Can't get CanCan to restrict view of appointments

So I got CanCan and Devise working well. I have two types of users:
Admins and Nonadmins. Admins can view ALL appointments from the same
Account or Organization.

The problem is, every user (either Admin or Nonadmin) belongs to an
Account or Organization. Admins should only be able to view appointments
their own Account or Organization.

Can’t get it to do it.

Every appointment has an account_id
Every user has an account_id

So this is what I have on ABILITY.RB

can :read, Appointment do |appointment|
appointment.try(:account_id) == user.account_id

But I keep on watching Appointments of OTHER ACCOUNTS on the INDEX.