diff --git a/app/models/org.rb b/app/models/org.rb
index 960d2e1..dee239c 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -151,7 +151,7 @@
   end
 
   def grant_api!(token_permission_type)
-    org.token_permission_types << token_permission_type unless org.tokenpermission_types.include? token_permission_type
+    self.token_permission_types << token_permission_type unless self.token_permission_types.include? token_permission_type
   end
 
   private
diff --git a/lib/tasks/bugfix.rake b/lib/tasks/bugfix.rake
index 67ba32d..090407b 100644
--- a/lib/tasks/bugfix.rake
+++ b/lib/tasks/bugfix.rake
@@ -90,18 +90,21 @@
 
   desc "Allow Statistics API Usage for Org Admin Users"
   task stats_api_org_admin: :environment do
-    perms = Perm.where(name: ['modify_templates','modify_guidance','change_org_details','grant_permissions']).include(users: {org: :token_permission_types})
-    users = perms.map {|perm| perm.users}
-    users.flatten!.uniq!
-    orgs = users.map {|user| user.org}
-    orgs.uniq!
-    # ensure orgs have access to statistics controller
+    Rake::Task['bugfix:add_missing_token_permission_types'].execute
+    orgs = Org.where(is_other: nil)
     orgs.each do |org|
       org.grant_api!(TokenPermissionType::STATISTICS)
     end
-    # leave tokens intact
+    users = User.joins(:perms).where("org_id IN (?) AND (api_token IS NULL OR api_token = '')", orgs.collect(&:id))
     users.each do |user|
-      user.keep_or_generate_token!
+      if user.can_org_admin?
+        # Generate the tokens directly instead of via the User.keep_or_generate_token! method so that we do not spam users!!
+        user.api_token = loop do
+          random_token = SecureRandom.urlsafe_base64(nil, false)
+          break random_token unless User.exists?(api_token: random_token)
+        end
+        user.save!
+      end
     end
   end
 end