diff --git a/catalyst/api-bundle/Entity/Role.php b/catalyst/api-bundle/Entity/Role.php
index ed2607b1..89637045 100644
--- a/catalyst/api-bundle/Entity/Role.php
+++ b/catalyst/api-bundle/Entity/Role.php
@@ -20,4 +20,9 @@ class Role extends BaseRole
      * @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
      */
     protected $users;
+
+    public function __construct()
+    {
+        parent::__construct();
+    }
 }
diff --git a/catalyst/api-bundle/Entity/User.php b/catalyst/api-bundle/Entity/User.php
index 5edf489b..55d49418 100644
--- a/catalyst/api-bundle/Entity/User.php
+++ b/catalyst/api-bundle/Entity/User.php
@@ -53,23 +53,16 @@ class User extends BaseUser implements UserInterface
      */
     protected $roles;
 
-    // enabled
-    /**
-     * @ORM\Column(type="boolean")
-     */
-    protected $enabled;
-
     public function __construct()
     {
+        parent::__construct();
+
         // generate keys
         $this->setAPIKey($this->generateAPIKey())
             ->setSecretKey($this->generateSecretKey());
 
         // set date created
         $this->date_create = new DateTime();
-        
-        $this->roles = new ArrayCollection();
-        $this->enabled = true;
     }
 
     public function getID()
diff --git a/catalyst/auth-bundle/Entity/Role.php b/catalyst/auth-bundle/Entity/Role.php
index 8cb126eb..bf3a72e8 100644
--- a/catalyst/auth-bundle/Entity/Role.php
+++ b/catalyst/auth-bundle/Entity/Role.php
@@ -4,7 +4,6 @@ namespace Catalyst\AuthBundle\Entity;
 
 use Doctrine\ORM\Mapping as ORM;
 use Doctrine\Common\Collections\ArrayCollection;
-use Symfony\Component\Validator\Constraints as Assert;
 
 abstract class Role
 {
@@ -13,19 +12,18 @@ abstract class Role
     /**
      * @ORM\Id
      * @ORM\Column(type="string", length=80)
-     * @Assert\NotBlank()
      */
     protected $id;
 
     /**
      * @ORM\Column(type="string", length=80)
-     * @Assert\NotBlank()
      */
     protected $name;
 
-    // annotation should be in the extending class
+    // NOTE: annotation should be in the child class
     protected $users;
 
+    // array of permissions this role has access to
     /**
      * @ORM\Column(type="json_array")
      */
@@ -78,7 +76,6 @@ abstract class Role
         return false;
     }
 
-    // TODO: shift out ACL stuff to its own class
     public function clearACLAttributes()
     {
         $this->acl_attributes = [];
diff --git a/catalyst/auth-bundle/Entity/User.php b/catalyst/auth-bundle/Entity/User.php
index ad05fb16..139a6823 100644
--- a/catalyst/auth-bundle/Entity/User.php
+++ b/catalyst/auth-bundle/Entity/User.php
@@ -2,9 +2,17 @@
 
 namespace Catalyst\AuthBundle\Entity;
 
+use Doctrine\ORM\Mapping as ORM;
+
+// base User class
 abstract class User
 {
+	// NOTE: doctrine annotations for roles have to be declared on the child class
     protected $roles;
+
+	/**
+	 * @ORM\Column(type="boolean")
+	 */
     protected $enabled;
 
     public function __construct()
@@ -13,6 +21,7 @@ abstract class User
         $this->enabled = true;
     }
 
+    // array of string roles, needed by symfony
     public function getRoles()
     {
         $str_roles = [];
diff --git a/catalyst/auth-bundle/Service/Generator.php b/catalyst/auth-bundle/Service/Generator.php
index f79c736e..2d567d46 100644
--- a/catalyst/auth-bundle/Service/Generator.php
+++ b/catalyst/auth-bundle/Service/Generator.php
@@ -9,8 +9,7 @@ use Symfony\Component\Config\Resource\FileResource;
 
 use Symfony\Component\Routing\RouterInterface;
 
-// NOTES: This class is inherited by the API Bundle and the main site
-
+// NOTE: This class is inherited by the API Bundle and the main site
 abstract class Generator
 {
     protected $router;
diff --git a/catalyst/auth-bundle/Service/Voter.php b/catalyst/auth-bundle/Service/Voter.php
index 4346d094..9966aa7b 100644
--- a/catalyst/auth-bundle/Service/Voter.php
+++ b/catalyst/auth-bundle/Service/Voter.php
@@ -4,23 +4,33 @@ namespace Catalyst\AuthBundle\Service;
 
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;
+use Symfony\Component\Security\Core\Security;
 
-// NOTES: This class is inherited by the API Bundle and the main site
-
+// NOTE: This class is inherited by the API Bundle and the main site
 abstract class Voter extends BaseVoter
 {
     protected $acl_gen;
+    protected $user_class;
+    protected $security;
 
-    public function __construct(Generator $acl_gen)
+    public function __construct(Security $security, Generator $acl_gen, $user_class)
     {
         $this->acl_gen = $acl_gen;
+        $this->user_class = $user_class;
+        $this->security = $security;
     }
 
     protected function supports($attribute, $subject)
     {
-        $acl_data = $this->acl_gen->getACL();
+        // NOTE: we currently do not check for subject, we'll leave that to other voters
+
+        // check if it's using our user class
+        $user = $this->security->getUser();
+        if (!($user instanceof $this->user_class))
+            return false;
 
         // check if the attribute is in our acl key index
+        $acl_data = $this->acl_gen->getACL();
         if (isset($acl_data['index'][$attribute]))
             return true;
 
@@ -33,10 +43,8 @@ abstract class Voter extends BaseVoter
 
         // check if any of the user's roles have access
         $roles = $user->getRoleObjects();
-
         foreach ($roles as $role)
         {
-            // NOTE: ideally, we separate acl from the role object, but this will do for now
             if ($role->hasACLAccess($attribute))
                 return true;
         }
diff --git a/config/services.yaml b/config/services.yaml
index 10547ce6..37d413c0 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -51,6 +51,7 @@ services:
     App\Access\Voter:
         arguments:
             $acl_gen: "@App\\Access\\Generator"
+            $user_class: "App\\Entity\\User"
         tags: ['security.voter']
 
     App\Service\FileUploader:
@@ -108,6 +109,7 @@ services:
     Catalyst\APIBundle\Access\Voter:
         arguments:
             $acl_gen: "@Catalyst\\APIBundle\\Access\\Generator"
+            $user_class: "Catalyst\\APIBundle\\Entity\\User"
         tags: ['security.voter'] 
 
     Catalyst\APIBundle\Access\Generator:
diff --git a/src/Entity/Role.php b/src/Entity/Role.php
index 1da5efe4..38fcc0b2 100644
--- a/src/Entity/Role.php
+++ b/src/Entity/Role.php
@@ -20,4 +20,9 @@ class Role extends BaseRole
      * @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
      */
     protected $users;
+
+    public function __construct()
+    {
+        parent::__construct();
+    }
 }
diff --git a/src/Entity/User.php b/src/Entity/User.php
index ccb4ddc8..0a071957 100644
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -107,12 +107,12 @@ class User extends BaseUser implements AdvancedUserInterface, Serializable
 
     public function __construct()
     {
-        $this->roles = new ArrayCollection();
+        parent::__construct();
+
         $this->hubs = new ArrayCollection();
         $this->job_orders_created = new ArrayCollection();
         $this->job_orders_assigned = new ArrayCollection();
         $this->tickets = new ArrayCollection();
-        $this->enabled = true;
     }
 
     public function getID()