I am working on a centralized authorization framework. I have models for: App, Permission, and Role. In app.rb: has_many :admins, :through => :permissions, :source => :user, :include => :roles, :conditions => [''roles.app_admin = ?'', true] The above defines which users are administrators for apps, via the boolean that''s part of a Role under the App. This works fine standalone, by just obtaining @app.admins. What is broken is when I do something like: App.find(54).admins.include?(User.find_by_login(''jdoe'')) I get: ActiveRecord::StatementInvalid: SQLite3::SQLException: ambiguous column name: permissions.user_id: SELECT DISTINCT "users".id FROM "users" LEFT OUTER JOIN "permissions" ON ("users"."id" = "permissions"."user_id") LEFT OUTER JOIN "roles" ON ("roles"."id" = "permissions"."role_id") INNER JOIN "permissions" ON "users".id = "permissions".user_id WHERE ("users"."id" = 1399) AND (("permissions".app_id = 54) AND ((roles.app_admin = ''t''))) LIMIT 1 Rails is joining users.id to permissions.id twice and SQL thus barfs. Can anyone help me determine why? It seems to be something related to running include? along with this specific type of model relationship. I know I can workaround it with the collect method or such but the SQL is not nearly as efficient. Thank you! -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.