diff --git a/app/models/permission.rb b/app/models/permission.rb
index 8db7801a..e10be7de 100644
--- a/app/models/permission.rb
+++ b/app/models/permission.rb
@@ -6,4 +6,5 @@ class Permission < ActiveRecord::Base
   validates_presence_of :user_id
   validates_presence_of :calendar_id
   validates_presence_of :role_id
+  validates_uniqueness_of :calendar_id, :scope => [:role_id, :user_id]
 end
diff --git a/db/migrate/20091020154940_add_unique_index_to_permissions.rb b/db/migrate/20091020154940_add_unique_index_to_permissions.rb
new file mode 100644
index 00000000..a2311b81
--- /dev/null
+++ b/db/migrate/20091020154940_add_unique_index_to_permissions.rb
@@ -0,0 +1,9 @@
+class AddUniqueIndexToPermissions < ActiveRecord::Migration
+  def self.up
+    add_index :permissions, [:user_id, :calendar_id, :role_id], :unique => true
+  end
+
+  def self.down
+    remove_index :permissions, [:user_id, :calendar_id, :role_id]
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 60d63e70..f0bc95fb 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20091012223503) do
+ActiveRecord::Schema.define(:version => 20091020154940) do
 
   create_table "calendars", :force => true do |t|
     t.column "name", :string, :null => false
@@ -53,6 +53,8 @@
     t.column "show_in_report", :boolean, :default => true, :null => false
   end
 
+  add_index "permissions", ["user_id", "calendar_id", "role_id"], :name => "index_permissions_on_user_id_and_calendar_id_and_role_id", :unique => true
+
   create_table "roles", :force => true do |t|
     t.column "name", :string
     t.column "created_at", :timestamp
diff --git a/spec/controllers/permissions_controller_spec.rb b/spec/controllers/permissions_controller_spec.rb
index de1b9df4..989415b5 100644
--- a/spec/controllers/permissions_controller_spec.rb
+++ b/spec/controllers/permissions_controller_spec.rb
@@ -116,11 +116,21 @@
     response.should be_redirect
   end
   
-  it 'should create a new permission for the current user and the given calendar' do
+  it "should create a new permission for the current user and the given calendar, if there isn't one already" do
+    conditions = {:calendar_id => @calendar.id, :user_id => @current_user.id, :role_id => @user.id}
+    Permission.destroy(Permission.find(:all, :conditions => conditions).collect{|p| p.id})
     @pcount = Permission.count
     get :subscribe, :calendar_id => @calendar.id
     Permission.count.should == @pcount + 1
-    Permission.find(:first, :conditions => {:calendar_id => @calendar.id, :user_id => @current_user.id, :role_id => @user.id}).should_not be_nil
+    Permission.find(:first, :conditions => conditions).should_not be_nil
+  end
+  
+  it "should not create a new permission if there's already one (at user level) for the current user and given calendar" do
+    opts = {:calendar_id => @calendar.id, :user_id => @current_user.id, :role_id => @user.id}
+    Permission.create opts
+    @pcount = Permission.count
+    get :subscribe, :calendar_id => @calendar.id
+    Permission.count.should == @pcount
   end
 end
 
diff --git a/spec/models/permission_spec.rb b/spec/models/permission_spec.rb
index 86854c15..c9ff9916 100644
--- a/spec/models/permission_spec.rb
+++ b/spec/models/permission_spec.rb
@@ -36,5 +36,19 @@
     @permission.role_id = nil
     @permission.should_not be_valid
   end
+  
+  it "should be unique across all three attributes" do
+    opts = Permission.plan
+    @one = Permission.new opts
+    @one.should be_valid
+    @one.save!
+    @two = Permission.new opts
+    @two.should_not be_valid
+    [:calendar_id, :user_id, :role_id].each do |attr|
+      @three = Permission.new opts
+      @three[attr] += 1
+      @three.should be_valid
+    end
+  end
 end