2 files changed, 12 insertions, 4 deletions

diff --git a/app/controllers/api/v1/switchboards_controller.rb b/app/controllers/api/v1/switchboards_controller.rb
index e6996ca..4d6607a 100644
--- a/app/controllers/api/v1/switchboards_controller.rb
+++ b/app/controllers/api/v1/switchboards_controller.rb
@@ -5,16 +5,20 @@ module Api
 
       def index
         @user = current_user
-        @switchboards = @user.switchboards
+        @switchboards = Switchboard.all
 
-        respond_with @switchboards
+        if can? :read, @switchboards
+          respond_with @switchboards
+        end
       end
 
       def show
         @user = current_user
-        @switchboard = @user.switchboards.find(params[:id])
+        @switchboard = Switchboard.find(params[:id])
 
-        respond_with @switchboard
+        if can? :read, @switchboard
+          respond_with @switchboard
+        end
       end
     end
   end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 8718dc4..66f3c60 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -95,6 +95,10 @@ class Ability
           #
           cannot :manage, RestoreJob
 
+          # Admin can manage all switchboards.
+          #
+          can :manage, Switchboard
+
         else
           # Any user can do the following stuff.
           #