diff --git a/mayan/apps/rest_api/filters.py b/mayan/apps/rest_api/filters.py
index c9eda7256d..345e12b3c3 100644
--- a/mayan/apps/rest_api/filters.py
+++ b/mayan/apps/rest_api/filters.py
@@ -10,11 +10,13 @@ from permissions.models import Permission
 
 class MayanObjectPermissionsFilter(BaseFilterBackend):
     def filter_queryset(self, request, queryset, view):
-        if hasattr(view, 'mayan_object_permissions'):
+        required_permission = getattr(view, 'mayan_object_permissions', {}).get(request.method, None)
+
+        if required_permission:
             try:
-                Permission.objects.check_permissions(request.user, view.mayan_object_permissions)
+                Permission.objects.check_permissions(request.user, required_permission)
             except PermissionDenied:
-                return AccessEntry.objects.filter_objects_by_access(view.mayan_object_permissions[0], request.user, queryset)
+                return AccessEntry.objects.filter_objects_by_access(required_permission[0], request.user, queryset)
             else:
                 return queryset
         else:
diff --git a/mayan/apps/rest_api/permissions.py b/mayan/apps/rest_api/permissions.py
index 4d142b3cac..5e6c1bcaec 100644
--- a/mayan/apps/rest_api/permissions.py
+++ b/mayan/apps/rest_api/permissions.py
@@ -10,9 +10,11 @@ from permissions.models import Permission
 
 class MayanPermission(BasePermission):
     def has_permission(self, request, view):
-        if hasattr(view, 'mayan_view_permissions'):
+        required_permission = getattr(view, 'mayan_view_permissions', {}).get(request.method, None)
+
+        if required_permission:
             try:
-                Permission.objects.check_permissions(request.user, view.mayan_view_permissions)
+                Permission.objects.check_permissions(request.user, required_permission)
             except PermissionDenied:
                 return False
             else:
@@ -21,15 +23,17 @@ class MayanPermission(BasePermission):
             return True
 
     def has_object_permission(self, request, view, obj):
-        if hasattr(view, 'mayan_object_permissions'):
+        required_permission = getattr(view, 'mayan_object_permissions', {}).get(request.method, None)
+
+        if required_permission:
             try:
-                Permission.objects.check_permissions(request.user, view.mayan_object_permissions)
+                Permission.objects.check_permissions(request.user, required_permission)
             except PermissionDenied:
                 try:
                     if hasattr(view, 'mayan_permission_attribute_check'):
-                        AccessEntry.objects.check_accesses(view.mayan_object_permissions, request.user, getattr(obj, view.mayan_permission_attribute_check))
+                        AccessEntry.objects.check_accesses(required_permission, request.user, getattr(obj, view.mayan_permission_attribute_check))
                     else:
-                        AccessEntry.objects.check_accesses(view.mayan_object_permissions, request.user, obj)
+                        AccessEntry.objects.check_accesses(required_permission, request.user, obj)
                 except PermissionDenied:
                     return False
                 else: