if user and not has_access(user, group, 'rw'):
            raise APIPermissionException('User {} does not have read-write access to group {}'.format(user, group_id))