Rails 3: Sessions don't respect parent scope (Authenticates many) #163

JamieAppleseed opened this Issue Aug 15, 2010 · 5 comments


None yet

3 participants


I have three models: account, person and person_session. I'm using authenticates_many in the account, and acts_as_authentic has a validation_scope set to :account_id.

However, when I do the following in PersonSessionsController:

def create
    @person_session = current_account.person_sessions.build(params[:person_session])
    if @person_session.save  

The actual query that's run against the person table is:

Person Load (0.3ms)  SELECT `people`.* FROM `people` WHERE (LOWER(`people`.email) = 'your@email.com') LIMIT 1

There's no account_id clause to be found here.. everything else is working fine, except that I can sign in to any user on any account, despite the scope.

I'm running on Authlogic 2.1.6 and Rails 3.0.0.rc


I think it's the :find_options.. people are having problems with them in Rails 3. If I manually set ..

:find_options => { :conditions => { :account_id => 4 } }

.. then it is scoped correctly. However, Proc.new works against the Account class, not the instance, so I don't really know how to set the account_id dynamically..

Any suggestions?


See http://github.com/binarylogic/authlogic/issuesearch?state=open&q=authenticates_many#issue/135/comment/389183 which I post a potential workaround. Hopefully someone can improve on it.


I have the same problem. Why not push the solution to the master or make a pull request?


a pull request was already submitted by releod. And the alternative solution posted by tsommer https://github.com/binarylogic/authlogic/issuesearch?state=open&q=authenticates_many#issue/135/comment/676444 doesn't require a code change in authlogic.


This forked repo has resolved all problems, bugs and deprecations in the branch rails3:


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment