diff --git a/vendor/plugins/access_control/lib/permission_check.rb b/vendor/plugins/access_control/lib/permission_check.rb
index 236332b..16fff96 100644
--- a/vendor/plugins/access_control/lib/permission_check.rb
+++ b/vendor/plugins/access_control/lib/permission_check.rb
@@ -19,7 +19,7 @@ module PermissionCheck
       before_filter actions do |c|
           target = target_method.kind_of?(Symbol) ? c.send(target_method) : target_method
           accessor = accessor_method.kind_of?(Symbol) ? c.send(accessor_method) : accessor_method
-          unless accessor && accessor.has_permission?(permission.to_s, target)
+          unless Array.wrap(permission).map {|p| accessor && accessor.has_permission?(p.to_s, target)}.any?
             c.class.render_access_denied(c) && false
           end
       end
diff --git a/vendor/plugins/access_control/test/permission_check_test.rb b/vendor/plugins/access_control/test/permission_check_test.rb
index b7480a4..81b84fc 100644
--- a/vendor/plugins/access_control/test/permission_check_test.rb
+++ b/vendor/plugins/access_control/test/permission_check_test.rb
@@ -28,9 +28,20 @@ class PermissionCheckTest < ActionController::TestCase
   end
 
   def test_try_render_shared_access_denied_view
-    File.expects(:exists?).with(File.join(Rails.root, 'app', 'views', 'access_control', 'access_denied.rhtml'))
-    File.expects(:exists?).with(File.join(Rails.root, 'app', 'views', 'shared', 'access_denied.rhtml'))
+    File.expects(:exists?).with(File.join(Rails.root, 'app', 'views', 'access_control', 'access_denied.html.erb'))
+    File.expects(:exists?).with(File.join(Rails.root, 'app', 'views', 'shared', 'access_denied.html.erb'))
     AccessControlTestController.access_denied_template_path
   end
 
+  def test_allow_access_to_user_with_one_of_multiple_permissions
+    user = AccessControlTestAccessor.create!(:name => 'other_user')
+    role = Role.create!(:name => 'other_role', :permissions => ['permission1'])
+    resource = AccessControlTestResource.create!(:name => 'some_resource')
+    assert user.add_role(role, resource)
+    assert user.has_permission?('permission1', resource)
+
+    get :stuff_with_multiple_permission, :user => user.id, :resource => resource.id
+    assert_response :success
+  end
+
 end
diff --git a/vendor/plugins/access_control/test/test_helper.rb b/vendor/plugins/access_control/test/test_helper.rb
index cacf278..08ba036 100644
--- a/vendor/plugins/access_control/test/test_helper.rb
+++ b/vendor/plugins/access_control/test/test_helper.rb
@@ -41,6 +41,8 @@ class AccessControlTestController < ApplicationController
   include PermissionCheck
   protect 'see_index', 'global', :user,  :only => :index
   protect 'do_some_stuff', :resource, :user, :only => :other_stuff
+  protect ['permission1', 'permission2'], :resource, :user, :only => :stuff_with_multiple_permission
+
   def index
      render :text => 'test controller'
   end
@@ -49,6 +51,10 @@ class AccessControlTestController < ApplicationController
     render :text => 'test stuff'
   end
 
+  def stuff_with_multiple_permission
+    render :text => 'multiple permission'
+  end
+
 protected
   def user
     AccessControlTestAccessor.find(params[:user]) if params[:user]
--
libgit2 0.21.2