Use cancancan to load pages and cards

Like we do in most places in the application.

app/controllers/admin/site_customization/cards_controller.rb

@@ -1,8 +1,8 @@
 class Admin::SiteCustomization::CardsController < Admin::SiteCustomization::BaseController
   skip_authorization_check
+  load_and_authorize_resource :page, class: "::SiteCustomization::Page"
+  load_and_authorize_resource :card, through: :page, class: "Widget::Card"
 
   def index
-    @page = ::SiteCustomization::Page.find(params[:page_id])
-    @cards = @page.cards
   end
 end

app/models/abilities/administrator.rb

@@ -88,6 +88,7 @@ module Abilities
       can :manage, SiteCustomization::Page
       can :manage, SiteCustomization::Image
       can :manage, SiteCustomization::ContentBlock
+      can :manage, Widget::Card
 
       can :access, :ckeditor
       can :manage, Ckeditor::Picture

spec/models/abilities/administrator_spec.rb

@@ -112,4 +112,6 @@ describe Abilities::Administrator do
   it { should be_able_to(:read, SDG::Manager) }
   it { should be_able_to(:create, SDG::Manager) }
   it { should be_able_to(:destroy, SDG::Manager) }
+
+  it { should be_able_to(:manage, Widget::Card) }
 end