diff --git a/app/helpers/build_lists_helper.rb b/app/helpers/build_lists_helper.rb
index ea211e81b..98dbb726f 100644
--- a/app/helpers/build_lists_helper.rb
+++ b/app/helpers/build_lists_helper.rb
@@ -294,8 +294,9 @@ module BuildListsHelper
   end
 
   def default_extra_repos(project)
-    project.repositories.joins(:platform).accessible_by(current_ability, :read)
-           .where(platforms: { platform_type: 'personal' }).map do |extra|
+    scope = project.repositories.joins(:platform).where(platforms: { platform_type: 'personal' })
+    scope = PlatformPolicy::Scope.new(current_user, scope).show
+    scope.map do |extra|
       {
         id:              extra.id,
         platform_id:     extra.platform.id,
diff --git a/app/models/build_list.rb b/app/models/build_list.rb
index ba8e85ac3..00a06d846 100644
--- a/app/models/build_list.rb
+++ b/app/models/build_list.rb
@@ -724,10 +724,6 @@ class BuildList < ActiveRecord::Base
     save
   end
 
-  # def current_ability
-  #   @current_ability ||= Ability.new(user)
-  # end
-
   def prepare_extra_repositories
     if save_to_platform && save_to_platform.main?
       self.extra_repositories = nil
diff --git a/app/models/search.rb b/app/models/search.rb
index f9b11020d..3e62d1bba 100644
--- a/app/models/search.rb
+++ b/app/models/search.rb
@@ -19,9 +19,7 @@ class Search < Struct.new(:query, :user, :paginate_params)
         User.opened
       else
         klass = type.classify.constantize
-        # scope_policy(type.classify.constantize).accessible_by(ability, :show)
-        "#{klass}Policy::Scope".classify.constantize.new(user, klass).show
-        # policy_scope(type.classify.constantize).show
+        "#{klass}Policy::Scope".constantize.new(user, klass).show
       end
     scope.search(query).
           search_order.
diff --git a/app/views/projects/build_lists/index.html.slim b/app/views/projects/build_lists/index.html.slim
index 0319034ec..f90a10da5 100644
--- a/app/views/projects/build_lists/index.html.slim
+++ b/app/views/projects/build_lists/index.html.slim
@@ -3,7 +3,7 @@
 .row.offset10 ng-controller = 'BuildListsController' ng-init = 'init()' ng-cloak = true
   = hidden_field_tag :name_with_owner, @project.try(:name_with_owner)
   .col-lg-2.col-sm-12
-    -if @project and can?(:create, @project.build_lists.build)
+    -if @project && policy(@project.build_lists.build).create?
 
         button.btn.btn-primary.btn-block[ id = 'filter_new_build'
             type    = 'button'
diff --git a/lib/plugins/grack/auth.rb b/lib/plugins/grack/auth.rb
index 79eb318a0..857ac2776 100644
--- a/lib/plugins/grack/auth.rb
+++ b/lib/plugins/grack/auth.rb
@@ -12,7 +12,7 @@ module Grack
 
         return ::Rack::Auth::Basic.new(@app) do |u, p|
           user                = User.auth_by_token_or_login_pass(u, p) and
-          ability             = ::Ability.new(user) and ability.can?(action, project) and
+          ability             = ProjectPolicy.new(user, project).send("#{action}?") and
           ENV['GL_ID']        = "user-#{user.id}" and
           ENV['GL_REPO_NAME'] = project.path
         end.call(env) unless project.public? && read? # need auth