diff --git a/lib/cancan/controller_resource.rb b/lib/cancan/controller_resource.rb
index 373a81c..c8467ae 100644
--- a/lib/cancan/controller_resource.rb
+++ b/lib/cancan/controller_resource.rb
@@ -26,7 +26,7 @@ module CanCan
     end
 
     def load_resource
-      if parent? || member_action?
+      if load_instance?
         self.resource_instance ||= load_resource_instance
       elsif load_collection?
         self.collection_instance ||= load_collection
@@ -51,9 +51,12 @@ module CanCan
       end
     end
 
+    def load_instance?
+      parent? || member_action?
+    end
+
     def load_collection?
-      resource_base.respond_to?(:accessible_by) &&
-      !current_ability.has_block?(authorization_action, resource_class)
+      resource_base.respond_to?(:accessible_by) && !current_ability.has_block?(authorization_action, resource_class)
     end
 
     def load_collection
@@ -116,7 +119,7 @@ module CanCan
     end
 
     def resource_instance
-      @controller.instance_variable_get("@#{instance_name}")
+      @controller.instance_variable_get("@#{instance_name}") if load_instance?
     end
 
     def collection_instance=(instance)
diff --git a/spec/cancan/controller_resource_spec.rb b/spec/cancan/controller_resource_spec.rb
index 562e739..0989d44 100644
--- a/spec/cancan/controller_resource_spec.rb
+++ b/spec/cancan/controller_resource_spec.rb
@@ -91,6 +91,22 @@ describe CanCan::ControllerResource do
     @controller.instance_variable_defined?(:@projects).should be_false
   end
 
+  it "should not authorize single resource in collection action" do
+    @params[:action] = "index"
+    @controller.instance_variable_set(:@project, :some_project)
+    stub(@controller).authorize!(:index, Project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
+  it "should authorize parent resource in collection action" do
+    @params[:action] = "index"
+    @controller.instance_variable_set(:@category, :some_category)
+    stub(@controller).authorize!(:read, :some_category) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
   it "should perform authorization using controller action and loaded model" do
     @params[:action] = "show"
     @controller.instance_variable_set(:@project, :some_project)