diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d22a031d4b..5dcfee07ca 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -22,7 +22,7 @@ class ApplicationController < ActionController::Base
 
   def authorize_web
     if session[:user]
-      self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
+      self.current_user = User.where(:id => session[:user], :status => %w[active confirmed suspended]).first
 
       if session[:fingerprint] &&
          session[:fingerprint] != current_user.fingerprint
diff --git a/app/models/trace.rb b/app/models/trace.rb
index 0b9877225b..35fee0bf4f 100644
--- a/app/models/trace.rb
+++ b/app/models/trace.rb
@@ -35,7 +35,7 @@ class Trace < ApplicationRecord
   has_many :points, :class_name => "Tracepoint", :foreign_key => "gpx_id", :dependent => :delete_all, :inverse_of => :trace
 
   scope :visible, -> { where(:visible => true) }
-  scope :visible_to, ->(u) { visible.where("visibility IN ('public', 'identifiable') OR user_id = ?", u) }
+  scope :visible_to, ->(u) { visible.where(:visibility => %w[public identifiable]).or(visible.where(:user => u)) }
   scope :visible_to_all, -> { where(:visibility => %w[public identifiable]) }
   scope :tagged, ->(t) { joins(:tags).where(:gpx_file_tags => { :tag => t }) }