diff --git a/app/controllers/contributors_controller.rb b/app/controllers/contributors_controller.rb
index a92ea53356..3c210b63d4 100644
--- a/app/controllers/contributors_controller.rb
+++ b/app/controllers/contributors_controller.rb
@@ -30,7 +30,7 @@ def edit
   # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
   # POST /plans/:plan_id/contributors
   def create
-    authorize @plan
+    authorize @plan, :edit?
 
     args = translate_roles(hash: contributor_params)
     args = process_org(hash: args)
diff --git a/app/controllers/org_admin/phase_versions_controller.rb b/app/controllers/org_admin/phase_versions_controller.rb
index 1d8ae32444..096acd4867 100644
--- a/app/controllers/org_admin/phase_versions_controller.rb
+++ b/app/controllers/org_admin/phase_versions_controller.rb
@@ -8,7 +8,7 @@ class PhaseVersionsController < ApplicationController
     # POST /org_admin/templates/:template_id/phases/:phase_id/versions
     def create
       @phase = Phase.find(params[:phase_id])
-      authorize @phase, :create?
+      authorize @phase
       @new_phase = get_modifiable(@phase)
       flash[:notice] = if @new_phase == @phase
                          'This template is already a draft'
diff --git a/app/controllers/paginable/plans_controller.rb b/app/controllers/paginable/plans_controller.rb
index 4f17fb41aa..c0c5667f63 100644
--- a/app/controllers/paginable/plans_controller.rb
+++ b/app/controllers/paginable/plans_controller.rb
@@ -7,7 +7,7 @@ class PlansController < ApplicationController
 
     # /paginable/plans/privately_visible/:page
     def privately_visible
-      raise Pundit::NotAuthorizedError unless Paginable::PlanPolicy.new(current_user).privately_visible?
+      authorize Plan
 
       paginable_renderise(
         partial: 'privately_visible',
@@ -19,9 +19,7 @@ def privately_visible
 
     # GET /paginable/plans/organisationally_or_publicly_visible/:page
     def organisationally_or_publicly_visible
-      unless Paginable::PlanPolicy.new(current_user).organisationally_or_publicly_visible?
-        raise Pundit::NotAuthorizedError
-      end
+      authorize Plan
 
       paginable_renderise(
         partial: 'organisationally_or_publicly_visible',
diff --git a/app/policies/department_policy.rb b/app/policies/department_policy.rb
index 1632749478..95018eb5cf 100644
--- a/app/policies/department_policy.rb
+++ b/app/policies/department_policy.rb
@@ -5,6 +5,11 @@
 class DepartmentPolicy < ApplicationPolicy
   # NOTE: @user is the signed_in_user and @record is an instance of Department
 
+  def index?
+    (@user.can_org_admin? && @user.org.id == @department.org_id) ||
+      @user.can_super_admin?
+  end
+
   def new?
     @user.can_org_admin? || @user.can_super_admin?
   end
diff --git a/app/policies/phase_policy.rb b/app/policies/phase_policy.rb
index 18ed607788..5d2b683162 100644
--- a/app/policies/phase_policy.rb
+++ b/app/policies/phase_policy.rb
@@ -12,30 +12,34 @@ class PhasePolicy < ApplicationPolicy
   #  - The template which they are modifying belongs to their org
 
   def show?
-    @user.can_modify_templates?  && (@record.template.org_id == @user.org_id)
+    @user.can_modify_templates? && (@record.template.org_id == @user.org_id)
   end
 
   def preview?
-    @user.can_modify_templates?  &&  (@record.template.org_id == @user.org_id)
+    @user.can_modify_templates? && (@record.template.org_id == @user.org_id)
+  end
+
+  def edit?
+    user.can_modify_templates? && (@record.template.org_id == user.org_id)
   end
 
   def update?
-    @user.can_modify_templates?  &&  (@record.template.org_id == @user.org_id)
+    @user.can_modify_templates? && (@record.template.org_id == @user.org_id)
   end
 
   def new?
-    @user.can_modify_templates?  && (@record.template.org_id == @user.org_id)
+    @user.can_modify_templates? && (@record.template.org_id == @user.org_id)
   end
 
   def create?
-    @user.can_modify_templates?  &&  (@record.template.org_id == @user.org_id)
+    @user.can_modify_templates? && (@record.template.org_id == @user.org_id)
   end
 
   def destroy?
-    @user.can_modify_templates?  &&  (@record.template.org_id == @user.org_id)
+    @user.can_modify_templates? && (@record.template.org_id == @user.org_id)
   end
 
   def sort?
-    @user.can_modify_templates?  &&  (@record.template.org_id == @user.org_id)
+    @user.can_modify_templates? && (@record.template.org_id == @user.org_id)
   end
 end
diff --git a/app/policies/plan_policy.rb b/app/policies/plan_policy.rb
index 1ba95e6580..a2a95f92b6 100644
--- a/app/policies/plan_policy.rb
+++ b/app/policies/plan_policy.rb
@@ -5,6 +5,10 @@
 class PlanPolicy < ApplicationPolicy
   # NOTE: @user is the signed_in_user and @record is an instance of Plan
 
+  def index?
+    @user.present?
+  end
+
   def show?
     @record.readable_by?(@user.id)
   end
@@ -70,4 +74,12 @@ def select_guidances_list?
   def update_guidances_list?
     @record.editable_by?(@user.id)
   end
+
+  def privately_visible?
+    @user.present?
+  end
+
+  def organisationally_or_publicly_visible?
+    @user.present?
+  end
 end