Refactor CanCanCan usage
We have used some manual tricks to get some authorization related things working, due to unfamiliarity with certain features of the CanCanCan authorization framework. I would like to refactor these.
For example using Resource.accessible_by(current_ability)
to retrieve the records for an index page instead of some complex scopes we already used or should use to define the read ability.