diff --git a/app/models/ability.rb b/app/models/ability.rb
index c898119ab..5eb042d99 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -1,6 +1,4 @@
 # frozen_string_literal: true
-# See the wiki for details:
-# https://github.com/ryanb/cancan/wiki/Defining-Abilities
 
 class Ability
   include CanCan::Ability
@@ -24,7 +22,6 @@ def initialize(user)
       can :crud, User, id: user.id
       can :resend_confirmation_instruction, User, id: user.id
       can :read, :mailing  if signed_in?(user)
-      # TODO is this solid? || refactor
       can :read, Mailing do |mailing|
         mailing.recipient? user
       end
@@ -33,47 +30,28 @@ def initialize(user)
       # current_student
       can :crud, Conference if user.current_student?
 
-      # team member
-
       # supervisor
       can :read, :users_info if user.supervisor?
-      # CHECK is this solid?
       can :read_email, User do |other_user|
         user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
       end
 
+      # project submitter
+      can :crud, Project, submitter_id: user.id
+      can :use_as_template, Project do |project|
+        user == project.submitter && !project.season&.current?
+      end
 
       # admin
       if user.admin?
         can :manage, :all
+        can :read_email, User if user.admin? # even when user marked email hidden  # view helper
+        # add cannot's only; after this line
         cannot :create, User # this only happens through GitHub
-        # only add what they cannot; the following should be redundant
-        # can [:read, :update, :destroy], User if user.admin?
-        # can :manage, User if user.admin? #including resending ?? check
-        # can :resend_confirmation_instruction, User if user.admin?
-        can :read_email, User if user.admin? # even when user marked email hidden  # view helper #Todo check
-        # can :read, :users_info if user.admin?
-        # can :crud, Conference if user.admin?
-        # can :crud, :comments if user.admin? # TODO make this work for associations
       end
 
-
-      ### please don't read below this line - it's a mess
-      ################# OLD FILE, # = moved to or rewritten above #############
-
-      # can :crud, User, id: user.id
-      # can :crud, User if user.admin?
-      # can :resend_confirmation_instruction, User, id: user.id
-      # can :resend_confirmation_instruction, User if user.admin?
-
-
-      # visibility of email address in user profile
-      # can :read_email, User, id: user.id if !user.hide_email?
-      # can :read_email, User if user.admin?
-      # Refactor note: split these over abilities
-      # can :read_email, User do |other_user|
-      #   user.confirmed? && (supervises?(other_user, user) || !other_user.hide_email?)
-      # end
+      ################# OLD FILE, # = moved to or rewritten above ############
+      # NOT everything moved yet #
 
       can :crud, Team do |team|
         user.admin? || signed_in?(user) && team.new_record? || on_team?(user, team)
@@ -115,34 +93,9 @@ def initialize(user)
         user.admin? || (preference.team.students.include? user)
       end
 
-      # can :crud, Conference if user.admin? || user.current_student?
-
-      # todo add mailing controller and view for users in their namespace, where applicable
-      # can :read, Mailing do |mailing|
-      #   mailing.recipient? user
-      # end
-
-      # can :crud, :comments if user.admin?
-      # can :read, :users_info if user.admin? || user.supervisor?
-
-      # projects
-      can :crud, Project do |project|
-        user.admin? ||
-          (user.confirmed? && user == project.submitter)
-      end
-      can :use_as_template, Project do |project|
-        user == project.submitter && !project.season&.current?
-      end
-
-      # can :create, Project if user.confirmed?
-      # cannot :create, Project if !user.confirmed? # not copied over, same as the one before
-
-      # activities
-      # can :read, :feed_entry
-      # can :read, :mailing if signed_in?(user)
-
       # applications
       can :create, :application_draft if user.student? && user.application_drafts.in_current_season.none?
+
     end # confirmed?
   end # initializer
 
diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb
index 9a9cd2070..b7db0eacf 100644
--- a/spec/models/ability_spec.rb
+++ b/spec/models/ability_spec.rb
@@ -175,8 +175,6 @@
         end
       end
 
-      # i am here
-
       describe "just orga members, team's supervisor and team's students should be able to see offered conference for a team" do
         let(:user) { build(:student)}
 
@@ -382,7 +380,7 @@
         it 'cannot be created if I am not confirmed' do
           user.confirmed_at = nil
           user.save
-          expect(subject).not_to be_able_to :create, Project
+          expect(subject).not_to be_able_to :create, Project.new
         end
 
       end