Mooooore resources

app/models/ability.rb

@@ -4,6 +4,7 @@ class Ability
   def initialize(user)
     can :read, Mac # Anonymous can read mac
     can :scan, Mac # Need anonymous so CRON can scan
+    can :read, Resource
 
     if !user.nil?
 
@@ -14,7 +15,7 @@ class Ability
       can [:update], Mac, :user_id => nil
       can [:create,:update], Mac, :user_id => user.id
       can :read, Payment, :user_id => user.id
-      can :read, Resource
+      can [:create,:update], Resource, :user_id => user.id
       can :read, UserCertification, :user_id => user.id
       can :read, User, :id => user.id #TODO: why can users update themselves? Maybe because Devise doesn't check users/edit?
       can :compose_email, User

app/models/user.rb

@@ -16,6 +16,7 @@ class User < ActiveRecord::Base
   has_many :certifications, :through => :user_certifications
   has_many :payments
   has_many :macs
+  has_many :resources
 
   validates_format_of [:twitter_url, :facebook_url, :github_url, :website_url], :with => URI::regexp(%w(http https)), :allow_blank => true