diff --git a/app/controllers/ip_bans_controller.rb b/app/controllers/ip_bans_controller.rb
index d63637a41..683bac750 100644
--- a/app/controllers/ip_bans_controller.rb
+++ b/app/controllers/ip_bans_controller.rb
@@ -1,35 +1,32 @@
 class IpBansController < ApplicationController
   respond_to :html, :xml, :json, :js
-  before_action :moderator_only
 
   def new
-    @ip_ban = IpBan.new
+    @ip_ban = authorize IpBan.new(permitted_attributes(IpBan))
+    respond_with(@ip_ban)
   end
 
   def create
-    @ip_ban = CurrentUser.ip_bans.create(ip_ban_params)
+    @ip_ban = authorize IpBan.new(creator: CurrentUser.user, **permitted_attributes(IpBan))
+    @ip_ban.save
     respond_with(@ip_ban, :location => ip_bans_path)
   end
 
   def index
-    @ip_bans = IpBan.paginated_search(params, count_pages: true)
+    @ip_bans = authorize IpBan.paginated_search(params, count_pages: true)
     @ip_bans = @ip_bans.includes(:creator) if request.format.html?
 
     respond_with(@ip_bans)
   end
 
   def destroy
-    @ip_ban = IpBan.find(params[:id])
+    @ip_ban = authorize IpBan.find(params[:id])
     @ip_ban.destroy
     respond_with(@ip_ban)
   end
 
   private
 
-  def ip_ban_params
-    params.fetch(:ip_ban, {}).permit(%i[ip_addr reason])
-  end
-
   def search_params
     params.fetch(:search, {}).permit(%i[ip_addr order])
   end
diff --git a/app/policies/ip_ban_policy.rb b/app/policies/ip_ban_policy.rb
new file mode 100644
index 000000000..c9b290ee2
--- /dev/null
+++ b/app/policies/ip_ban_policy.rb
@@ -0,0 +1,17 @@
+class IpBanPolicy < ApplicationPolicy
+  def create?
+    user.is_moderator?
+  end
+
+  def index?
+    user.is_moderator?
+  end
+
+  def destroy?
+    user.is_moderator?
+  end
+
+  def permitted_attributes
+    [:ip_addr, :reason]
+  end
+end
diff --git a/app/views/static/site_map.html.erb b/app/views/static/site_map.html.erb
index bdb558770..517edc1fd 100644
--- a/app/views/static/site_map.html.erb
+++ b/app/views/static/site_map.html.erb
@@ -157,6 +157,9 @@
         <% if CurrentUser.is_moderator? %>
           <li><%= link_to("Moderation Reports", moderation_reports_path) %></li>
           <li><%= link_to("IP Addresses", ip_addresses_path) %></li>
+        <% end %>
+
+        <% if policy(IpBan).index? %>
           <li><%= link_to("IP Bans", ip_bans_path) %></li>
         <% end %>
 
diff --git a/test/functional/ip_bans_controller_test.rb b/test/functional/ip_bans_controller_test.rb
index ae35133ed..44e98c6ef 100644
--- a/test/functional/ip_bans_controller_test.rb
+++ b/test/functional/ip_bans_controller_test.rb
@@ -4,6 +4,7 @@ class IpBansControllerTest < ActionDispatch::IntegrationTest
   context "The ip bans controller" do
     setup do
       @admin = create(:admin_user)
+      @ip_ban = create(:ip_ban)
     end
 
     context "new action" do
@@ -17,17 +18,12 @@ class IpBansControllerTest < ActionDispatch::IntegrationTest
       should "create a new ip ban" do
         assert_difference("IpBan.count", 1) do
           post_auth ip_bans_path, @admin, params: {:ip_ban => {:ip_addr => "1.2.3.4", :reason => "xyz"}}
+          assert_response :redirect
         end
       end
     end
 
     context "index action" do
-      setup do
-        as(@admin) do
-          create(:ip_ban)
-        end
-      end
-
       should "render" do
         get_auth ip_bans_path, @admin
         assert_response :success
@@ -42,15 +38,10 @@ class IpBansControllerTest < ActionDispatch::IntegrationTest
     end
 
     context "destroy action" do
-      setup do
-        as(@admin) do
-          @ip_ban = create(:ip_ban)
-        end
-      end
-
       should "destroy an ip ban" do
         assert_difference("IpBan.count", -1) do
           delete_auth ip_ban_path(@ip_ban), @admin, params: {:format => "js"}
+          assert_response :success
         end
       end
     end