diff --git a/client/coral-admin/src/containers/LayoutContainer.js b/client/coral-admin/src/containers/LayoutContainer.js
index b72acb59c..d4440c454 100644
--- a/client/coral-admin/src/containers/LayoutContainer.js
+++ b/client/coral-admin/src/containers/LayoutContainer.js
@@ -6,7 +6,7 @@ import {toggleModal as toggleShortcutModal} from '../actions/moderation';
 import {fetchConfig} from '../actions/config';
 import {FullLoading} from '../components/FullLoading';
 import AdminLogin from '../components/AdminLogin';
-import roleUtils from 'coral-framework/utils/roles';
+import {can} from 'coral-framework/utils/roles';
 
 class LayoutContainer extends Component {
   componentWillMount () {
@@ -36,7 +36,7 @@ class LayoutContainer extends Component {
         recaptchaPublic={TALK_RECAPTCHA_PUBLIC}
         errorMessage={loginError} />;
     }
-    if (roleUtils.canAccessAdmin(user) && loggedIn) {
+    if (can(user, 'ACCESS_ADMIN') && loggedIn) {
       return <Layout handleLogout={handleLogout} toggleShortcutModal={toggleShortcutModal} {...this.props} />;
     } else if (loggedIn) {
       return <p>you do not have permission to see this page.</p>;
diff --git a/client/coral-framework/utils/roles.js b/client/coral-framework/utils/roles.js
index 63d34fb41..41fd8abfa 100644
--- a/client/coral-framework/utils/roles.js
+++ b/client/coral-framework/utils/roles.js
@@ -1,30 +1,29 @@
 import intersection from 'lodash/intersection';
 
 const basicRoles = {
-  hasStaffTag: ['ADMIN', 'MODERATOR', 'STAFF']
+  HAS_STAFF_TAG: ['ADMIN', 'MODERATOR', 'STAFF']
 };
 
 const queryRoles = {
-  canAccessConfig: ['ADMIN', 'MODERATOR'],
-  canAccessAdmin: ['ADMIN', 'MODERATOR'],
-  canViewUserEmails: ['ADMIN']
+  UPDATE_CONFIG: ['ADMIN', 'MODERATOR'],
+  ACCESS_ADMIN: ['ADMIN', 'MODERATOR'],
+  VIEW_USER_EMAILS: ['ADMIN']
 };
 
 const mutationRoles = {
-  canChangeRoles: ['ADMIN'],
-  canModerateComments: ['ADMIN', 'MODERATOR']
+  CHANGE_ROLES: ['ADMIN'],
+  MODERATE_COMMENTS: ['ADMIN', 'MODERATOR']
 };
 
 const roles = {...basicRoles, ...queryRoles, ...mutationRoles};
 
-export const can = (user, perms) => {
-  for (let perm in perms) {
+export const can = (user, ...perms) => {
+  return perms.every(perm => {
     const role = roles[perm];
     if (typeof role === 'undefined') {
-      continue;
+      throw new Error(`${perm} is not a valid role`);
     }
-    let grant = intersection(role, user.roles).length > 0;
-    return grant;
-  }
-  return false;
+
+    return intersection(role, user.roles).length > 0;
+  });
 };
diff --git a/models/user.js b/models/user.js
index 932d11775..1a7b0fa7b 100644
--- a/models/user.js
+++ b/models/user.js
@@ -190,7 +190,7 @@ UserSchema.method('verifyPassword', function(password) {
  * operation.
  */
 UserSchema.method('can', function(...actions) {
-  return can(this, null, actions);
+  return can(this, null, ...actions);
 });
 
 // Create the User model.
diff --git a/perms/index.js b/perms/index.js
index b2baf00ec..9d29c1e57 100644
--- a/perms/index.js
+++ b/perms/index.js
@@ -3,19 +3,21 @@ const queries = require('./queryReducer');
 const mutations = require('./mutationReducer');
 
 const reducers = [
-  root.reducer,
-  queries.reducer,
-  mutations.reducer
+  root,
+  queries,
+  mutations
 ];
 
 // this will make 'reducer' a key in this array. hm.
 const allPermissions = [...Object.keys(root), ...Object.keys(queries), ...Object.keys(mutations)];
 
-const findGrant = (user, perms, context, initialState) => {
+const findGrant = (user, perms, context) => {
+
   return perms.every(perm => {
 
-    for (let reducer in reducers) {
-      const grant = reducer(user, perm, context, initialState);
+    for (let key in reducers) {
+      const reducer = reducers[key];
+      const grant = reducer.checkRoles(user, perm, context);
 
       if (grant !== null && typeof grant !== 'undefined') {
         return grant;
@@ -38,12 +40,14 @@ module.exports = (user, context, ...perms) => {
 
   // make sure all the passed permissions are not typos
   const missingPerms = perms.filter(perm => {
-    return typeof allPermissions[perm] === 'undefined';
+    return allPermissions.indexOf(perm) === -1;
   });
 
   if (missingPerms.length) {
+
+    // not sure if this is working.
     throw new Error(`${missingPerms.join(' ')} are not valid permissions.`);
   }
 
-  return findGrant(user, perms, context, null);
+  return findGrant(user, perms, context);
 };
diff --git a/perms/mutationReducer.js b/perms/mutationReducer.js
index 9aa34b017..5f763805d 100644
--- a/perms/mutationReducer.js
+++ b/perms/mutationReducer.js
@@ -15,7 +15,7 @@ module.exports = {
   REMOVE_COMMENT_TAG: 'REMOVE_COMMENT_TAG',
   UPDATE_USER_ROLES: 'UPDATE_USER_ROLES',
   UPDATE_CONFIG: 'UPDATE_CONFIG',
-  reducer: function (user, perm, context, initialState) {
+  checkRoles: function (user, perm, context) {
     switch (perm) {
     case this.CREATE_COMMENT:
       return true;
@@ -40,7 +40,7 @@ module.exports = {
     case this.UPDATE_CONFIG:
       return check(user, ['ADMIN', 'MODERATOR']);
     default:
-      return initialState;
+      break;
     }
   }
 };
diff --git a/perms/queryReducer.js b/perms/queryReducer.js
index 9e97c8ec4..bea059639 100644
--- a/perms/queryReducer.js
+++ b/perms/queryReducer.js
@@ -10,7 +10,7 @@ module.exports = {
   SEARCH_NON_NULL_OR_ACCEPTED_COMMENTS: 'SEARCH_NON_NULL_OR_ACCEPTED_COMMENTS',
   SEARCH_OTHERS_COMMENTS: 'SEARCH_OTHERS_COMMENTS',
   SEARCH_COMMENT_METRICS: 'SEARCH_COMMENT_METRICS',
-  reducer: function (perm, user, context, initialState) {
+  checkRoles: function (user, perm, context) {
     switch (perm) {
     case this.SEARCH_ASSETS:
       return check(user, ['ADMIN', 'MODERATOR']);
@@ -25,7 +25,7 @@ module.exports = {
     case this.SEARCH_COMMENT_METRICS:
       return check(user, ['ADMIN', 'MODERATOR']);
     default:
-      return initialState;
+      break;
     }
   }
 };
diff --git a/perms/rootReducer.js b/perms/rootReducer.js
index e8552c765..344c33ada 100644
--- a/perms/rootReducer.js
+++ b/perms/rootReducer.js
@@ -1,11 +1,9 @@
 module.exports = {
-  reducer: function (perm, user, context, initialState) {
+  checkRoles: function (user, perm, context) {
 
     // this runs before everything
     if (user.status === 'BANNED') {
       return false;
     }
-
-    return initialState;
   }
 };