diff --git a/Gemfile b/Gemfile
index e36a90c..fa23bda 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,6 +15,7 @@
 
 # ------------------------------------------------
 #    DATABASE/SERVER
+gem 'pg'
 gem 'mysql2', '~> 0.3.18'
 
 # ------------------------------------------------
@@ -73,6 +74,7 @@
 gem 'feedjira'
 gem 'caracal'                           # WORD DOC EXPORTING
 gem 'caracal-rails'
+gem 'yaml_db', :git => 'https://github.com/vyruss/yaml_db.git'
 
 # ------------------------------------------------
 #     INTERNATIONALIZATION
@@ -120,4 +122,5 @@
 # gem 'exception_notification'     # UNUSED BUT COULD BE USEFUL FOR ERROR MSG BEING SENT TO ADMINS FROM PROD SYS
 # gem 'email_validator'            # UNUSED ACTIVERECORD VALIDATOR
 # gem 'validate_url'               # UNUSED ACTIVERECORD VALIDATOR
-# gem 'turbolinks'                 # IS NOW A CORE PART OF RAILS >= 4.0
\ No newline at end of file
+# gem 'turbolinks'                 # IS NOW A CORE PART OF RAILS >= 4.0
+
diff --git a/Gemfile.lock b/Gemfile.lock
index 873deac..b71d100 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -213,6 +213,7 @@
     omniauth-shibboleth (1.2.1)
       omniauth (>= 1.0.0)
     orm_adapter (0.5.0)
+    pg (0.19.0)
     pkg-config (1.1.7)
     polyamorous (1.3.1)
       activerecord (>= 3.0)
@@ -312,6 +313,9 @@
     wicked_pdf (1.1.0)
     xpath (2.0.0)
       nokogiri (~> 1.3)
+    yaml_db (0.4.2)
+      rails (>= 3.0, < 5.1)
+      rake (>= 0.8.7)
     yard (0.9.5)
 
 PLATFORMS
@@ -343,6 +347,7 @@
   mysql2 (~> 0.3.18)
   omniauth
   omniauth-shibboleth
+  pg
   protected_attributes
   pundit
   rack-test
@@ -361,6 +366,7 @@
   uglifier
   web-console (~> 2.0)
   wicked_pdf
+  yaml_db
   yard
 
 RUBY VERSION
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index f01d810..e5b9bed 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -249,7 +249,7 @@
         #subset guidance that belong to the institution
 		unless institution.nil? then
       authorize Project
-			optional_gg = GuidanceGroup.where("optional_subset =  ? && organisation_id = ?", true, institution.id)
+			optional_gg = GuidanceGroup.where("optional_subset =  ? AND organisation_id = ?", true, institution.id)
 			optional_gg.each do|optional|
 				guidance_groups[optional.id] = optional.name
 			end
@@ -272,7 +272,7 @@
 
         #If template belongs to a funder and that funder has subset guidance display then.
         if !template.nil? && template.organisation.organisation_type.name == constant("organisation_types.funder") then
-            optional_gg = GuidanceGroup.where("optional_subset =  ? && organisation_id = ?", true, template.organisation_id)
+            optional_gg = GuidanceGroup.where("optional_subset =  ? AND organisation_id = ?", true, template.organisation_id)
 			optional_gg.each do|optional|
 				guidance_groups[optional.id] = optional.name
 			end
@@ -335,7 +335,7 @@
       guidance_groups = []
 
       #subset guidance that belong to an institution
-      optional_gg = GuidanceGroup.where("optional_subset =  ? && organisation_id IS NOT NULL", true)
+      optional_gg = GuidanceGroup.where("optional_subset =  ? AND organisation_id IS NOT NULL", true)
       optional_gg.each do|optional|
         guidance_groups << optional.id
       
@@ -347,7 +347,7 @@
       end
 
       # If template belongs to a funder and is an optional_subset
-      optional_gg = GuidanceGroup.where("optional_subset =  ? && organisation_id IN (?)", true, orgs_of_type(constant("organisation_types.funder")))
+      optional_gg = GuidanceGroup.where("optional_subset =  ? AND organisation_id IN (?)", true, orgs_of_type(constant("organisation_types.funder")))
       optional_gg.each do|optional|
         guidance_groups << optional.id
       end
diff --git a/app/controllers/token_permission_types_controller.rb b/app/controllers/token_permission_types_controller.rb
index 5d5c3fc..3500374 100644
--- a/app/controllers/token_permission_types_controller.rb
+++ b/app/controllers/token_permission_types_controller.rb
@@ -2,6 +2,7 @@
   def index
     authorize TokenPermissionType
     @user = current_user
+    @token_types = @user.organisation.token_permission_types
     respond_to do |format|
       format.html
     end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 4d6bd4f..52f9558 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -4,7 +4,7 @@
   def admin_index
     authorize User
     
-    @users = User.where(organisation: current_user.organisation).includes(:project_groups)
+    @users = current_user.organisation.users.includes(:project_groups)
     
     respond_to do |format|
       format.html # index.html.erb
diff --git a/app/models/organisation.rb b/app/models/organisation.rb
index d073907..fada6d0 100644
--- a/app/models/organisation.rb
+++ b/app/models/organisation.rb
@@ -8,6 +8,7 @@
   has_many :guidance_groups
   has_many :dmptemplates
   has_many :sections
+  has_many :user_org_roles
   has_many :users
   has_many :option_warnings
   has_many :suggested_answers
@@ -167,7 +168,7 @@
   #
   # @return [Array<Dmptemplate>] published dmptemplates
 	def published_templates
-		return dmptemplates.where("published = ?", 1)
+		return dmptemplates.where("published = ?", true)
 	end
 
   def check_api_credentials
diff --git a/app/models/user.rb b/app/models/user.rb
index d3bec38..484f41b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,7 +13,6 @@
     has_many :answers
     has_many :user_org_roles
     has_many :project_groups, :dependent => :destroy
-    #has_many :organisations , through: :user_org_roles
     has_many :user_role_types, through: :user_org_roles
 		has_one :language
 
@@ -78,85 +77,24 @@
   # @param new_organisation_id [Integer] the id for an organisation
   # @return [String] the empty string as a causality of setting api_token
 	def organisation_id=(new_organisation_id)
-    # DEPRICATED STRUCTURE ONLY USED HERE
-#    if !self.user_org_roles.pluck(:organisation_id).include?(new_organisation_id.to_i) then
-      # if the user has more than one role
-#      if self.user_org_roles.count != 1 then
-#        new_user_org_role = UserOrgRole.new
-#        new_user_org_role.organisation_id = new_organisation_id
-#        new_user_org_role.user_role_type = UserRoleType.find_by(name: constant("user_role_types.user"));
-#        self.user_org_roles << new_user_org_role
-      # if the user has roles other than one(0/2/3?)
-#      else
-        # set role to first role 
-#        user_org_role = self.user_org_roles.first
-        # change org_id to new org_id
-#        user_org_role.organisation_id = new_organisation_id
-        # save modified role
-#        user_org_role.save
-        # if the user is not part of the new organisation
-#        if !self.user_org_roles.pluck(:organisation_id).include?(new_organisation_id.to_i) then
-#      		unless self.can_change_org?
-            # rip all permissions from user
-#            self.roles.delete_all
-#            self.save!
-#      		end
-#        end
-#      end
-#    end
-
-    self.organisation = Organisation.find(new_organisation_id)
-
-    # rip api_token from user
+    unless self.can_change_org? || new_organisation_id.nil? || self.organisation.nil?
+      # rip all permissions from the user
+      self.roles.delete_all
+    end
+    # set the user's new organisation
+    super(new_organisation_id)
+    self.save!
+    # rip api permissions from the user
     self.remove_token!
 	end
 
   ##
-  # returns the first organisation id of the user or nil
-  #
-  # @return [Integer, nil] the id of the user's organisation
-	def organisation_id
-#		if self.organisations.count > 0 then
-#			return self.organisations.first.id
-#		else
-#			return nil
-#		end
-    (self.organisation.nil? ? nil : self.organisation.id)
-	end
-  
-  ##
-  # returns the organisation of the user or nil
-  #
-  # @return [Organisation, nil] the organisation of the user
-#	def organisation
-#		if self.organisations.count > 0 then
-#			return self.organisations.first
-#		else
-#			return nil
-#		end
-#	end
-
-  ##
-  # returns the last organisation in the list of organisations
-  # possibly depricated as the user only has one organisation in the current schema
-  #
-  # @return [Organisation, nil] the organisation for the user
-	def current_organisation
-#		if self.organisations.count > 0 then
-#			return self.organisations.last
-#		else
-#			return nil
-#		end
-    self.organisation
-	end
-
-  ##
   # sets a new organisation for the user
   #
   # @param new_organisation [Organisation] the new organisation for the user
-#	def organisation=(new_organisation)
-#		organisation_id = organisation.id
-#	end
+	def organisation=(new_organisation)
+    organisation_id = new_organisation.id unless new_organisation.nil?
+	end
 
   ##
   # checks if the user is a super admin
@@ -300,33 +238,23 @@
     modify_guidance         = Role.find_by(name: 'modify_guidance')
     change_org_details      = Role.find_by(name: 'change_org_details')
     User.includes(:roles).all.each do |user|
-      roles = user.roles
-      roles.each do |role|
-        if role.blank?
-        elsif role.name == 'admin'
-          #add admin roles
-          user.roles << add_orgs unless user.can_add_orgs?
-          user.roles << change_org_affiliation unless user.can_change_org?
-          user.roles << grant_api_to_orgs unless user.can_grant_api_to_orgs?
-          user.roles << grant_permissions unless user.can_grant_permissions?
-        elsif role.name == 'org_admin'
-          #add org-admin roles
-          user.roles << grant_permissions unless user.can_grant_permissions?
-          user.roles << modify_templates unless user.can_modify_templates?
-          user.roles << modify_guidance unless user.can_modify_guidance?
-          user.roles << change_org_details unless user.can_modify_org_details?
-        end
-      end
-      #rip roles from user
-      if user.roles.include?(admin)
+      if user.roles.include? admin
+        #add admin roles
+        user.roles << add_orgs unless user.roles.include? add_orgs
+        user.roles << change_org_affiliation unless user.roles.include? change_org_affiliation
+        user.roles << grant_api_to_orgs unless user.roles.include? grant_api_to_orgs
+        user.roles << grant_permissions unless user.roles.include? grant_permissions
         user.roles.delete(admin)
-      end
-      if user.roles.include?(org_admin)
+      elsif user.roles.include? 'org_admin'
+        #add org-admin roles
+        user.roles << grant_permissions unless user.roles.include? grant_permissions
+        user.roles << modify_templates unless user.roles.include? modify_templates
+        user.roles << modify_guidance unless user.roles.include? modify_guidance
+        user.roles << change_org_details unless user.roles.include? change_org_details
         user.roles.delete(org_admin)
       end
-      # save the user
-      user.save!
+    # save the user
+    user.save!
     end
   end
-
 end
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb
index 7357115..5ff15d9 100644
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@@ -42,7 +42,7 @@
 						{ :class => "typeahead org_sign_up" }) %></td>
 			</tr>
 			<% other_organisations = Array.new %>
-			<% Organisation.where("parent_id IS ? AND is_other = ?", nil, 1).each do |org| %>
+			<% Organisation.where("parent_id IS ? AND is_other = ?", nil, true).each do |org| %>
 				<% other_organisations << org.id %>
 			<% end %>
 			<tr id="other-organisation-name" style="display:none" data-orgs="<%= other_organisations.join(",") %>">
diff --git a/app/views/plans/_answer_form.html.erb b/app/views/plans/_answer_form.html.erb
index 57198f7..5f262ba 100644
--- a/app/views/plans/_answer_form.html.erb
+++ b/app/views/plans/_answer_form.html.erb
@@ -165,10 +165,11 @@
 <div class="question-area-right-column">
     
     <div id="right-area-tabs-<%= question.id %>" class="question_right_column_nav">
-        <% @comments = Comment.where("question_id = ? && plan_id = ?", question.id, answer.plan_id ) %>
+        <% @comments = Comment.where("question_id = ? AND plan_id = ?", question.id, answer.plan_id ) %>
         <%= hidden_field_tag :question_id, question.id, :class => "question_id" %>
+        <% @question_guidances = @plan.guidance_for_question(question) %>
         <ul class="question_right_column_ul">
-            <% if (!question.guidance.nil? && question.guidance != "") || @plan.guidance_for_question(question).count > 0  then %>
+            <% if (!question.guidance.nil? && question.guidance != "") || @question_guidances.count > 0  then %>
                 <!-- add css to comment div-->
                 <% css_style_comment_div = "display: none;"%>
                 <% css_style_guidance_div = ""%>
@@ -224,7 +225,7 @@
                 </div>
             <% end %>
             <!--guidance from themes, institution themes and/or direct to the question-->
-            <% @plan.guidance_for_question(question).each_pair do |group,themes| %>
+            <% @question_guidances.each_pair do |group,themes| %>
                 <% themes.each_pair do |theme,guidances| %>
                     <% guidances.each do |guidance| %>
                         <div class="accordion-group">
diff --git a/app/views/plans/_comments.html.erb b/app/views/plans/_comments.html.erb
index 9fd8d19..dc21608 100644
--- a/app/views/plans/_comments.html.erb
+++ b/app/views/plans/_comments.html.erb
@@ -3,7 +3,7 @@
 <!-- if there are comments then list of comments and view last comment
     else display display add comment form -->
  
-<% @comments = Comment.where("question_id = ? && plan_id = ?", questionId, plan_id) %> 
+<% @comments = Comment.where("question_id = ? AND plan_id = ?", questionId, plan_id) %> 
 <%= hidden_field_tag :question_id, questionId, :class => "question_id" %>
   
 <% if @comments.count  >  0 then%>
diff --git a/app/views/shared/_register_form.html.erb b/app/views/shared/_register_form.html.erb
index 11100ad..b026327 100644
--- a/app/views/shared/_register_form.html.erb
+++ b/app/views/shared/_register_form.html.erb
@@ -25,7 +25,7 @@
 	</li>
   <div id="other-org-link"><a href="#"><%= t("helpers.org_not_listed") %></a></div>
 	<% other_organisations = Array.new %>
-	<% Organisation.where("parent_id IS ? AND is_other = ?", nil, 1).each do |org| %>
+	<% Organisation.where("parent_id IS ? AND is_other = ?", nil, true).each do |org| %>
 		<% other_organisations << org.id %>
 	<% end %>
 	<li id="other-organisation-name" style="display:none" data-orgs="<%= other_organisations.join(',') %>">
diff --git a/app/views/token_permission_types/index.html.erb b/app/views/token_permission_types/index.html.erb
index f7be6ec..0f7e8bd 100644
--- a/app/views/token_permission_types/index.html.erb
+++ b/app/views/token_permission_types/index.html.erb
@@ -1,5 +1,5 @@
 
-<% @user.organisation.token_permission_types.each do |token_type|%>
+<% @token_types.each do |token_type|%>
 <h1>
     <%= token_type.token_type %>
 </h1>
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index c9f9d95..a76c7bb 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -126,7 +126,7 @@
   # initial account confirmation) to be applied. Requires additional unconfirmed_email
   # db field (see migrations). Until confirmed, new email is stored in
   # unconfirmed_email column, and copied to email column on successful confirmation.
-  config.reconfirmable = true
+  config.reconfirmable = false
 
   # Defines which key will be used when confirming an account
   # config.confirmation_keys = [:email]
diff --git a/config/initializers/devise.rb.example b/config/initializers/devise.rb.example
new file mode 100644
index 0000000..17b481e
--- /dev/null
+++ b/config/initializers/devise.rb.example
@@ -0,0 +1,278 @@
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
+Devise.setup do |config|
+
+  config.secret_key = '{secret_key}'  
+  # ==> Mailer Configuration
+  # Configure the e-mail address which will be shown in Devise::Mailer,
+  # note that it will be overwritten if you use your own mailer class with default "from" parameter.
+  config.mailer_sender = "example@email.address"
+
+  # Configure the class responsible to send e-mails.
+  # config.mailer = "Devise::Mailer"
+
+  # ==> ORM configuration
+  # Load and configure the ORM. Supports :active_record (default) and
+  # :mongoid (bson_ext recommended) by default. Other ORMs may be
+  # available as additional gems.
+  require 'devise/orm/active_record'
+
+  # ==> Configuration for any authentication mechanism
+  # Configure which keys are used when authenticating a user. The default is
+  # just :email. You can configure it to use [:username, :subdomain], so for
+  # authenticating a user, both parameters are required. Remember that those
+  # parameters are used only when authenticating and not when retrieving from
+  # session. If you need permissions, you should implement that in a before filter.
+  # You can also supply a hash where the value is a boolean determining whether
+  # or not authentication should be aborted when the value is not present.
+  # config.authentication_keys = [ :email ]
+
+  # Configure parameters from the request object used for authentication. Each entry
+  # given should be a request method and it will automatically be passed to the
+  # find_for_authentication method and considered in your model lookup. For instance,
+  # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
+  # The same considerations mentioned for authentication_keys also apply to request_keys.
+  # config.request_keys = []
+
+  # Configure which authentication keys should be case-insensitive.
+  # These keys will be downcased upon creating or modifying a user and when used
+  # to authenticate or find a user. Default is :email.
+  config.case_insensitive_keys = [ :email ]
+
+  # Configure which authentication keys should have whitespace stripped.
+  # These keys will have whitespace before and after removed upon creating or
+  # modifying a user and when used to authenticate or find a user. Default is :email.
+  config.strip_whitespace_keys = [ :email ]
+
+  # Tell if authentication through request.params is enabled. True by default.
+  # It can be set to an array that will enable params authentication only for the
+  # given strategies, for example, `config.params_authenticatable = [:database]` will
+  # enable it only for database (email + password) authentication.
+  # config.params_authenticatable = true
+
+  # Tell if authentication through HTTP Auth is enabled. False by default.
+  # It can be set to an array that will enable http authentication only for the
+  # given strategies, for example, `config.http_authenticatable = [:token]` will
+  # enable it only for token authentication. The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
+  # :token         = Support basic authentication with token authentication key
+  # :token_options = Support token authentication with options as defined in
+  #                  http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
+  # config.http_authenticatable = false
+
+  # If http headers should be returned for AJAX requests. True by default.
+  # config.http_authenticatable_on_xhr = true
+
+  # The realm used in Http Basic Authentication. "Application" by default.
+  # config.http_authentication_realm = "Application"
+
+  # It will change confirmation, password recovery and other workflows
+  # to behave the same regardless if the e-mail provided was right or wrong.
+  # Does not affect registerable.
+  # config.paranoid = true
+
+  # By default Devise will store the user in session. You can skip storage for
+  # :http_auth and :token_auth by adding those symbols to the array below.
+  # Notice that if you are skipping storage for all authentication paths, you
+  # may want to disable generating routes to Devise's sessions controller by
+  # passing :skip => :sessions to `devise_for` in your config/routes.rb
+  config.skip_session_storage = [:http_auth]
+
+  # ==> Configuration for :database_authenticatable
+  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+  # using other encryptors, it sets how many times you want the password re-encrypted.
+  #
+  # Limiting the stretches to just one in testing will increase the performance of
+  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
+  # a value less than 10 in other environments.
+  	config.stretches = Rails.env.test? ? 1 : 10
+
+  # Setup a pepper to generate the encrypted password.
+  config.pepper = "EXAMPLE OF PEPPER TO GENERATE THE ENCRYPTED PASSWORD"
+  
+  # ==> Configuration for :invitable
+  # The period the generated invitation token is valid, after
+  # this period, the invited resource won't be able to accept the invitation.
+  # When invite_for is 0 (the default), the invitation won't expire.
+  # config.invite_for = 2.weeks
+
+  # Number of invitations users can send.
+  # - If invitation_limit is nil, there is no limit for invitations, users can
+  # send unlimited invitations, invitation_limit column is not used.
+  # - If invitation_limit is 0, users can't send invitations by default.
+  # - If invitation_limit n > 0, users can send n invitations.
+  # You can change invitation_limit column for some users so they can send more
+  # or less invitations, even with global invitation_limit = 0
+  # Default: nil
+  # config.invitation_limit = 5
+
+  # The key to be used to check existing users when sending an invitation
+  # and the regexp used to test it when validate_on_invite is not set.
+  # config.invite_key = {:email => /\A[^@]+@[^@]+\z/}
+  # config.invite_key = {:email => /\A[^@]+@[^@]+\z/, :username => nil}
+
+  # Flag that force a record to be valid before being actually invited
+  # Default: false
+  # config.validate_on_invite = true
+
+  # ==> Configuration for :confirmable
+  # A period that the user is allowed to access the website even without
+  # confirming his account. For instance, if set to 2.days, the user will be
+  # able to access the website for two days without confirming his account,
+  # access will be blocked just in the third day. Default is 0.days, meaning
+  # the user cannot access the website without confirming his account.
+  # config.allow_unconfirmed_access_for = 2.days
+
+  # A period that the user is allowed to confirm their account before their
+  # token becomes invalid. For example, if set to 3.days, the user can confirm
+  # their account within 3 days after the mail was sent, but on the fourth day
+  # their account can't be confirmed with the token any more.
+  # Default is nil, meaning there is no restriction on how long a user can take
+  # before confirming their account.
+  # config.confirm_within = 3.days
+
+  # If true, requires any email changes to be confirmed (exactly the same way as
+  # initial account confirmation) to be applied. Requires additional unconfirmed_email
+  # db field (see migrations). Until confirmed new email is stored in
+  # unconfirmed email column, and copied to email column on successful confirmation.
+  config.reconfirmable = false
+
+  # Defines which key will be used when confirming an account
+  # config.confirmation_keys = [ :email ]
+
+  # ==> Configuration for :rememberable
+  # The time the user will be remembered without asking for credentials again.
+  # config.remember_for = 2.weeks
+
+  # If true, extends the user's remember period when remembered via cookie.
+  # config.extend_remember_period = false
+
+  # Options to be passed to the created cookie. For instance, you can set
+  # :secure => true in order to force SSL only cookies.
+  # config.rememberable_options = {}
+
+  # ==> Configuration for :validatable
+  # Range for password length. Default is 8..128.
+  config.password_length = 8..128
+
+  # Email regex used to validate email formats. It simply asserts that
+  # one (and only one) @ exists in the given string. This is mainly
+  # to give user feedback and not to assert the e-mail validity.
+  # config.email_regexp = /\A[^@]+@[^@]+\z/
+
+  # ==> Configuration for :timeoutable
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again. Default is 30 minutes.
+  config.timeout_in = 3.hours
+
+  # If true, expires auth token on session timeout.
+  # config.expire_auth_token_on_timeout = false
+
+  # ==> Configuration for :lockable
+  # Defines which strategy will be used to lock an account.
+  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+  # :none            = No lock strategy. You should handle locking by yourself.
+  # config.lock_strategy = :failed_attempts
+
+  # Defines which key will be used when locking and unlocking an account
+  # config.unlock_keys = [ :email ]
+
+  # Defines which strategy will be used to unlock an account.
+  # :email = Sends an unlock link to the user email
+  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
+  # :both  = Enables both strategies
+  # :none  = No unlock strategy. You should handle unlocking by yourself.
+  # config.unlock_strategy = :both
+
+  # Number of authentication tries before locking an account if lock_strategy
+  # is failed attempts.
+  # config.maximum_attempts = 20
+
+  # Time interval to unlock the account if :time is enabled as unlock_strategy.
+  # config.unlock_in = 1.hour
+
+  # ==> Configuration for :recoverable
+  #
+  # Defines which key will be used when recovering the password for an account
+  # config.reset_password_keys = [ :email ]
+
+  # Time interval you can reset your password with a reset password key.
+  # Don't put a too small interval or your users won't have the time to
+  # change their passwords.
+  config.reset_password_within = 6.hours
+
+  # ==> Configuration for :encryptable
+  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
+  # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
+  # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
+  # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
+  # REST_AUTH_SITE_KEY to pepper).
+  #
+  # Require the `devise-encryptable` gem when using anything other than bcrypt
+  # config.encryptor = :sha512
+
+  # ==> Configuration for :token_authenticatable
+  # Defines name of the authentication token params key
+  # config.token_authentication_key = :auth_token
+
+  # ==> Scopes configuration
+  # Turn scoped views on. Before rendering "sessions/new", it will first check for
+  # "users/sessions/new". It's turned off by default because it's slower if you
+  # are using only default views.
+  # config.scoped_views = false
+
+  # Configure the default scope given to Warden. By default it's the first
+  # devise role declared in your routes (usually :user).
+  # config.default_scope = :user
+
+  # Set this configuration to false if you want /users/sign_out to sign out
+  # only the current scope. By default, Devise signs out all scopes.
+  # config.sign_out_all_scopes = true
+
+  # ==> Navigation configuration
+  # Lists the formats that should be treated as navigational. Formats like
+  # :html, should redirect to the sign in page when the user does not have
+  # access, but formats like :xml or :json, should return 401.
+  #
+  # If you have any extra navigational formats, like :iphone or :mobile, you
+  # should add them to the navigational formats lists.
+  #
+  # The "*/*" below is required to match Internet Explorer requests.
+  # config.navigational_formats = ["*/*", :html]
+
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :delete
+
+  # ==> OmniAuth
+  # Add a new OmniAuth provider. Check the wiki for more information on setting
+  # up on your models and hooks.
+  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+
+  # ==> Warden configuration
+  # If you want to use other strategies, that are not supported by Devise, or
+  # change the failure app, you can configure them inside the config.warden block.
+  #
+  # config.warden do |manager|
+  #   manager.intercept_401 = false
+  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
+  # end
+
+  # ==> Mountable engine configurations
+  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
+  # is mountable, there are some extra configurations to be taken into account.
+  # The following options are available, assuming the engine is mounted as:
+  #
+  #     mount MyEngine, at: "/my_engine"
+  #
+  # The router that invoked `devise_for`, in the example above, would be:
+  # config.router_name = :my_engine
+  #
+  # When using omniauth, Devise cannot automatically set Omniauth path,
+  # so you need to do it manually. For the users scope, it would be:
+  # config.omniauth_path_prefix = "/my_engine/users/auth"
+  
+  config.warden do |manager|
+    manager.failure_app = CustomFailure
+  end
+  
+end
diff --git a/config/initializers/devise_example.rb b/config/initializers/devise_example.rb
deleted file mode 100644
index 17b481e..0000000
--- a/config/initializers/devise_example.rb
+++ /dev/null
@@ -1,278 +0,0 @@
-# Use this hook to configure devise mailer, warden hooks and so forth.
-# Many of these configuration options can be set straight in your model.
-Devise.setup do |config|
-
-  config.secret_key = '{secret_key}'  
-  # ==> Mailer Configuration
-  # Configure the e-mail address which will be shown in Devise::Mailer,
-  # note that it will be overwritten if you use your own mailer class with default "from" parameter.
-  config.mailer_sender = "example@email.address"
-
-  # Configure the class responsible to send e-mails.
-  # config.mailer = "Devise::Mailer"
-
-  # ==> ORM configuration
-  # Load and configure the ORM. Supports :active_record (default) and
-  # :mongoid (bson_ext recommended) by default. Other ORMs may be
-  # available as additional gems.
-  require 'devise/orm/active_record'
-
-  # ==> Configuration for any authentication mechanism
-  # Configure which keys are used when authenticating a user. The default is
-  # just :email. You can configure it to use [:username, :subdomain], so for
-  # authenticating a user, both parameters are required. Remember that those
-  # parameters are used only when authenticating and not when retrieving from
-  # session. If you need permissions, you should implement that in a before filter.
-  # You can also supply a hash where the value is a boolean determining whether
-  # or not authentication should be aborted when the value is not present.
-  # config.authentication_keys = [ :email ]
-
-  # Configure parameters from the request object used for authentication. Each entry
-  # given should be a request method and it will automatically be passed to the
-  # find_for_authentication method and considered in your model lookup. For instance,
-  # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
-  # The same considerations mentioned for authentication_keys also apply to request_keys.
-  # config.request_keys = []
-
-  # Configure which authentication keys should be case-insensitive.
-  # These keys will be downcased upon creating or modifying a user and when used
-  # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
-
-  # Configure which authentication keys should have whitespace stripped.
-  # These keys will have whitespace before and after removed upon creating or
-  # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email ]
-
-  # Tell if authentication through request.params is enabled. True by default.
-  # It can be set to an array that will enable params authentication only for the
-  # given strategies, for example, `config.params_authenticatable = [:database]` will
-  # enable it only for database (email + password) authentication.
-  # config.params_authenticatable = true
-
-  # Tell if authentication through HTTP Auth is enabled. False by default.
-  # It can be set to an array that will enable http authentication only for the
-  # given strategies, for example, `config.http_authenticatable = [:token]` will
-  # enable it only for token authentication. The supported strategies are:
-  # :database      = Support basic authentication with authentication key + password
-  # :token         = Support basic authentication with token authentication key
-  # :token_options = Support token authentication with options as defined in
-  #                  http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
-  # config.http_authenticatable = false
-
-  # If http headers should be returned for AJAX requests. True by default.
-  # config.http_authenticatable_on_xhr = true
-
-  # The realm used in Http Basic Authentication. "Application" by default.
-  # config.http_authentication_realm = "Application"
-
-  # It will change confirmation, password recovery and other workflows
-  # to behave the same regardless if the e-mail provided was right or wrong.
-  # Does not affect registerable.
-  # config.paranoid = true
-
-  # By default Devise will store the user in session. You can skip storage for
-  # :http_auth and :token_auth by adding those symbols to the array below.
-  # Notice that if you are skipping storage for all authentication paths, you
-  # may want to disable generating routes to Devise's sessions controller by
-  # passing :skip => :sessions to `devise_for` in your config/routes.rb
-  config.skip_session_storage = [:http_auth]
-
-  # ==> Configuration for :database_authenticatable
-  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
-  # using other encryptors, it sets how many times you want the password re-encrypted.
-  #
-  # Limiting the stretches to just one in testing will increase the performance of
-  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
-  # a value less than 10 in other environments.
-  	config.stretches = Rails.env.test? ? 1 : 10
-
-  # Setup a pepper to generate the encrypted password.
-  config.pepper = "EXAMPLE OF PEPPER TO GENERATE THE ENCRYPTED PASSWORD"
-  
-  # ==> Configuration for :invitable
-  # The period the generated invitation token is valid, after
-  # this period, the invited resource won't be able to accept the invitation.
-  # When invite_for is 0 (the default), the invitation won't expire.
-  # config.invite_for = 2.weeks
-
-  # Number of invitations users can send.
-  # - If invitation_limit is nil, there is no limit for invitations, users can
-  # send unlimited invitations, invitation_limit column is not used.
-  # - If invitation_limit is 0, users can't send invitations by default.
-  # - If invitation_limit n > 0, users can send n invitations.
-  # You can change invitation_limit column for some users so they can send more
-  # or less invitations, even with global invitation_limit = 0
-  # Default: nil
-  # config.invitation_limit = 5
-
-  # The key to be used to check existing users when sending an invitation
-  # and the regexp used to test it when validate_on_invite is not set.
-  # config.invite_key = {:email => /\A[^@]+@[^@]+\z/}
-  # config.invite_key = {:email => /\A[^@]+@[^@]+\z/, :username => nil}
-
-  # Flag that force a record to be valid before being actually invited
-  # Default: false
-  # config.validate_on_invite = true
-
-  # ==> Configuration for :confirmable
-  # A period that the user is allowed to access the website even without
-  # confirming his account. For instance, if set to 2.days, the user will be
-  # able to access the website for two days without confirming his account,
-  # access will be blocked just in the third day. Default is 0.days, meaning
-  # the user cannot access the website without confirming his account.
-  # config.allow_unconfirmed_access_for = 2.days
-
-  # A period that the user is allowed to confirm their account before their
-  # token becomes invalid. For example, if set to 3.days, the user can confirm
-  # their account within 3 days after the mail was sent, but on the fourth day
-  # their account can't be confirmed with the token any more.
-  # Default is nil, meaning there is no restriction on how long a user can take
-  # before confirming their account.
-  # config.confirm_within = 3.days
-
-  # If true, requires any email changes to be confirmed (exactly the same way as
-  # initial account confirmation) to be applied. Requires additional unconfirmed_email
-  # db field (see migrations). Until confirmed new email is stored in
-  # unconfirmed email column, and copied to email column on successful confirmation.
-  config.reconfirmable = false
-
-  # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [ :email ]
-
-  # ==> Configuration for :rememberable
-  # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
-
-  # If true, extends the user's remember period when remembered via cookie.
-  # config.extend_remember_period = false
-
-  # Options to be passed to the created cookie. For instance, you can set
-  # :secure => true in order to force SSL only cookies.
-  # config.rememberable_options = {}
-
-  # ==> Configuration for :validatable
-  # Range for password length. Default is 8..128.
-  config.password_length = 8..128
-
-  # Email regex used to validate email formats. It simply asserts that
-  # one (and only one) @ exists in the given string. This is mainly
-  # to give user feedback and not to assert the e-mail validity.
-  # config.email_regexp = /\A[^@]+@[^@]+\z/
-
-  # ==> Configuration for :timeoutable
-  # The time you want to timeout the user session without activity. After this
-  # time the user will be asked for credentials again. Default is 30 minutes.
-  config.timeout_in = 3.hours
-
-  # If true, expires auth token on session timeout.
-  # config.expire_auth_token_on_timeout = false
-
-  # ==> Configuration for :lockable
-  # Defines which strategy will be used to lock an account.
-  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
-  # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
-
-  # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
-
-  # Defines which strategy will be used to unlock an account.
-  # :email = Sends an unlock link to the user email
-  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
-  # :both  = Enables both strategies
-  # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
-
-  # Number of authentication tries before locking an account if lock_strategy
-  # is failed attempts.
-  # config.maximum_attempts = 20
-
-  # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
-
-  # ==> Configuration for :recoverable
-  #
-  # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [ :email ]
-
-  # Time interval you can reset your password with a reset password key.
-  # Don't put a too small interval or your users won't have the time to
-  # change their passwords.
-  config.reset_password_within = 6.hours
-
-  # ==> Configuration for :encryptable
-  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
-  # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
-  # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
-  # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper).
-  #
-  # Require the `devise-encryptable` gem when using anything other than bcrypt
-  # config.encryptor = :sha512
-
-  # ==> Configuration for :token_authenticatable
-  # Defines name of the authentication token params key
-  # config.token_authentication_key = :auth_token
-
-  # ==> Scopes configuration
-  # Turn scoped views on. Before rendering "sessions/new", it will first check for
-  # "users/sessions/new". It's turned off by default because it's slower if you
-  # are using only default views.
-  # config.scoped_views = false
-
-  # Configure the default scope given to Warden. By default it's the first
-  # devise role declared in your routes (usually :user).
-  # config.default_scope = :user
-
-  # Set this configuration to false if you want /users/sign_out to sign out
-  # only the current scope. By default, Devise signs out all scopes.
-  # config.sign_out_all_scopes = true
-
-  # ==> Navigation configuration
-  # Lists the formats that should be treated as navigational. Formats like
-  # :html, should redirect to the sign in page when the user does not have
-  # access, but formats like :xml or :json, should return 401.
-  #
-  # If you have any extra navigational formats, like :iphone or :mobile, you
-  # should add them to the navigational formats lists.
-  #
-  # The "*/*" below is required to match Internet Explorer requests.
-  # config.navigational_formats = ["*/*", :html]
-
-  # The default HTTP method used to sign out a resource. Default is :delete.
-  config.sign_out_via = :delete
-
-  # ==> OmniAuth
-  # Add a new OmniAuth provider. Check the wiki for more information on setting
-  # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
-
-  # ==> Warden configuration
-  # If you want to use other strategies, that are not supported by Devise, or
-  # change the failure app, you can configure them inside the config.warden block.
-  #
-  # config.warden do |manager|
-  #   manager.intercept_401 = false
-  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
-  # end
-
-  # ==> Mountable engine configurations
-  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
-  # is mountable, there are some extra configurations to be taken into account.
-  # The following options are available, assuming the engine is mounted as:
-  #
-  #     mount MyEngine, at: "/my_engine"
-  #
-  # The router that invoked `devise_for`, in the example above, would be:
-  # config.router_name = :my_engine
-  #
-  # When using omniauth, Devise cannot automatically set Omniauth path,
-  # so you need to do it manually. For the users scope, it would be:
-  # config.omniauth_path_prefix = "/my_engine/users/auth"
-  
-  config.warden do |manager|
-    manager.failure_app = CustomFailure
-  end
-  
-end
diff --git a/config/initializers/recaptcha.rb.example b/config/initializers/recaptcha.rb.example
new file mode 100644
index 0000000..a9e681a
--- /dev/null
+++ b/config/initializers/recaptcha.rb.example
@@ -0,0 +1,5 @@
+Recaptcha.configure do |config|
+  config.public_key  = 'replace_this_with_your_public_key'
+  config.private_key = 'replace_this_with_your_private_key'
+  config.proxy = 'http://someproxy.com:port'
+end
diff --git a/config/initializers/recaptcha_example.rb b/config/initializers/recaptcha_example.rb
deleted file mode 100644
index a9e681a..0000000
--- a/config/initializers/recaptcha_example.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-Recaptcha.configure do |config|
-  config.public_key  = 'replace_this_with_your_public_key'
-  config.private_key = 'replace_this_with_your_private_key'
-  config.proxy = 'http://someproxy.com:port'
-end
diff --git a/db/migrate/20161021100420_single_organisation_for_users.rb b/db/migrate/20161021100420_single_organisation_for_users.rb
new file mode 100644
index 0000000..2b596f7
--- /dev/null
+++ b/db/migrate/20161021100420_single_organisation_for_users.rb
@@ -0,0 +1,19 @@
+class SingleOrganisationForUsers < ActiveRecord::Migration
+
+  def up
+
+    User.class_eval do
+      belongs_to :organisation,
+                 :class_name => "Organisation",
+                 :foreign_key => "organisation_id"
+    end
+
+    User.includes(:user_org_roles, :roles).all.each do | user |
+      # NOTE: we'll grab the first organisation (if present), so if there are more, these will be lost!
+      user.organisation_id = user.user_org_roles.first.organisation_id unless user.user_org_roles.empty?
+      user.save!
+    end
+
+    drop_table :user_org_roles
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 4c22ef6..a1cf34f 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -9,437 +9,399 @@
 # from scratch. The latter is a flawed and unsustainable approach (the more migrations
 # you'll amass, the slower it'll run and the greater likelihood for issues).
 #
-# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20160822130701) do
-  create_table "answers", force: :cascade do |t|
-    t.text     "text",        limit: 65535
-    t.integer  "plan_id",     limit: 4
-    t.integer  "user_id",     limit: 4
-    t.integer  "question_id", limit: 4
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 20150809210811) do
+
+  create_table "answers", :force => true do |t|
+    t.text     "text"
+    t.integer  "plan_id"
+    t.integer  "user_id"
+    t.integer  "question_id"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
   end
 
-  create_table "answers_options", id: false, force: :cascade do |t|
-    t.integer "answer_id", limit: 4, null: false
-    t.integer "option_id", limit: 4, null: false
+  create_table "answers_options", :id => false, :force => true do |t|
+    t.integer "answer_id", :null => false
+    t.integer "option_id", :null => false
   end
 
-  add_index "answers_options", ["answer_id", "option_id"], name: "index_answers_options_on_answer_id_and_option_id", using: :btree
+  add_index "answers_options", ["answer_id", "option_id"], :name => "index_answers_options_on_answer_id_and_option_id"
 
-  create_table "comments", force: :cascade do |t|
-    t.integer  "user_id",     limit: 4
-    t.integer  "question_id", limit: 4
-    t.text     "text",        limit: 65535
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
+  create_table "comments", :force => true do |t|
+    t.integer  "user_id"
+    t.integer  "question_id"
+    t.text     "text"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
     t.boolean  "archived"
-    t.integer  "plan_id",     limit: 4
-    t.integer  "archived_by", limit: 4
+    t.integer  "plan_id"
+    t.integer  "archived_by"
   end
 
-  create_table "dmptemplates", force: :cascade do |t|
-    t.string   "title",           limit: 255
-    t.text     "description",     limit: 65535
+  create_table "dmptemplates", :force => true do |t|
+    t.string   "title"
+    t.text     "description"
     t.boolean  "published"
-    t.integer  "user_id",         limit: 4
-    t.integer  "organisation_id", limit: 4
-    t.datetime "created_at",                    null: false
-    t.datetime "updated_at",                    null: false
-    t.string   "locale",          limit: 255
+    t.integer  "user_id"
+    t.integer  "organisation_id"
+    t.datetime "created_at",      :null => false
+    t.datetime "updated_at",      :null => false
+    t.string   "locale"
     t.boolean  "is_default"
   end
 
-  create_table "dmptemplates_guidance_groups", id: false, force: :cascade do |t|
-    t.integer "dmptemplate_id",    limit: 4
-    t.integer "guidance_group_id", limit: 4
+  create_table "dmptemplates_guidance_groups", :id => false, :force => true do |t|
+    t.integer "dmptemplate_id"
+    t.integer "guidance_group_id"
   end
 
-  create_table "exported_plans", force: :cascade do |t|
-    t.integer  "plan_id",    limit: 4
-    t.integer  "user_id",    limit: 4
-    t.string   "format",     limit: 255
-    t.datetime "created_at",             null: false
-    t.datetime "updated_at",             null: false
+  create_table "exported_plans", :force => true do |t|
+    t.integer  "plan_id"
+    t.integer  "user_id"
+    t.string   "format"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
   end
 
-  create_table "file_types", force: :cascade do |t|
-    t.string   "name",          limit: 255
-    t.string   "icon_name",     limit: 255
-    t.integer  "icon_size",     limit: 4
-    t.string   "icon_location", limit: 255
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
+  create_table "file_types", :force => true do |t|
+    t.string   "name"
+    t.string   "icon_name"
+    t.integer  "icon_size"
+    t.string   "icon_location"
+    t.datetime "created_at",    :null => false
+    t.datetime "updated_at",    :null => false
   end
 
-  create_table "file_uploads", force: :cascade do |t|
-    t.string   "name",         limit: 255
-    t.string   "title",        limit: 255
-    t.text     "description",  limit: 65535
-    t.integer  "size",         limit: 4
+  create_table "file_uploads", :force => true do |t|
+    t.string   "name"
+    t.string   "title"
+    t.text     "description"
+    t.integer  "size"
     t.boolean  "published"
-    t.string   "location",     limit: 255
-    t.integer  "file_type_id", limit: 4
-    t.datetime "created_at",                 null: false
-    t.datetime "updated_at",                 null: false
+    t.string   "location"
+    t.integer  "file_type_id"
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
   end
 
-  create_table "friendly_id_slugs", force: :cascade do |t|
-    t.string   "slug",           limit: 255, null: false
-    t.integer  "sluggable_id",   limit: 4,   null: false
-    t.string   "sluggable_type", limit: 40
+  create_table "friendly_id_slugs", :force => true do |t|
+    t.string   "slug",                         :null => false
+    t.integer  "sluggable_id",                 :null => false
+    t.string   "sluggable_type", :limit => 40
     t.datetime "created_at"
   end
 
-  add_index "friendly_id_slugs", ["slug", "sluggable_type"], name: "index_friendly_id_slugs_on_slug_and_sluggable_type", unique: true, using: :btree
-  add_index "friendly_id_slugs", ["sluggable_id"], name: "index_friendly_id_slugs_on_sluggable_id", using: :btree
-  add_index "friendly_id_slugs", ["sluggable_type"], name: "index_friendly_id_slugs_on_sluggable_type", using: :btree
+  add_index "friendly_id_slugs", ["slug", "sluggable_type"], :name => "index_friendly_id_slugs_on_slug_and_sluggable_type", :unique => true
+  add_index "friendly_id_slugs", ["sluggable_id"], :name => "index_friendly_id_slugs_on_sluggable_id"
+  add_index "friendly_id_slugs", ["sluggable_type"], :name => "index_friendly_id_slugs_on_sluggable_type"
 
-  create_table "guidance_groups", force: :cascade do |t|
-    t.string   "name",            limit: 255
-    t.integer  "organisation_id", limit: 4
-    t.datetime "created_at",                  null: false
-    t.datetime "updated_at",                  null: false
+  create_table "guidance_groups", :force => true do |t|
+    t.string   "name"
+    t.integer  "organisation_id"
+    t.datetime "created_at",      :null => false
+    t.datetime "updated_at",      :null => false
     t.boolean  "optional_subset"
     t.boolean  "published"
   end
 
-  create_table "guidance_in_group", id: false, force: :cascade do |t|
-    t.integer "guidance_id",       limit: 4, null: false
-    t.integer "guidance_group_id", limit: 4, null: false
+  create_table "guidance_in_group", :id => false, :force => true do |t|
+    t.integer "guidance_id",       :null => false
+    t.integer "guidance_group_id", :null => false
   end
 
-  add_index "guidance_in_group", ["guidance_id", "guidance_group_id"], name: "index_guidance_in_group_on_guidance_id_and_guidance_group_id", using: :btree
+  add_index "guidance_in_group", ["guidance_id", "guidance_group_id"], :name => "index_guidance_in_group_on_guidance_id_and_guidance_group_id"
 
-  create_table "guidances", force: :cascade do |t|
-    t.text     "text",              limit: 65535
-    t.integer  "guidance_group_id", limit: 4
-    t.datetime "created_at",                      null: false
-    t.datetime "updated_at",                      null: false
-    t.integer  "question_id",       limit: 4
-    t.boolean  "published"
+  create_table "guidances", :force => true do |t|
+    t.text     "text"
+    t.integer  "guidance_group_id"
+    t.datetime "created_at",        :null => false
+    t.datetime "updated_at",        :null => false
+    t.integer  "question_id"
   end
 
-  create_table "languages", force: :cascade do |t|
-    t.string  "abbreviation",     limit: 255
-    t.string  "description",      limit: 255
-    t.string  "name",             limit: 255
-    t.boolean "default_language", limit: 1
+  create_table "option_warnings", :force => true do |t|
+    t.integer  "organisation_id"
+    t.integer  "option_id"
+    t.text     "text"
+    t.datetime "created_at",      :null => false
+    t.datetime "updated_at",      :null => false
   end
 
-  create_table "option_warnings", force: :cascade do |t|
-    t.integer  "organisation_id", limit: 4
-    t.integer  "option_id",       limit: 4
-    t.text     "text",            limit: 65535
-    t.datetime "created_at"
-    t.datetime "updated_at"
-  end
-
-  create_table "options", force: :cascade do |t|
-    t.integer  "question_id", limit: 4
-    t.string   "text",        limit: 255
-    t.integer  "number",      limit: 4
+  create_table "options", :force => true do |t|
+    t.integer  "question_id"
+    t.string   "text"
+    t.integer  "number"
     t.boolean  "is_default"
-    t.datetime "created_at",              null: false
-    t.datetime "updated_at",              null: false
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
   end
 
-  create_table "org_token_permissions", force: :cascade do |t|
-    t.integer  "organisation_id",          limit: 4
-    t.integer  "token_permission_type_id", limit: 4
-    t.datetime "created_at"
-    t.datetime "updated_at"
+  create_table "organisation_types", :force => true do |t|
+    t.string   "name"
+    t.text     "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
   end
 
-  create_table "organisation_types", force: :cascade do |t|
-    t.string   "name",        limit: 255
-    t.text     "description", limit: 65535
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
-  end
-
-  create_table "organisations", force: :cascade do |t|
-    t.string   "name",                 limit: 255
-    t.string   "abbreviation",         limit: 255
-    t.string   "target_url",           limit: 255
-    t.integer  "organisation_type_id", limit: 4
-    t.string   "domain",               limit: 255
-    t.string   "wayfless_entity",      limit: 255
-    t.integer  "stylesheet_file_id",   limit: 4
-    t.datetime "created_at",                         null: false
-    t.datetime "updated_at",                         null: false
-    t.integer  "parent_id",            limit: 4
+  create_table "organisations", :force => true do |t|
+    t.string   "name"
+    t.string   "abbreviation"
+    t.text     "description"
+    t.string   "target_url"
+    t.integer  "organisation_type_id"
+    t.string   "domain"
+    t.integer  "wayfless_entity"
+    t.integer  "stylesheet_file_id"
+    t.datetime "created_at",           :null => false
+    t.datetime "updated_at",           :null => false
+    t.integer  "parent_id"
     t.boolean  "is_other"
-    t.string   "sort_name",            limit: 255
-    t.text     "banner_text",          limit: 65535
-    t.string   "logo_file_name",       limit: 255
-    t.integer  "region_id",            limit: 4
-    t.integer  "language_id",          limit: 4
-    t.string   "logo_uid",             limit: 255
-    t.string   "logo_name",            limit: 255
-    t.string   "contact_email",        limit: 255
+    t.string   "sort_name"
+    t.text     "banner_text"
+    t.string   "logo_file_name"
   end
 
-  create_table "phases", force: :cascade do |t|
-    t.string   "title",          limit: 255
-    t.text     "description",    limit: 65535
-    t.integer  "number",         limit: 4
-    t.integer  "dmptemplate_id", limit: 4
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.string   "slug",           limit: 255
+  create_table "phases", :force => true do |t|
+    t.string   "title"
+    t.text     "description"
+    t.integer  "number"
+    t.integer  "dmptemplate_id"
+    t.datetime "created_at",     :null => false
+    t.datetime "updated_at",     :null => false
+    t.string   "slug"
   end
 
-  add_index "phases", ["dmptemplate_id"], name: "index_phases_on_dmptemplate_id", using: :btree
-  add_index "phases", ["slug"], name: "index_phases_on_slug", unique: true, using: :btree
+  add_index "phases", ["dmptemplate_id"], :name => "index_phases_on_dmptemplate_id"
+  add_index "phases", ["slug"], :name => "index_phases_on_slug", :unique => true
 
-  create_table "plan_sections", force: :cascade do |t|
-    t.integer  "user_id",      limit: 4
-    t.integer  "section_id",   limit: 4
-    t.integer  "plan_id",      limit: 4
-    t.datetime "created_at",             null: false
-    t.datetime "updated_at",             null: false
+  create_table "plan_sections", :force => true do |t|
+    t.integer  "user_id"
+    t.integer  "section_id"
+    t.integer  "plan_id"
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
     t.datetime "release_time"
   end
 
-  create_table "plans", force: :cascade do |t|
+  create_table "plans", :force => true do |t|
     t.boolean  "locked"
-    t.integer  "project_id", limit: 4
-    t.integer  "version_id", limit: 4
-    t.datetime "created_at",           null: false
-    t.datetime "updated_at",           null: false
+    t.integer  "project_id"
+    t.integer  "version_id"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
   end
 
-  create_table "project_groups", force: :cascade do |t|
+  create_table "project_groups", :force => true do |t|
     t.boolean  "project_creator"
     t.boolean  "project_editor"
-    t.integer  "user_id",               limit: 4
-    t.integer  "project_id",            limit: 4
-    t.datetime "created_at",                      null: false
-    t.datetime "updated_at",                      null: false
+    t.integer  "user_id"
+    t.integer  "project_id"
+    t.datetime "created_at",            :null => false
+    t.datetime "updated_at",            :null => false
     t.boolean  "project_administrator"
   end
 
-  create_table "project_guidance", id: false, force: :cascade do |t|
-    t.integer "project_id",        limit: 4, null: false
-    t.integer "guidance_group_id", limit: 4, null: false
+  create_table "project_guidance", :id => false, :force => true do |t|
+    t.integer "project_id",        :null => false
+    t.integer "guidance_group_id", :null => false
   end
 
-  add_index "project_guidance", ["project_id", "guidance_group_id"], name: "index_project_guidance_on_project_id_and_guidance_group_id", using: :btree
+  add_index "project_guidance", ["project_id", "guidance_group_id"], :name => "index_project_guidance_on_project_id_and_guidance_group_id"
 
-  create_table "projects", force: :cascade do |t|
-    t.string   "title",                             limit: 255
-    t.integer  "dmptemplate_id",                    limit: 4
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.string   "slug",                              limit: 255
-    t.integer  "organisation_id",                   limit: 4
-    t.string   "grant_number",                      limit: 255
-    t.string   "identifier",                        limit: 255
-    t.text     "description",                       limit: 65535
-    t.string   "principal_investigator",            limit: 255
-    t.string   "principal_investigator_identifier", limit: 255
-    t.string   "data_contact",                      limit: 255
-    t.string   "funder_name",                       limit: 255
+  create_table "projects", :force => true do |t|
+    t.string   "title"
+    t.integer  "dmptemplate_id"
+    t.datetime "created_at",                        :null => false
+    t.datetime "updated_at",                        :null => false
+    t.string   "slug"
+    t.integer  "organisation_id"
+    t.string   "grant_number"
+    t.string   "identifier"
+    t.text     "description"
+    t.string   "principal_investigator"
+    t.string   "principal_investigator_identifier"
+    t.string   "data_contact"
+    t.string   "funder_name"
   end
 
-  add_index "projects", ["slug"], name: "index_projects_on_slug", unique: true, using: :btree
+  add_index "projects", ["slug"], :name => "index_projects_on_slug", :unique => true
 
-  create_table "question_formats", force: :cascade do |t|
-    t.string   "title",       limit: 255
-    t.text     "description", limit: 65535
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
+  create_table "question_formats", :force => true do |t|
+    t.string   "title"
+    t.text     "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
   end
 
-  create_table "questions", force: :cascade do |t|
-    t.text     "text",                   limit: 65535
-    t.text     "default_value",          limit: 65535
-    t.text     "guidance",               limit: 65535
-    t.integer  "number",                 limit: 4
-    t.integer  "parent_id",              limit: 4
-    t.integer  "dependency_id",          limit: 4
-    t.text     "dependency_text",        limit: 65535
-    t.integer  "section_id",             limit: 4
-    t.datetime "created_at",                                          null: false
-    t.datetime "updated_at",                                          null: false
-    t.integer  "question_format_id",     limit: 4
-    t.boolean  "option_comment_display",               default: true
+  create_table "questions", :force => true do |t|
+    t.text     "text"
+    t.text     "default_value"
+    t.text     "guidance"
+    t.integer  "number"
+    t.integer  "parent_id"
+    t.integer  "dependency_id"
+    t.text     "dependency_text"
+    t.integer  "section_id"
+    t.datetime "created_at",                               :null => false
+    t.datetime "updated_at",                               :null => false
+    t.integer  "question_format_id"
+    t.boolean  "option_comment_display", :default => true
   end
 
-  create_table "questions_themes", id: false, force: :cascade do |t|
-    t.integer "question_id", limit: 4, null: false
-    t.integer "theme_id",    limit: 4, null: false
+  create_table "questions_themes", :id => false, :force => true do |t|
+    t.integer "question_id", :null => false
+    t.integer "theme_id",    :null => false
   end
 
-  add_index "questions_themes", ["question_id", "theme_id"], name: "index_questions_themes_on_question_id_and_theme_id", using: :btree
+  add_index "questions_themes", ["question_id", "theme_id"], :name => "index_questions_themes_on_question_id_and_theme_id"
 
-  create_table "region_groups", force: :cascade do |t|
-    t.integer "super_region_id", limit: 4
-    t.integer "region_id",       limit: 4
+  create_table "roles", :force => true do |t|
+    t.string   "name"
+    t.datetime "created_at",    :null => false
+    t.datetime "updated_at",    :null => false
+    t.boolean  "role_in_plans"
+    t.integer  "resource_id"
+    t.string   "resource_type"
   end
 
-  create_table "regions", force: :cascade do |t|
-    t.string "abbreviation", limit: 255
-    t.string "description",  limit: 255
-    t.string "name",         limit: 255
-  end
+  add_index "roles", ["name"], :name => "index_roles_on_name"
+  add_index "roles", ["name"], :name => "index_roles_on_name_and_resource_type_and_resource_id"
 
-  create_table "roles", force: :cascade do |t|
-    t.string   "name",          limit: 255
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.boolean  "role_in_plans", limit: 1
-    t.integer  "resource_id",   limit: 4
-    t.string   "resource_type", limit: 255
-  end
-
-  add_index "roles", ["name"], name: "index_roles_on_name", using: :btree
-  add_index "roles", ["name"], name: "index_roles_on_name_and_resource_type_and_resource_id", using: :btree
-
-  create_table "sections", force: :cascade do |t|
-    t.string   "title",           limit: 255
-    t.text     "description",     limit: 65535
-    t.integer  "number",          limit: 4
-    t.integer  "version_id",      limit: 4
-    t.integer  "organisation_id", limit: 4
-    t.datetime "created_at",                    null: false
-    t.datetime "updated_at",                    null: false
+  create_table "sections", :force => true do |t|
+    t.string   "title"
+    t.text     "description"
+    t.integer  "number"
+    t.integer  "version_id"
+    t.integer  "organisation_id"
+    t.datetime "created_at",      :null => false
+    t.datetime "updated_at",      :null => false
     t.boolean  "published"
   end
 
-  create_table "settings", force: :cascade do |t|
-    t.string   "var",         limit: 255,   null: false
-    t.text     "value",       limit: 65535
-    t.integer  "target_id",   limit: 4,     null: false
-    t.string   "target_type", limit: 255,   null: false
-    t.datetime "created_at"
-    t.datetime "updated_at"
+  create_table "settings", :force => true do |t|
+    t.string   "var",         :null => false
+    t.text     "value"
+    t.integer  "target_id",   :null => false
+    t.string   "target_type", :null => false
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
   end
 
-  add_index "settings", ["target_type", "target_id", "var"], name: "index_settings_on_target_type_and_target_id_and_var", unique: true, using: :btree
+  add_index "settings", ["target_type", "target_id", "var"], :name => "index_settings_on_target_type_and_target_id_and_var", :unique => true
 
-  create_table "splash_logs", force: :cascade do |t|
-    t.string   "destination", limit: 255
-    t.datetime "created_at",              null: false
-    t.datetime "updated_at",              null: false
+  create_table "splash_logs", :force => true do |t|
+    t.string   "destination"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
   end
 
-  create_table "suggested_answers", force: :cascade do |t|
-    t.integer  "question_id",     limit: 4
-    t.integer  "organisation_id", limit: 4
-    t.text     "text",            limit: 65535
-    t.datetime "created_at",                    null: false
-    t.datetime "updated_at",                    null: false
+  create_table "suggested_answers", :force => true do |t|
+    t.integer  "question_id"
+    t.integer  "organisation_id"
+    t.text     "text"
+    t.datetime "created_at",      :null => false
+    t.datetime "updated_at",      :null => false
     t.boolean  "is_example"
   end
 
-  create_table "themes", force: :cascade do |t|
-    t.string   "title",       limit: 255
-    t.text     "description", limit: 65535
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
-    t.string   "locale",      limit: 255
+  create_table "themes", :force => true do |t|
+    t.string   "title"
+    t.text     "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
+    t.string   "locale"
   end
 
-  create_table "themes_in_guidance", id: false, force: :cascade do |t|
-    t.integer "theme_id",    limit: 4
-    t.integer "guidance_id", limit: 4
+  create_table "themes_in_guidance", :id => false, :force => true do |t|
+    t.integer "theme_id"
+    t.integer "guidance_id"
   end
 
-  create_table "token_permission_types", force: :cascade do |t|
-    t.string   "token_type",      limit: 255
-    t.text     "text_desription", limit: 65535
+  create_table "user_org_roles", :force => true do |t|
+    t.integer  "user_id"
+    t.integer  "organisation_id"
+    t.integer  "user_role_type_id"
+    t.datetime "created_at",        :null => false
+    t.datetime "updated_at",        :null => false
+  end
+
+  create_table "user_role_types", :force => true do |t|
+    t.string   "name"
+    t.text     "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
+  end
+
+  create_table "user_statuses", :force => true do |t|
+    t.string   "name"
+    t.text     "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
+  end
+
+  create_table "user_types", :force => true do |t|
+    t.string   "name"
+    t.text     "description"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
+  end
+
+  create_table "users", :force => true do |t|
+    t.string   "firstname"
+    t.string   "surname"
+    t.string   "email",                  :default => "", :null => false
+    t.string   "orcid_id"
+    t.string   "shibboleth_id"
+    t.integer  "user_type_id"
+    t.integer  "user_status_id"
     t.datetime "created_at"
     t.datetime "updated_at"
-  end
-
-  create_table "user_org_roles", force: :cascade do |t|
-    t.integer  "user_id",           limit: 4
-    t.integer  "organisation_id",   limit: 4
-    t.integer  "user_role_type_id", limit: 4
-    t.datetime "created_at"
-    t.datetime "updated_at"
-  end
-
-  create_table "user_role_types", force: :cascade do |t|
-    t.string   "name",        limit: 255
-    t.text     "description", limit: 65535
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
-  end
-
-  create_table "user_statuses", force: :cascade do |t|
-    t.string   "name",        limit: 255
-    t.text     "description", limit: 65535
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
-  end
-
-  create_table "user_types", force: :cascade do |t|
-    t.string   "name",        limit: 255
-    t.text     "description", limit: 65535
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
-  end
-
-  create_table "users", force: :cascade do |t|
-    t.string   "firstname",              limit: 255
-    t.string   "surname",                limit: 255
-    t.string   "email",                  limit: 255, default: "", null: false
-    t.string   "orcid_id",               limit: 255
-    t.string   "shibboleth_id",          limit: 255
-    t.integer  "user_type_id",           limit: 4
-    t.integer  "user_status_id",         limit: 4
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.string   "encrypted_password",     limit: 255, default: ""
-    t.string   "reset_password_token",   limit: 255
+    t.string   "encrypted_password",     :default => ""
+    t.string   "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",          limit: 4,   default: 0
+    t.integer  "sign_in_count",          :default => 0
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
-    t.string   "current_sign_in_ip",     limit: 255
-    t.string   "last_sign_in_ip",        limit: 255
-    t.string   "confirmation_token",     limit: 255
+    t.string   "current_sign_in_ip"
+    t.string   "last_sign_in_ip"
+    t.string   "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
-    t.string   "invitation_token",       limit: 255
+    t.string   "invitation_token"
     t.datetime "invitation_created_at"
     t.datetime "invitation_sent_at"
     t.datetime "invitation_accepted_at"
-    t.string   "other_organisation",     limit: 255
+    t.string   "other_organisation"
+    t.boolean  "dmponline3"
     t.boolean  "accept_terms"
-    t.integer  "organisation_id",        limit: 4
-    t.string   "api_token",              limit: 255
-    t.integer  "invited_by_id",          limit: 4
-    t.string   "invited_by_type",        limit: 255
-    t.integer  "language_id",            limit: 4
+    t.integer  "organisation_id"
   end
 
-  add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree
-  add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree
-  add_index "users", ["invitation_token"], name: "index_users_on_invitation_token", unique: true, using: :btree
-  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
+  add_index "users", ["confirmation_token"], :name => "index_users_on_confirmation_token", :unique => true
+  add_index "users", ["email"], :name => "index_users_on_email", :unique => true
+  add_index "users", ["invitation_token"], :name => "index_users_on_invitation_token", :unique => true
+  add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
 
-  create_table "users_roles", id: false, force: :cascade do |t|
-    t.integer "user_id", limit: 4
-    t.integer "role_id", limit: 4
+  create_table "users_roles", :id => false, :force => true do |t|
+    t.integer "user_id"
+    t.integer "role_id"
   end
 
-  add_index "users_roles", ["user_id", "role_id"], name: "index_users_roles_on_user_id_and_role_id", using: :btree
+  add_index "users_roles", ["user_id", "role_id"], :name => "index_users_roles_on_user_id_and_role_id"
 
-  create_table "versions", force: :cascade do |t|
-    t.string   "title",       limit: 255
-    t.text     "description", limit: 65535
+  create_table "versions", :force => true do |t|
+    t.string   "title"
+    t.text     "description"
     t.boolean  "published"
-    t.integer  "number",      limit: 4
-    t.integer  "phase_id",    limit: 4
-    t.datetime "created_at",                null: false
-    t.datetime "updated_at",                null: false
+    t.integer  "number"
+    t.integer  "phase_id"
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
   end
 
-  add_index "versions", ["phase_id"], name: "index_versions_on_phase_id", using: :btree
+  add_index "versions", ["phase_id"], :name => "index_versions_on_phase_id"
 
-end
+end
\ No newline at end of file
diff --git a/lib/tasks/migrate.rake b/lib/tasks/migrate.rake
new file mode 100644
index 0000000..094bb79
--- /dev/null
+++ b/lib/tasks/migrate.rake
@@ -0,0 +1,7 @@
+namespace :migrate do
+  desc "TODO"
+  task permissions: :environment do
+    User.update_user_permissions
+  end
+
+end