diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index fa98ee3..dde8413 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,11 +1,12 @@
 class UsersController < ApplicationController
-  authorize_resource
+  load_and_authorize_resource
   before_filter :authenticate_user!
   
   # GET /users
   # GET /users.json
   def index
-    @users = User.all
+    #@users = User.all
+    #authorize! :read, @users
 
     respond_to do |format|
       format.html # index.html.erb
@@ -16,7 +17,7 @@ class UsersController < ApplicationController
   # GET /users/1
   # GET /users/1.json
   def show
-    @user = User.find(params[:id])
+    #@user = User.find(params[:id])
 
     respond_to do |format|
       format.html # show.html.erb
@@ -26,7 +27,7 @@ class UsersController < ApplicationController
 
   # PUT /users/1/upload
   def upload
-    @user = User.find(params[:id])
+    #@user = User.find(params[:id])
     @upload_result = @user.upload_to_door
 
     respond_to do |format|
@@ -48,7 +49,7 @@ class UsersController < ApplicationController
   # GET /users/new
   # GET /users/new.json
   def new
-    @user = User.new
+    #@user = User.new
 
     respond_to do |format|
       format.html # new.html.erb
@@ -58,13 +59,13 @@ class UsersController < ApplicationController
 
   # GET /users/1/edit
   def edit
-    @user = User.find(params[:id])
+    #@user = User.find(params[:id])
   end
 
   # POST /users
   # POST /users.json
   def create
-    @user = User.new(params[:user])
+    #@user = User.new(params[:user])
 
     respond_to do |format|
       if @user.save
@@ -80,7 +81,7 @@ class UsersController < ApplicationController
   # PUT /users/1
   # PUT /users/1.json
   def update
-    @user = User.find(params[:id])
+    #@user = User.find(params[:id])
 
     respond_to do |format|
       if @user.update_attributes(params[:user])
@@ -96,7 +97,7 @@ class UsersController < ApplicationController
   # DELETE /users/1
   # DELETE /users/1.json
   def destroy
-    @user = User.find(params[:id])
+    #@user = User.find(params[:id])
     @user.destroy
 
     respond_to do |format|
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 8575aa4..e8fb084 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -2,8 +2,12 @@ class Ability
   include CanCan::Ability
 
   def initialize(user)
-    can :manage, User do |u|
+    if user.admin?
+      can :manage, :all
+    else
+      can :read, User do |u|
         u.id == user.id
+      end
     end
     # Define abilities for the passed in user here. For example:
     #