Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Rails 3: Sessions don't respect parent scope (Authenticates many) #163

JamieAppleseed opened this Issue · 5 comments

3 participants


I have three models: account, person and person_session. I'm using authenticates_many in the account, and acts_as_authentic has a validation_scope set to :account_id.

However, when I do the following in PersonSessionsController:

def create
    @person_session =[:person_session])

The actual query that's run against the person table is:

Person Load (0.3ms)  SELECT `people`.* FROM `people` WHERE (LOWER(`people`.email) = '') LIMIT 1

There's no account_id clause to be found here.. everything else is working fine, except that I can sign in to any user on any account, despite the scope.

I'm running on Authlogic 2.1.6 and Rails 3.0.0.rc


I think it's the :find_options.. people are having problems with them in Rails 3. If I manually set ..

:find_options => { :conditions => { :account_id => 4 } }

.. then it is scoped correctly. However, works against the Account class, not the instance, so I don't really know how to set the account_id dynamically..

Any suggestions?


See which I post a potential workaround. Hopefully someone can improve on it.


I have the same problem. Why not push the solution to the master or make a pull request?


a pull request was already submitted by releod. And the alternative solution posted by tsommer doesn't require a code change in authlogic.


This forked repo has resolved all problems, bugs and deprecations in the branch rails3:


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.