diff --git a/tailbone/auth.py b/tailbone/auth.py
index fe7c06d6..05c5515c 100644
--- a/tailbone/auth.py
+++ b/tailbone/auth.py
@@ -42,8 +42,8 @@ class TailboneAuthorizationPolicy(object):
         for userid in principals:
             if userid not in (Everyone, Authenticated):
                 user = Session.query(User).get(userid)
-                assert user
-                return has_permission(Session(), user, permission)
+                if user:
+                    return has_permission(Session(), user, permission)
         if Everyone in principals:
             return has_permission(Session(), None, permission)
         return False