diff --git a/Gemfile b/Gemfile
index c44fbeb..00ef2e2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -25,6 +25,8 @@ gem 'jquery-rails'
 
 gem 'devise'
 
+gem "cancan"
+
 # To use ActiveModel has_secure_password
 # gem 'bcrypt-ruby', '~> 3.0.0'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index ad1d699..c27ca1a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -31,6 +31,7 @@ GEM
     arel (3.0.2)
     bcrypt-ruby (3.0.1)
     builder (3.0.0)
+    cancan (1.6.8)
     coffee-rails (3.2.2)
       coffee-script (>= 2.2.0)
       railties (~> 3.2.0)
@@ -115,6 +116,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  cancan
   coffee-rails (~> 3.2.1)
   devise
   jquery-rails
diff --git a/app/models/ability.rb b/app/models/ability.rb
new file mode 100644
index 0000000..58929d7
--- /dev/null
+++ b/app/models/ability.rb
@@ -0,0 +1,28 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    # Define abilities for the passed in user here. For example:
+    #
+    #   user ||= User.new # guest user (not logged in)
+    #   if user.admin?
+    #     can :manage, :all
+    #   else
+    #     can :read, :all
+    #   end
+    #
+    # The first argument to `can` is the action you are giving the user permission to do.
+    # If you pass :manage it will apply to every action. Other common actions here are
+    # :read, :create, :update and :destroy.
+    #
+    # The second argument is the resource the user can perform the action on. If you pass
+    # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
+    #
+    # The third argument is an optional hash of conditions to further filter the objects.
+    # For example, here the user can only update published articles.
+    #
+    #   can :update, Article, :published => true
+    #
+    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
+  end
+end