diff --git a/api/base/permissions.py b/api/base/permissions.py
index 50081b28a9a..a6ab1403c05 100644
--- a/api/base/permissions.py
+++ b/api/base/permissions.py
@@ -8,7 +8,8 @@
 from framework.auth import oauth_scopes
 from framework.auth.cas import CasResponse
 
-from osf.models import ApiOAuth2Application, ApiOAuth2PersonalToken
+from osf.models import ApiOAuth2Application, ApiOAuth2PersonalToken, Preprint
+from osf.utils import permissions as osf_permissions
 from website.util.sanitize import is_iterable_but_not_string
 from api.base.utils import get_user_auth
 
@@ -172,4 +173,6 @@ def has_object_permission(self, request, view, obj):
         if request.method in permissions.SAFE_METHODS:
             return resource.is_public or resource.can_view(auth)
         else:
-            return resource.can_edit(auth.user)
+            if isinstance(resource, Preprint):
+                return resource.can_edit(auth.user)
+            return resource.has_permission(auth.user, osf_permissions.WRITE)