diff --git a/app/controllers/spree/admin/reports_controller_decorator.rb b/app/controllers/spree/admin/reports_controller_decorator.rb
index 0abfd783b5..f0fa2c592b 100644
--- a/app/controllers/spree/admin/reports_controller_decorator.rb
+++ b/app/controllers/spree/admin/reports_controller_decorator.rb
@@ -592,10 +592,12 @@ Spree::Admin::ReportsController.class_eval do
   private
 
   def load_data
+    # Load distributors either owned by the user or selling their enterprises products.
     my_distributors = Enterprise.is_distributor.managed_by(spree_current_user)
     my_suppliers = Enterprise.is_primary_producer.managed_by(spree_current_user)
     distributors_of_my_products = Enterprise.with_distributed_products_outer.merge(Spree::Product.in_any_supplier(my_suppliers))
     @distributors = my_distributors | distributors_of_my_products
+    # Load suppliers either owned by the user or supplying products their enterprises distribute.
     suppliers_of_products_I_distribute = my_distributors.map { |d| Spree::Product.in_distributor(d) }.flatten.map(&:supplier).uniq
     @suppliers = my_suppliers | suppliers_of_products_I_distribute
     @order_cycles = OrderCycle.active_or_complete.accessible_by(spree_current_user).order('orders_close_at DESC')
diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb
index 6da00753b6..c158e90993 100644
--- a/app/models/spree/ability_decorator.rb
+++ b/app/models/spree/ability_decorator.rb
@@ -1,6 +1,8 @@
 class AbilityDecorator
   include CanCan::Ability
 
+  # All abilites are allocated from this initialiser, currently in 5 chunks.
+  # Spree also defines other abilities.
   def initialize(user)
     add_base_abilities user if is_new_user? user
     add_enterprise_management_abilities user if can_manage_enterprises? user
@@ -9,19 +11,22 @@ class AbilityDecorator
     add_relationship_management_abilities user if can_manage_relationships? user
   end
 
-
+  # New users have no enterprises.
   def is_new_user?(user)
     user.enterprises.blank?
   end
 
+  # Users can manage an enterprise if they have one.
   def can_manage_enterprises?(user)
     user.enterprises.present?
   end
 
+  # Users can manage products if they have an enterprise.
   def can_manage_products?(user)
     can_manage_enterprises? user
   end
 
+  # Users can manage orders if they have a sells own/any enterprise.
   def can_manage_orders?(user)
     ( user.enterprises.map(&:sells) & %w(own any) ).any?
   end
@@ -30,6 +35,7 @@ class AbilityDecorator
     can_manage_enterprises? user
   end
 
+  # New users can create an enterprise, and gain other permissions from doing this.
   def add_base_abilities(user)
     can [:create], Enterprise
   end
@@ -47,6 +53,12 @@ class AbilityDecorator
     can [:read, :edit, :update, :bulk_update], Enterprise do |enterprise|
       user.enterprises.include? enterprise
     end
+
+    # All enterprises can have fees, though possibly suppliers don't need them?
+    can [:index, :create], EnterpriseFee
+    can [:admin, :read, :edit, :bulk_update, :destroy], EnterpriseFee do |enterprise_fee|
+      user.enterprises.include? enterprise_fee.enterprise
+    end
   end
 
   def add_product_management_abilities(user)
@@ -66,6 +78,7 @@ class AbilityDecorator
 
     can [:admin, :index, :read, :search], Spree::Taxon
     can [:admin, :index, :read, :create, :edit], Spree::Classification
+
   end
 
   def add_order_management_abilities(user)
@@ -90,11 +103,6 @@ class AbilityDecorator
     end
     can [:for_order_cycle], Enterprise
 
-    can [:index, :create], EnterpriseFee
-    can [:admin, :read, :edit, :bulk_update, :destroy], EnterpriseFee do |enterprise_fee|
-      user.enterprises.include? enterprise_fee.enterprise
-    end
-
     can [:admin, :index, :read, :create, :edit, :update], ExchangeVariant
     can [:admin, :index, :read, :create, :edit, :update], Exchange
     can [:admin, :index, :read, :create, :edit, :update], ExchangeFee
diff --git a/spec/factories.rb b/spec/factories.rb
index 63c733524e..f9c65eb7ff 100644
--- a/spec/factories.rb
+++ b/spec/factories.rb
@@ -93,7 +93,6 @@ FactoryGirl.define do
     owner { FactoryGirl.create :user }
     sequence(:name) { |n| "Enterprise #{n}" }
     sells 'any'
-    is_primary_producer false
     description 'enterprise'
     long_description '<p>Hello, world!</p><p>This is a paragraph.</p>'
     email 'enterprise@example.com'
diff --git a/spec/models/spree/ability_spec.rb b/spec/models/spree/ability_spec.rb
index 5ec2dc2190..4169222fa8 100644
--- a/spec/models/spree/ability_spec.rb
+++ b/spec/models/spree/ability_spec.rb
@@ -6,8 +6,7 @@ module Spree
 
   describe User do
 
-    # TODO work out what permissions are meant to be now...
-    pending "broad permissions" do
+    describe "broad permissions" do
       subject { AbilityDecorator.new(user) }
       let(:user) { create(:user) }
       let(:enterprise_any) { create(:enterprise, sells: 'any') }
@@ -240,15 +239,15 @@ module Spree
         end
       end
 
-      context 'Order Cycle co-ordinator' do
-
+      context 'Order Cycle co-ordinator, distributor enterprise manager' do
         let (:user) do
           user = create(:user)
           user.spree_roles = []
-          s1.enterprise_roles.build(user: user).save
+          d1.enterprise_roles.build(user: user).save
           user
         end
-        let(:oc1) { create(:simple_order_cycle, {coordinator: s1}) }
+
+        let(:oc1) { create(:simple_order_cycle, {coordinator: d1}) }
         let(:oc2) { create(:simple_order_cycle) }
 
         it "should be able to read/write OrderCycles they are the co-ordinator of" do