diff --git a/app/controllers/api/v1/Page.controller.js b/app/controllers/api/v1/Page.controller.js
index 7ed4dcc..a3133c1 100644
--- a/app/controllers/api/v1/Page.controller.js
+++ b/app/controllers/api/v1/Page.controller.js
@@ -65,7 +65,7 @@ class Page extends Controller {
         const user = req.user
         let { page } = req.form
 
-        const level = await page.access_level_for(req.user)
+        const level = await page.access_level_for(user)
 
         const version_num = req.body.version || req.query.version
         if ( version_num ) {
@@ -252,8 +252,6 @@ class Page extends Controller {
             }
         }
 
-        // console.log('updated nodes', updated_nodes)
-
         let delete_nodes = nodes
         for ( const node of updated_nodes ) {
             await node.version_save(`Contents saved in page "${page.Name}"`, req.user.id)
diff --git a/app/models/auth/User.model.js b/app/models/auth/User.model.js
index e9ed982..87d0b9a 100644
--- a/app/models/auth/User.model.js
+++ b/app/models/auth/User.model.js
@@ -83,6 +83,12 @@ class User extends AuthUser {
         const PublicUserPermission = this.models.get('auth:PublicUserPermission')
         return await PublicUserPermission.can(permission)
     }
+
+    allow(permission, force = false){
+        // Need to check super.can, since this.can is async.
+        // This will exclude public user permissions, which is the behavior we want anyway.
+        if ( !super.can(permission) || (force && !this.permissions.includes(permission)) ) this.permissions.push(permission)
+    }
 }