starting with events, tied to profiles (not accounts)

app/policies/edit_own_policy.rb

@@ -2,7 +2,11 @@
 # which can be viewed by anyone
 class EditOwnPolicy < ApplicationPolicy
   def edit?
-    (member == record.member) or member.admin?
+    return true member.admin?
+    owner?
+  end
+  def owner?
+    member == record.member
   end
   alias :update? :edit?
   alias :destroy? :edit?

app/policies/event_policy.rb

@@ -0,0 +1,13 @@
+class EventPolicy < EditOwnPolicy
+
+  def owner?
+    member == record.profile.member
+  end
+
+  class Scope < Scope
+    # NOTE: Be explicit about which records you allow access to!
+    # def resolve
+    #   scope.all
+    # end
+  end
+end