diff --git a/spec/factories/users.rb b/spec/factories/users.rb
index bbff558..e474960 100644
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -33,5 +33,13 @@ FactoryGirl.define do
   factory :user do
     uid    { Faker::Name.name }
     avatar { Identicon.data_url_for uid }
+
+    factory :admin do
+      admin true
+    end
+
+    factory :koelkast do
+      koelkast true
+    end
   end
 end
diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb
new file mode 100644
index 0000000..e417ef7
--- /dev/null
+++ b/spec/models/ability_spec.rb
@@ -0,0 +1,41 @@
+require "cancan/matchers"
+
+describe User do
+  describe "abilities" do
+    subject(:ability){ Ability.new(user) }
+    let(:user) { nil}
+
+    describe "as admin" do
+      let(:user) { create :admin }
+
+      it{ should be_able_to(:manage, Product.new) }
+      it{ should be_able_to(:manage, Order.new) }
+      it{ should be_able_to(:manage, Stock.new) }
+      it{ should be_able_to(:manage, User.new) }
+    end
+
+    describe "as normal user" do
+      let(:user) { create :user }
+
+      it{ should be_able_to(:read, Product.new) }
+      it{ should_not be_able_to(:manage, Product.new) }
+
+      it{ should be_able_to(:manage, Order.new(user: user)) }
+      it{ should_not be_able_to(:manage, Order.new) }
+
+      it{ should_not be_able_to(:manage, Stock.new) }
+
+      it{ should be_able_to(:manage, user) }
+      it{ should_not be_able_to(:manage, User.new) }
+    end
+
+    describe "as koelkast" do
+      let(:user) { create :koelkast }
+
+      it{ should_not be_able_to(:manage, Product.new) }
+      it{ should be_able_to(:manage, Order.new) }
+      it{ should_not be_able_to(:manage, Stock.new) }
+      it{ should_not be_able_to(:manage, User.new) }
+    end
+  end
+end