diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py
index de32fbae31..bb94c7baa0 100644
--- a/lib/main/models/__init__.py
+++ b/lib/main/models/__init__.py
@@ -2,6 +2,7 @@ from django.db import models
 from django.db.models import CASCADE, SET_NULL, PROTECT
 from django.utils.translation import ugettext_lazy as _
 from django.core.urlresolvers import reverse
+from django.contrib.auth.models import User
 import exceptions
 
 # TODO: jobs and events model TBD
@@ -52,8 +53,9 @@ class CommonModel(models.Model):
     def can_user_attach(cls, user, obj, sub_obj, relationship):
         ''' whether you can add sub_obj to obj using the relationship type in a subobject view '''
         if relationship in [ 'projects', 'admins', 'users' ]:
-            if not sub_obj.can_user_read(user, sub_obj):
-                return False
+            if type(sub_obj) != User:
+                if not sub_obj.can_user_read(user, sub_obj):
+                    return False
             rc = cls.can_user_administrate(user, obj)
             return rc
 
diff --git a/lib/main/tests.py b/lib/main/tests.py
index 14283745fe..88c12808d7 100644
--- a/lib/main/tests.py
+++ b/lib/main/tests.py
@@ -29,9 +29,7 @@ class BaseTest(django.test.TestCase):
         for x in range(0, count):
             self.object_ctr = self.object_ctr + 1
             results.append(Organization.objects.create(
-                name="org%s-%s" % (x, self.object_ctr), 
-                description="org%s" % x,
-                created_by=created_by
+                name="org%s-%s" % (x, self.object_ctr), description="org%s" % x, created_by=created_by
             ))
         return results
 
@@ -40,12 +38,8 @@ class BaseTest(django.test.TestCase):
         for x in range(0, count):
             self.object_ctr = self.object_ctr + 1
             results.append(Project.objects.create(
-                name="proj%s-%s" % (x, self.object_ctr), 
-                description="proj%s" % x, 
-                scm_type='git', 
-                default_playbook='foo.yml', 
-                local_repository='/checkout',
-                created_by=created_by
+                name="proj%s-%s" % (x, self.object_ctr), description="proj%s" % x, scm_type='git', 
+                default_playbook='foo.yml', local_repository='/checkout', created_by=created_by
             ))
         return results
 
@@ -330,7 +324,6 @@ class OrganizationsTest(BaseTest):
         projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
         self.assertEquals(projects1['count'], 5)
        
-        # FIXME: need to add tests for associating and disassocating from a non-priveledged acct 
         a_project = projects1['results'][-1]
         a_project['disassociate'] = 1
         projects1 = self.get(projects1_url, expect=200, auth=self.get_super_credentials())
@@ -354,7 +347,13 @@ class OrganizationsTest(BaseTest):
           
 
     def test_post_item_subobjects_users(self):
-        pass
+
+        url = '/api/v1/organizations/2/users/'
+        users = self.get(url, expect=200, auth=self.get_normal_credentials())
+        self.assertEqual(users['count'], 1)
+        self.post(url, dict(id=2), expect=204, auth=self.get_normal_credentials())
+        users = self.get(url, expect=200, auth=self.get_normal_credentials())
+        self.assertEqual(users['count'], 2)
 
     def test_post_item_subobjects_admins(self):
         pass