diff --git a/app/controllers/direct_messages_controller.rb b/app/controllers/direct_messages_controller.rb
index bcac487cd..912f186a3 100644
--- a/app/controllers/direct_messages_controller.rb
+++ b/app/controllers/direct_messages_controller.rb
@@ -1,5 +1,5 @@
 class DirectMessagesController < ApplicationController
-  skip_authorization_check
+  load_and_authorize_resource
 
   def new
     @receiver = User.find(params[:user_id])
diff --git a/app/models/abilities/common.rb b/app/models/abilities/common.rb
index 2c08fc63c..994bf90c0 100644
--- a/app/models/abilities/common.rb
+++ b/app/models/abilities/common.rb
@@ -46,6 +46,8 @@ module Abilities
         can :vote_featured, Proposal
         can :vote, SpendingProposal
         can :create, SpendingProposal
+        can :create, DirectMessage
+        can :show, DirectMessage, sender_id: user.id
       end
 
       can [:new, :create, :show], ProposalNotification do |notification|
diff --git a/spec/factories.rb b/spec/factories.rb
index 0a9645dcb..f642abaf1 100644
--- a/spec/factories.rb
+++ b/spec/factories.rb
@@ -331,4 +331,11 @@ FactoryGirl.define do
     body     "Please let others know so we can make it happen"
     proposal
   end
+
+  factory :direct_message do
+    title    "Hey!"
+    body     "How are You doing?"
+    association :sender,   factory: :user
+    association :receiver, factory: :user
+  end
 end
diff --git a/spec/models/abilities/common_spec.rb b/spec/models/abilities/common_spec.rb
index 468173797..ab14c01bd 100644
--- a/spec/models/abilities/common_spec.rb
+++ b/spec/models/abilities/common_spec.rb
@@ -37,6 +37,10 @@ describe "Abilities::Common" do
   it { should_not be_able_to(:comment_as_administrator, proposal) }
   it { should_not be_able_to(:comment_as_moderator, proposal) }
 
+  it { should be_able_to(:new, DirectMessage) }
+  it { should_not be_able_to(:create, DirectMessage) }
+  it { should_not be_able_to(:show, DirectMessage) }
+
   describe 'flagging content' do
     it { should be_able_to(:flag, debate) }
     it { should be_able_to(:unflag, debate) }
@@ -85,6 +89,7 @@ describe "Abilities::Common" do
 
   describe "when level 2 verified" do
     let(:own_spending_proposal) { create(:spending_proposal, author: user) }
+    let(:own_direct_message) { create(:direct_message, sender: user) }
     before{ user.update(residence_verified_at: Time.now, confirmed_phone: "1") }
 
     it { should be_able_to(:vote, Proposal) }
@@ -93,10 +98,16 @@ describe "Abilities::Common" do
     it { should be_able_to(:create, SpendingProposal) }
     it { should_not be_able_to(:destroy, create(:spending_proposal)) }
     it { should_not be_able_to(:destroy, own_spending_proposal) }
+
+    it { should be_able_to(:new, DirectMessage) }
+    it { should be_able_to(:create, DirectMessage) }
+    it { should be_able_to(:show, own_direct_message) }
+    it { should_not be_able_to(:show, create(:direct_message)) }
   end
 
   describe "when level 3 verified" do
     let(:own_spending_proposal) { create(:spending_proposal, author: user) }
+    let(:own_direct_message) { create(:direct_message, sender: user) }
     before{ user.update(verified_at: Time.now) }
 
     it { should be_able_to(:vote, Proposal) }
@@ -105,5 +116,10 @@ describe "Abilities::Common" do
     it { should be_able_to(:create, SpendingProposal) }
     it { should_not be_able_to(:destroy, create(:spending_proposal)) }
     it { should_not be_able_to(:destroy, own_spending_proposal) }
+
+    it { should be_able_to(:new, DirectMessage) }
+    it { should be_able_to(:create, DirectMessage) }
+    it { should be_able_to(:show, own_direct_message) }
+    it { should_not be_able_to(:show, create(:direct_message)) }
   end
 end