diff --git a/app/controllers/code_harbor_links_controller.rb b/app/controllers/code_harbor_links_controller.rb
index 849af648..71e19d43 100644
--- a/app/controllers/code_harbor_links_controller.rb
+++ b/app/controllers/code_harbor_links_controller.rb
@@ -1,70 +1,62 @@
 class CodeHarborLinksController < ApplicationController
+  include CommonBehavior
   before_action :set_code_harbor_link, only: [:show, :edit, :update, :destroy]
 
+  def authorize!
+    authorize(@code_harbor_link || @code_harbor_links)
+  end
+  private :authorize!
+
   # GET /code_harbor_links
   # GET /code_harbor_links.json
   def index
     @code_harbor_links = CodeHarborLink.all
+    authorize!
   end
 
   # GET /code_harbor_links/1
   # GET /code_harbor_links/1.json
   def show
+    authorize!
   end
 
   # GET /code_harbor_links/new
   def new
     @code_harbor_link = CodeHarborLink.new
+    authorize!
   end
 
   # GET /code_harbor_links/1/edit
   def edit
+    authorize!
   end
 
   # POST /code_harbor_links
   # POST /code_harbor_links.json
   def create
     @code_harbor_link = CodeHarborLink.new(code_harbor_link_params)
-
-    respond_to do |format|
-      if @code_harbor_link.save
-        format.html { redirect_to @code_harbor_link, notice: 'Code harbor link was successfully created.' }
-        format.json { render :show, status: :created, location: @code_harbor_link }
-      else
-        format.html { render :new }
-        format.json { render json: @code_harbor_link.errors, status: :unprocessable_entity }
-      end
-    end
+    authorize!
+    create_and_respond(object: @code_harbor_link)
   end
 
   # PATCH/PUT /code_harbor_links/1
   # PATCH/PUT /code_harbor_links/1.json
   def update
-    respond_to do |format|
-      if @code_harbor_link.update(code_harbor_link_params)
-        format.html { redirect_to @code_harbor_link, notice: 'Code harbor link was successfully updated.' }
-        format.json { render :show, status: :ok, location: @code_harbor_link }
-      else
-        format.html { render :edit }
-        format.json { render json: @code_harbor_link.errors, status: :unprocessable_entity }
-      end
-    end
+    update_and_respond(object: @code_harbor_link, params: code_harbor_link_params)
+    authorize!
   end
 
   # DELETE /code_harbor_links/1
   # DELETE /code_harbor_links/1.json
   def destroy
-    @code_harbor_link.destroy
-    respond_to do |format|
-      format.html { redirect_to code_harbor_links_url, notice: 'Code harbor link was successfully destroyed.' }
-      format.json { head :no_content }
-    end
+    destroy_and_respond(object: @code_harbor_link)
   end
 
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_code_harbor_link
       @code_harbor_link = CodeHarborLink.find(params[:id])
+      authorize!
     end
 
     # Never trust parameters from the scary internet, only allow the white list through.
diff --git a/app/policies/code_harbor_link_policy.rb b/app/policies/code_harbor_link_policy.rb
new file mode 100644
index 00000000..8726c22a
--- /dev/null
+++ b/app/policies/code_harbor_link_policy.rb
@@ -0,0 +1,3 @@
+class CodeHarborLinkPolicy < AdminOnlyPolicy
+  
+end
diff --git a/db/schema.rb b/db/schema.rb
index d895da3f..33456e7e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,11 +11,17 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150922125415) do
+ActiveRecord::Schema.define(version: 20160204094409) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
+  create_table "code_harbor_links", force: true do |t|
+    t.string   "oauth2token"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
   create_table "comments", force: true do |t|
     t.integer  "user_id"
     t.integer  "file_id"