Can't get CanCan to restrict view of items

So I got CanCan and Devise working well. I have two types of users:
Admins and Nonadmins. Admins can view ALL appointments from the same
Account or Organization.

The problem is, every user (either Admin or Nonadmin) belongs to an
Account or Organization. Admins should only be able to view appointments
from
their own Account or Organization.

Can't get it to do it.

Every appointment has an account_id
Every user has an account_id

So this is what I have on ABILITY.RB