diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 5a7256d..b8f2d93 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -68,7 +68,7 @@ class UsersController < ApplicationController
     end
 
     # show projects based on current user visibility
-    @memberships = @user.memberships.where(Project.visible_condition(User.current)).to_a
+    @memberships = @user.memberships.preload(:roles, :project).where(Project.visible_condition(User.current)).to_a
 
     respond_to do |format|
       format.html {
diff --git a/app/models/principal.rb b/app/models/principal.rb
index f3e0a3d..faeaa14 100644
--- a/app/models/principal.rb
+++ b/app/models/principal.rb
@@ -28,8 +28,7 @@ class Principal < ActiveRecord::Base
 
   has_many :members, :foreign_key => 'user_id', :dependent => :destroy
   has_many :memberships,
-           lambda {preload(:project, :roles).
-                   joins(:project).
+           lambda {joins(:project).
                    where("#{Project.table_name}.status<>#{Project::STATUS_ARCHIVED}")},
            :class_name => 'Member',
            :foreign_key => 'user_id'
diff --git a/app/models/user.rb b/app/models/user.rb
index 0fc7405..5c429a2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -539,11 +539,15 @@ class User < Principal
     project_id = project.is_a?(Project) ? project.id : project
 
     @membership_by_project_id ||= Hash.new {|h, project_id|
-      h[project_id] = memberships.where(:project_id => project_id).first
+      h[project_id] = memberships.preload(:roles).where(:project_id => project_id).first
     }
     @membership_by_project_id[project_id]
   end
 
+  def roles
+    @roles ||= Role.joins(members: :project).where(["#{Project.table_name}.status <> ?", Project::STATUS_ARCHIVED]).where(Member.arel_table[:user_id].eq(id)).uniq
+  end
+
   # Returns the user's bult-in role
   def builtin_role
     @builtin_role ||= Role.non_member
@@ -584,7 +588,7 @@ class User < Principal
         end
       end
     end
-    
+
     hash.each do |role, projects|
       projects.uniq!
     end
@@ -653,9 +657,9 @@ class User < Principal
       return true if admin?
 
       # authorize if user has at least one role that has this permission
-      roles = memberships.collect {|m| m.roles}.flatten.uniq
-      roles << (self.logged? ? Role.non_member : Role.anonymous)
-      roles.any? {|role|
+      rls = roles.to_a
+      rls << builtin_role
+      rls.any? {|role|
         role.allowed_to?(action) &&
         (block_given? ? yield(role, self) : true)
       }
diff --git a/app/views/groups/show.api.rsb b/app/views/groups/show.api.rsb
index 15211f2..db9dadb 100644
--- a/app/views/groups/show.api.rsb
+++ b/app/views/groups/show.api.rsb
@@ -12,7 +12,7 @@ api.group do
   end if include_in_api_response?('users') && !@group.builtin?
 
   api.array :memberships do
-    @group.memberships.each do |membership|
+    @group.memberships.preload(:roles, :project).each do |membership|
       api.membership do
         api.id membership.id
         api.project :id => membership.project.id, :name => membership.project.name
@@ -22,7 +22,7 @@ api.group do
               attrs = {:id => member_role.role.id, :name => member_role.role.name}
               attrs.merge!(:inherited => true) if member_role.inherited_from.present?
               api.role attrs
-            end 
+            end
           end
         end
       end if membership.project