diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index 6d1ce7c..87838cb 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -1,69 +1,39 @@
 class CommentsController < ApplicationController
-  # GET /comments
-  # GET /comments.json
-  def index
-    @comments = Comment.all
-
-    respond_to do |format|
-      format.html # index.html.erb
-      format.json { render json: @comments }
-    end
-  end
-
-  # GET /comments/1
-  # GET /comments/1.json
-  def show
-    @comment = Comment.find(params[:id])
-
-    respond_to do |format|
-      format.html # show.html.erb
-      format.json { render json: @comment }
-    end
-  end
-
-  
-  # GET /comments/1/edit
-  def edit
-    @comment = Comment.find(params[:id])
-  end
+  after_action :verify_authorized
 
   # POST /comments
-  # POST /comments.json
   def create
-   if user_signed_in? then
-        @comment = Comment.new(params[:new_comment])
-        @comment.text = params["#{params[:new_comment][:question_id]}new_comment_text"]
-        @comment.question_id = params[:new_comment][:question_id]
-        @comment.user_id = params[:new_comment][:user_id]
-        @comment.plan_id = params[:new_comment][:plan_id]
-        
-        @plan = Plan.find(@comment.plan_id)
-        @project = Project.find(@plan.project_id)
-        
-        respond_to do |format|
-          if @comment.save
-            session[:question_id_comments] = @comment.question_id
-            format.html { redirect_to edit_project_plan_path(@project, @plan), status: :found, notice: I18n.t("helpers.comments.comment_created") }
-            format.json { head :no_content  }
-          end
-        end
-    end    
+    @comment = Comment.new(params[:new_comment])
+    @comment.text = params["#{params[:new_comment][:question_id]}new_comment_text"]
+    @comment.question_id = params[:new_comment][:question_id]
+    @comment.user_id = params[:new_comment][:user_id]
+    @comment.plan_id = params[:new_comment][:plan_id]
+    authorize @comment
+
+    @plan = Plan.find(@comment.plan_id)
+    @project = Project.find(@plan.project_id)
+
+    respond_to do |format|
+      if @comment.save
+        session[:question_id_comments] = @comment.question_id
+        format.html { redirect_to edit_project_plan_path(@project, @plan), status: :found, notice: I18n.t("helpers.comments.comment_created") }
+      end
+    end
   end
 
   # PUT /comments/1
-  # PUT /comments/1.json
   def update
     @comment = Comment.find(params[:comment][:id])
+    authorize @comment
     @comment.text = params["#{params[:comment][:id]}_comment_text"]
-    
+
     @plan = Plan.find(@comment.plan_id)
     @project = Project.find(@plan.project_id)
-    
+
     respond_to do |format|
       if @comment.update_attributes(params[:comment])
         session[:question_id_comments] = @comment.question_id
         format.html { redirect_to edit_project_plan_path(@project, @plan), status: :found, notice: I18n.t("helpers.comments.comment_updated") }
-        format.json { head :no_content }
       end
     end
   end
@@ -72,9 +42,10 @@
   # ARCHIVE /comments/1.json
   def archive
     @comment = Comment.find(params[:comment][:id])
+    authorize @comment
     @comment.archived = true
     @comment.archived_by = params[:comment][:archived_by]
-    
+
     @plan = Plan.find(@comment.plan_id)
     @project = Project.find(@plan.project_id)
 
@@ -82,9 +53,9 @@
       if @comment.update_attributes(params[:comment])
         session[:question_id_comments] = @comment.question_id
         format.html { redirect_to edit_project_plan_path(@project, @plan), status: :found, notice: I18n.t("helpers.comments.comment_removed") }
-      end   
+      end
     end
   end
-  
-  
+
+
 end
diff --git a/app/policies/answer_policy.rb b/app/policies/answer_policy.rb
index d3b8d02..61f6989 100644
--- a/app/policies/answer_policy.rb
+++ b/app/policies/answer_policy.rb
@@ -1,5 +1,6 @@
 class AnswerPolicy < ApplicationPolicy
   attr_reader :user
+  attr_reader :answer
 
   def initialize(user, answer)
     raise Pundit::NotAuthorizedError, "must be logged in" unless user
diff --git a/app/policies/comment_policy.rb b/app/policies/comment_policy.rb
new file mode 100644
index 0000000..570c0a1
--- /dev/null
+++ b/app/policies/comment_policy.rb
@@ -0,0 +1,23 @@
+class CommentPolicy < ApplicationPolicy
+  attr_reader :user
+  attr_reader :comment
+
+  def initialize(user, comment)
+    raise Pundit::NotAuthorizedError, "must be logged in" unless user
+    @user = user
+    @comment = comment
+  end
+
+  def create?
+    Plan.find(@comment.plan_id).readable_by(@user.id)
+  end
+
+  def update?
+    Plan.find(@comment.plan_id).readable_by(@user.id)
+  end
+
+  def archive?
+    Plan.find(@comment.plan_id).readable_by(@user.id)
+  end
+
+end
\ No newline at end of file