def authorize!(role={}, object)
  ability = Ability.new(current_user)
  unless ability.can?(role, object)
    unauthorized!
  end
end