diff --git a/app/policies/map_policy.rb b/app/policies/map_policy.rb
new file mode 100644
index 00000000..96a0b724
--- /dev/null
+++ b/app/policies/map_policy.rb
@@ -0,0 +1,48 @@
+class MapPolicy < ApplicationPolicy
+  class Scope < Scope
+    def resolve
+      scope.where('permission IN ("public", "commons") OR user_id = ?', @user.id)
+    end
+  end
+
+  def activemaps?
+    @user.blank? # redirect to root url if authenticated for some reason
+  end
+
+  def featuredmaps?
+    true
+  end
+
+  def mymaps?
+    @user.present?
+  end
+
+  def usermaps?
+    true
+  end
+
+  def show?
+    @record.permission == 'commons' || @record.permission == 'public' || @record.user == @user
+  end
+
+  def contains?
+    show?
+  end
+
+  def create?
+    @user.present?
+  end
+
+  def update?
+    @user.present? && (@record.permission == 'commons' || @record.user == @user)
+    true
+  end
+
+  def screenshot?
+    update?
+  end
+
+  def destroy?
+    @record.user == @user || @user.admin
+  end
+end