obligation|
              merged_obligation.deep_merge(inner_obligation)
            end
          end.flatten
        end
        obligations = merged_obligations
      else
        obligations = obligations.flatten.compact
      end
      obligations.empty? ? [{}] : obligations
    end