diff --git a/Gemfile b/Gemfile
index b7f7165..4c7d000 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,18 +2,20 @@ source 'https://rubygems.org'
 
 gem 'rails', '3.2.13'
 
+gem 'netzke-cancan'
 gem 'netzke-core', '~>0.8.0'
 gem 'netzke-basepack', '~>0.8.0'
 
 
-gem 'sqlite3', '~> 1.3.5'
+gem 'acts_as_loggable', :git => 'https://github.com/spacemunkay/acts_as_loggable.git'
+gem 'bootstrap-will_paginate', '~> 0.0.6'
+gem 'cancan'
+gem 'decent_exposure', '~> 1.0.1'
 gem 'devise', '~> 2.0.4'
 gem 'haml-rails', '~> 0.3.4'
 gem 'jquery-rails', '~> 2.0'
-gem 'decent_exposure', '~> 1.0.1'
+gem 'sqlite3', '~> 1.3.5'
 gem 'will_paginate', '~> 3.0.3'
-gem 'bootstrap-will_paginate', '~> 0.0.6'
-gem 'acts_as_loggable', :git => 'https://github.com/spacemunkay/acts_as_loggable.git'
 
 # Gems used only for assets and not required
 # in production environments by default.
diff --git a/Gemfile.lock b/Gemfile.lock
index c2d474b..4619a5c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -42,6 +42,7 @@ GEM
     bootstrap-will_paginate (0.0.9)
       will_paginate
     builder (3.0.4)
+    cancan (1.6.9)
     capybara (1.1.4)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
@@ -124,6 +125,9 @@ GEM
     multi_json (1.7.2)
     netzke-basepack (0.8.2)
       netzke-core (~> 0.8.2)
+    netzke-cancan (0.8.2)
+      cancan
+      netzke-core
     netzke-core (0.8.3)
       execjs
       uglifier
@@ -224,6 +228,7 @@ PLATFORMS
 DEPENDENCIES
   acts_as_loggable!
   bootstrap-will_paginate (~> 0.0.6)
+  cancan
   capybara (~> 1.1.2)
   coffee-rails (~> 3.2.1)
   database_cleaner
@@ -236,6 +241,7 @@ DEPENDENCIES
   jquery-rails (~> 2.0)
   launchy
   netzke-basepack (~> 0.8.0)
+  netzke-cancan
   netzke-core (~> 0.8.0)
   pry (~> 0.9.8)
   rails (= 3.2.13)
diff --git a/app/components/app_tab_panel.rb b/app/components/app_tab_panel.rb
index 6b346a6..41188a5 100644
--- a/app/components/app_tab_panel.rb
+++ b/app/components/app_tab_panel.rb
@@ -17,7 +17,7 @@ class AppTabPanel < Netzke::Basepack::TabPanel
                               ]
 
     #for users
-    if controller.current_user.user?
+    if controller.current_user.role?(:user)
       # (had to use hash for borders to get the title to display properly)
       @@app_tab_panel_items.concat [{ layout: :fit,
                                       wrappedComponent: :user_profile_border,
@@ -28,7 +28,7 @@ class AppTabPanel < Netzke::Basepack::TabPanel
                                     ]
     end
     #for admins
-    if controller.current_user.admin?
+    if controller.current_user.role?(:admin)
       # (had to use hash for borders to get the title to display properly)
       @@app_tab_panel_items.concat [{ layout: :fit,
                                       wrappedComponent: :users_and_profiles_border,
diff --git a/app/components/bike_brands.rb b/app/components/bike_brands.rb
index 69e4fab..58c9341 100644
--- a/app/components/bike_brands.rb
+++ b/app/components/bike_brands.rb
@@ -4,17 +4,16 @@ class BikeBrands < Netzke::Basepack::Grid
     c.model = "BikeBrand"
     c.title = "Brands"
 
-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
-    end
+    c.prohibit_update = true if cannot? :update, BikeBrand
+    c.prohibit_create = true if cannot? :create, BikeBrand
+    c.prohibit_delete = true if cannot? :delete, BikeBrand 
   end
 
   #override with nil to remove actions
   def default_bbar
     bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, BikeBrand
+    bbar.concat [ :add_in_form ] if can? :create, BikeBrand
     bbar
   end
 end
diff --git a/app/components/bike_logs.rb b/app/components/bike_logs.rb
index 9c0b1fe..02446df 100644
--- a/app/components/bike_logs.rb
+++ b/app/components/bike_logs.rb
@@ -30,11 +30,12 @@ class BikeLogs < Netzke::Basepack::Grid
                                               }
       }
     ]
-    
-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
+
+    #TODO: fix GUI so it actually respects this
+    current_bike = Bike.find_by_id(session[:selected_bike_id]) 
+    if cannot? :update, current_bike
+      # if you can't update the bike, you can't do anything to the log
+      c.prohibit_update = c.prohibit_create = c.prohibit_delete = true
     end
 
   end
@@ -53,7 +54,8 @@ class BikeLogs < Netzke::Basepack::Grid
   #override with nil to remove actions
   def default_bbar
     bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
+    bbar.concat [ :add_in_form ] if can? :create, ::ActsAsLoggable::Log
     bbar
   end
 =end
diff --git a/app/components/bike_models.rb b/app/components/bike_models.rb
index 55198c3..ac654d0 100644
--- a/app/components/bike_models.rb
+++ b/app/components/bike_models.rb
@@ -14,17 +14,16 @@ class BikeModels < Netzke::Basepack::Grid
       { :name => :model }
     ]
 
-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
-    end
+    c.prohibit_update = true if cannot? :update, BikeModel
+    c.prohibit_create = true if cannot? :create, BikeModel
+    c.prohibit_delete = true if cannot? :delete, BikeModel 
   end
 
   #override with nil to remove actions
   def default_bbar
     bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, BikeModel
+    bbar.concat [ :add_in_form ] if can? :create, BikeModel
     bbar
   end
 end
diff --git a/app/components/transaction_logs.rb b/app/components/transaction_logs.rb
index 7cbdc4e..472a95d 100644
--- a/app/components/transaction_logs.rb
+++ b/app/components/transaction_logs.rb
@@ -29,11 +29,9 @@ class TransactionLogs < Netzke::Basepack::Grid
       }
     ]
 
-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
-    end
+    c.prohibit_update = true if cannot? :update, ::ActsAsLoggable::Log
+    c.prohibit_create = true if cannot? :create, ::ActsAsLoggable::Log
+    c.prohibit_delete = true if cannot? :delete, ::ActsAsLoggable::Log 
 
   end
 
@@ -60,7 +58,8 @@ class TransactionLogs < Netzke::Basepack::Grid
   #override with nil to remove actions
   def default_bbar
     bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, ::ActsAsLoggable::Log
+    bbar.concat [:add_in_form ] if can? :create, ::ActsAsLoggable::Log
     bbar
   end
 
diff --git a/app/components/user_logs.rb b/app/components/user_logs.rb
index b001b42..1300845 100644
--- a/app/components/user_logs.rb
+++ b/app/components/user_logs.rb
@@ -14,16 +14,16 @@ class UserLogs < Netzke::Basepack::Grid
       :copy_action_id => 4
     }
 
-    #just users
-    if controller.current_user.user?
-      user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)}
-      user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } )
-      user_log_data_store = {auto_load: true }
-    #admins and staff
-    else
+    if can? :manage, ::ActsAsLoggable::Log
+      #admins and staff
       user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => session[:selected_user_id]);}
       user_log_strong_default_attrs.merge!( { :loggable_id => session[:selected_user_id] } )
       user_log_data_store = {auto_load: true }
+    else
+      #just users
+      user_log_scope = lambda { |rel| rel.where(:loggable_type => 'User',:loggable_id => controller.current_user.id)}
+      user_log_strong_default_attrs.merge!( { :loggable_id => controller.current_user.id } )
+      user_log_data_store = {auto_load: true }
     end
 
     c.model = "ActsAsLoggable::Log"
diff --git a/app/components/user_profiles.rb b/app/components/user_profiles.rb
index 1048f66..c26bb28 100644
--- a/app/components/user_profiles.rb
+++ b/app/components/user_profiles.rb
@@ -3,18 +3,18 @@ class UserProfiles < Netzke::Basepack::Grid
   def configure(c)
     super
 
-    if controller.current_user.user?
-      user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);}
-      user_profiles_data_store = { auto_load: true }
-      user_profile_strong_default_attrs = {
-        :user_id => controller.current_user.id
-      }
-    else
+    if can? :manage, UserProfile
       user_profiles_scope = lambda { |rel| rel.where(:user_id => session[:selected_user_id]);}
       user_profiles_data_store = { auto_load: false}
       user_profile_strong_default_attrs = {
         :user_id => session[:selected_user_id]
       }
+    else
+      user_profiles_scope = lambda { |rel| rel.where(:user_id => controller.current_user.id);}
+      user_profiles_data_store = { auto_load: true }
+      user_profile_strong_default_attrs = {
+        :user_id => controller.current_user.id
+      }
     end
 
     c.model = "UserProfile"
diff --git a/app/components/user_transactions.rb b/app/components/user_transactions.rb
index 9c0fdee..5e62ab3 100644
--- a/app/components/user_transactions.rb
+++ b/app/components/user_transactions.rb
@@ -24,17 +24,16 @@ class UserTransactions < Netzke::Basepack::Grid
       :created_at
     ]
 
-    if controller.current_user.user?
-      c.prohibit_update = true
-      c.prohibit_create = true
-      c.prohibit_delete = true
-    end
+    c.prohibit_update = true if cannot? :update, Transaction
+    c.prohibit_create = true if cannot? :create, Transaction
+    c.prohibit_delete = true if cannot? :delete, Transaction
   end
 
   #override with nil to remove actions
   def default_bbar
     bbar = [ :search ]
-    bbar.concat [ :apply, :add_in_form ] if not controller.current_user.user?
+    bbar.concat [ :apply ] if can? :update, Transaction
+    bbar.concat [ :add_in_form ] if can? :create, Transaction
     bbar
   end
 end
diff --git a/app/models/ability.rb b/app/models/ability.rb
new file mode 100644
index 0000000..4fde40d
--- /dev/null
+++ b/app/models/ability.rb
@@ -0,0 +1,28 @@
+class Ability
+  include CanCan::Ability
+  
+  def initialize(current_user)
+    @current_user = current_user
+    self.send(current_user.role.to_sym)
+  end
+
+  def admin
+    can :manage, :all
+  end  
+
+  def staff
+    can :manage, :all
+  end
+
+  def bike_admin
+    can :manage, Bike
+    can :manage, ::ActsAsLoggable::Log, :loggable_type => "Bike"
+  end
+
+  def user
+    can :read, :all
+    can :update, Bike, :id => @current_user.bike_id unless @current_user.bike.nil?
+    can :manage, ::ActsAsLoggable::Log, { :loggable_type => "Bike", :loggable_id => @current_user.bike_id }
+    can :manage, ::ActsAsLoggable::Log, { :loggable_type => "User", :loggable_id => @current_user.id }
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index c51f98a..b55c290 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -24,16 +24,12 @@ class User < ActiveRecord::Base
     "#{first_name} #{last_name}"
   end
 
-  def user?
-    user_role.to_s == "user"
+  def role
+    user_role.role
   end
 
-  def staff?
-    user_role.to_s == "staff"
-  end
-
-  def admin?
-    user_role.to_s == "admin"
+  def role?(role)
+    user_role.to_s == role.to_s
   end
 
   def total_hours