diff --git a/spec/policies/map_policy_spec.rb b/spec/policies/map_policy_spec.rb
new file mode 100644
index 00000000..b160fead
--- /dev/null
+++ b/spec/policies/map_policy_spec.rb
@@ -0,0 +1,97 @@
+require 'rails_helper'
+
+RSpec.describe MapPolicy, type: :policy do
+  subject { described_class }
+
+  context 'unauthenticated' do
+    context 'commons' do
+      let(:map) { create(:map, permission: :commons) }
+      permissions :show? do
+        it 'can view' do
+          expect(subject).to permit(nil, map)
+        end
+      end
+      permissions :create?, :update?, :destroy? do
+        it 'can not modify' do
+          expect(subject).to_not permit(nil, map)
+        end
+      end
+    end
+
+    context 'private' do
+      let(:map) { create(:map, permission: :private) }
+      permissions :show?, :create?, :update?, :destroy? do
+        it 'can not view or modify' do
+          expect(subject).to_not permit(nil, map)
+        end
+      end
+    end
+  end
+
+  #
+  # Now begin the logged-in tests
+  #
+
+  context 'logged in' do
+    let(:user) { create(:user) }
+
+    context 'commons' do
+      let(:owner) { create(:user) }
+      let(:map) { create(:map, permission: :commons, user: owner) }
+      permissions :show?, :create?, :update? do
+        it 'can view and modify' do
+          expect(subject).to permit(user, map)
+        end
+      end
+      permissions :destroy? do
+        it 'can not destroy' do
+          expect(subject).to_not permit(user, map)
+        end
+        it 'owner can destroy' do
+          expect(subject).to permit(owner, map)
+        end
+      end
+    end
+
+    context 'public' do
+      let(:owner) { create(:user) }
+      let(:map) { create(:map, permission: :public, user: owner) }
+      permissions :show? do
+        it 'can view' do
+          expect(subject).to permit(user, map)
+        end
+      end
+      permissions :create? do
+        it 'can create' do
+          expect(subject).to permit(user, map)
+        end
+      end
+      permissions :update?, :destroy? do
+        it 'can not update/destroy' do
+          expect(subject).to_not permit(user, map)
+        end
+        it 'owner can update/destroy' do
+          expect(subject).to permit(owner, map)
+        end
+      end
+    end
+
+    context 'private' do
+      let(:owner) { create(:user) }
+      let(:map) { create(:map, permission: :private, user: owner) }
+      permissions :create? do
+        it 'can create' do
+          expect(subject).to permit(user, map)
+        end
+      end
+      permissions :show?, :update?, :destroy? do
+        it 'can not view or modify' do
+          expect(subject).to_not permit(user, map)
+        end
+        it 'owner can view and modify' do
+          expect(subject).to permit(owner, map)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 08ffd17f..d4028602 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,5 +1,6 @@
 require 'simplecov'
 require 'support/controller_helpers'
+require 'pundit/rspec'
 
 RSpec.configure do |config|
   config.expect_with :rspec do |expectations|