diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -20,7 +20,7 @@
 
   def admin_authorization
     return false unless authenticate
-    user = User.find(session[:user_id], :include => ['roles'])
+    user = User.includes(:roles).find(session[:user_id])
     unless user.admin?
       unauthorized_redirect
       return false