diff --git a/data/model/legacy.py b/data/model/legacy.py
index 46a81bf67..a62c1c1d5 100644
--- a/data/model/legacy.py
+++ b/data/model/legacy.py
@@ -750,9 +750,13 @@ def get_organization_team_member_invites(teamid):
 
 def get_organization_member_set(orgname):
   Org = User.alias()
-  user_teams = User.select(User.username).join(TeamMember).join(Team)
-  with_org = user_teams.join(Org, on=(Org.username == orgname))
-  return {user.username for user in with_org}
+  org_users = (User.select(User.username)
+               .join(TeamMember)
+               .join(Team)
+               .join(Org, on=(Org.id == Team.organization))
+               .where(Org.username == orgname)
+               .distinct())
+  return {user.username for user in org_users}
 
 
 def get_teams_within_org(organization):
diff --git a/test/test_api_usage.py b/test/test_api_usage.py
index 435f8beb7..ab3a4a239 100644
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@@ -1611,14 +1611,38 @@ class TestListAndDeleteTag(ApiTestCase):
 
 
 class TestRepoPermissions(ApiTestCase):
-  def listUserPermissions(self):
+  def listUserPermissions(self, namespace=ADMIN_ACCESS_USER, repo='simple'):
     return self.getJsonResponse(RepositoryUserPermissionList,
-                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))['permissions']
+                                params=dict(repository=namespace + '/' + repo))['permissions']
 
   def listTeamPermissions(self):
     return self.getJsonResponse(RepositoryTeamPermissionList,
                                 params=dict(repository=ORGANIZATION + '/' + ORG_REPO))['permissions']
 
+  def test_userpermissions_underorg(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    permissions = self.listUserPermissions(namespace=ORGANIZATION, repo=ORG_REPO)
+
+    self.assertEquals(1, len(permissions))
+    assert 'outsideorg' in permissions
+    self.assertEquals('read', permissions['outsideorg']['role'])
+    self.assertEquals(False, permissions['outsideorg']['is_org_member'])
+
+    # Add another user.
+    self.putJsonResponse(RepositoryUserPermission,
+                         params=dict(repository=ORGANIZATION + '/' + ORG_REPO, username=ADMIN_ACCESS_USER),
+                         data=dict(role='admin'))
+
+    # Verify the user is present.
+    permissions = self.listUserPermissions(namespace=ORGANIZATION, repo=ORG_REPO)
+
+    self.assertEquals(2, len(permissions))
+    assert ADMIN_ACCESS_USER in permissions
+    self.assertEquals('admin', permissions[ADMIN_ACCESS_USER]['role'])
+    self.assertEquals(True, permissions[ADMIN_ACCESS_USER]['is_org_member'])
+
+
   def test_userpermissions(self):
     self.login(ADMIN_ACCESS_USER)
 
@@ -1628,6 +1652,7 @@ class TestRepoPermissions(ApiTestCase):
     self.assertEquals(1, len(permissions))
     assert ADMIN_ACCESS_USER in permissions
     self.assertEquals('admin', permissions[ADMIN_ACCESS_USER]['role'])
+    self.assertFalse('is_org_member' in permissions[ADMIN_ACCESS_USER])
 
     # Add another user.
     self.putJsonResponse(RepositoryUserPermission,
@@ -1640,6 +1665,7 @@ class TestRepoPermissions(ApiTestCase):
     self.assertEquals(2, len(permissions))
     assert NO_ACCESS_USER in permissions
     self.assertEquals('read', permissions[NO_ACCESS_USER]['role'])
+    self.assertFalse('is_org_member' in permissions[NO_ACCESS_USER])
 
     json = self.getJsonResponse(RepositoryUserPermission,
                                 params=dict(repository=ADMIN_ACCESS_USER + '/simple', username=NO_ACCESS_USER))