diff --git a/app/controllers/api/v1/advisories_controller.rb b/app/controllers/api/v1/advisories_controller.rb
index e66610959..20d4f4d08 100644
--- a/app/controllers/api/v1/advisories_controller.rb
+++ b/app/controllers/api/v1/advisories_controller.rb
@@ -3,7 +3,7 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
   before_filter :authenticate_user!
   skip_before_filter :authenticate_user!, :only => [:index, :show] if APP_CONFIG['anonymous_access']
   load_resource :advisory, :find_by => :advisory_id
-  before_filter :find_build_list, :only => [:create, :update]
+  before_filter :find_and_authorize_build_list, :only => [:create, :update]
   authorize_resource :build_list, :only => [:create, :update]
 
   def index
@@ -16,8 +16,9 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
   end
 
   def create
-    @advisory = @build_list.build_and_associate_advisory(params[:advisory])
-    if can_attach? && @advisory.save && @build_list.save
+    if @build_list.can_attach? &&
+        @build_list.associate_and_create_advisory(params[:advisory]) &&
+        @build_list.save
       render_json_response @advisory, 'Advisory has been created successfully'
     else
       render_validation_error @advisory, error_message(@build_list, 'Advisory has not been created')
@@ -25,9 +26,8 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
   end
 
   def update
-    if @advisory && can_attach?
-        @advisory.attach_build_list(@build_list) &&
-        @advisory.save && @build_list.save
+    if @advisory && @build_list.can_attach? &&
+        @advisory.attach_build_list(@build_list) && @build_list.save
       render_json_response @advisory, "Build list '#{@build_list.id}' has been attached to advisory successfully"
     else
       render_validation_error @advisory, error_message(@build_list, 'Build list has not been attached to advisory')
@@ -36,15 +36,9 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
 
   protected
 
-  def find_build_list
+  def find_and_authorize_build_list
     @build_list = BuildList.find params[:build_list_id]
-  end
-
-  def can_attach?
-    !@build_list.save_to_repository.publish_without_qa &&
-      can?(:update, @build_list.save_to_platform) &&
-      @build_list.save_to_platform.released &&
-      @build_list.status == BuildList::BUILD_PUBLISHED
+    authorize! :update, @build_list.save_to_platform
   end
 
 end
diff --git a/app/controllers/projects/build_lists_controller.rb b/app/controllers/projects/build_lists_controller.rb
index c066be64c..08788ebd9 100644
--- a/app/controllers/projects/build_lists_controller.rb
+++ b/app/controllers/projects/build_lists_controller.rb
@@ -196,14 +196,13 @@ class Projects::BuildListsController < Projects::BaseController
 
       if params[:attach_advisory] == 'new'
         # create new advisory
-        advisory = @build_list.build_and_associate_advisory(params[:build_list][:advisory])
-        unless advisory.save
+        unless @build_list.associate_and_create_advisory(params[:build_list][:advisory])
           redirect_to :back, :notice => t('layout.build_lists.publish_fail') and return
         end
       else
         # attach existing advisory
-        a = Advisory.where(:advisory_id => params[:attach_advisory]).limit(1).first
-        if !(a && a.attach_build_list(@build_list) && a.save)
+        a = Advisory.where(:advisory_id => params[:attach_advisory]).first
+        unless (a && a.attach_build_list(@build_list))
           redirect_to :back, :notice => t('layout.build_lists.publish_fail') and return
         end
       end
diff --git a/app/models/advisory.rb b/app/models/advisory.rb
index 50c667ff8..951a8ec8c 100644
--- a/app/models/advisory.rb
+++ b/app/models/advisory.rb
@@ -26,7 +26,7 @@ class Advisory < ActiveRecord::Base
     self.platforms  << build_list.save_to_platform unless platforms.include? build_list.save_to_platform
     self.projects   << build_list.project unless projects.include? build_list.project
     build_list.advisory = self
-    true
+    save
   end
 
   # this method fetches and structurize packages attached to current advisory.
diff --git a/app/models/build_list.rb b/app/models/build_list.rb
index 1540a3842..583448079 100644
--- a/app/models/build_list.rb
+++ b/app/models/build_list.rb
@@ -303,12 +303,15 @@ class BuildList < ActiveRecord::Base
     #[WAITING_FOR_RESPONSE, BuildServer::BUILD_PENDING, BuildServer::BUILD_STARTED].include?(status)
   end
 
-  def build_and_associate_advisory(params)
-    build_advisory(params) do |a|
-      a.update_type = update_type
-      a.projects   << project
-      a.platforms  << save_to_platform unless a.platforms.include? save_to_platform
-    end
+  def associate_and_create_advisory(params)
+    build_advisory(params){ |a| a.update_type = update_type }
+    advisory.attach_build_list(self)
+  end
+
+  def can_attach?
+    !save_to_repository.publish_without_qa &&
+      save_to_platform.released &&
+      status == BUILD_PUBLISHED
   end
 
   protected