fixes specs and makes stats for admins eyes only

app/controllers/api/api_controller.rb

@@ -1,4 +1,13 @@
 class Api::ApiController < ApplicationController
   before_action :authenticate_user!
   protect_from_forgery with: :null_session
+
+  skip_authorization_check
+  before_action :verify_administrator
+
+  private
+
+    def verify_administrator
+      raise CanCan::AccessDenied unless current_user.try(:administrator?)
+    end
 end