diff --git a/pillar/application/modules/projects.py b/pillar/application/modules/projects.py
index d259d5e3..ef1677d9 100644
--- a/pillar/application/modules/projects.py
+++ b/pillar/application/modules/projects.py
@@ -392,6 +392,11 @@ def project_node_type_has_method(response):
                       check_node_type=node_type_name)
 
 
+def projects_node_type_has_method(response):
+    for project in response['_items']:
+        project_node_type_has_method(project)
+
+
 def setup_app(app, url_prefix):
     app.on_replace_projects += override_is_private_field
     app.on_replace_projects += before_edit_check_permissions
@@ -407,5 +412,6 @@ def setup_app(app, url_prefix):
     app.on_fetched_item_projects += before_returning_project_permissions
     app.on_fetched_resource_projects += before_returning_project_resource_permissions
     app.on_fetched_item_projects += project_node_type_has_method
+    app.on_fetched_resource_projects += projects_node_type_has_method
 
     app.register_blueprint(blueprint, url_prefix=url_prefix)
diff --git a/pillar/application/utils/authorization.py b/pillar/application/utils/authorization.py
index 053d6bf3..4490a586 100644
--- a/pillar/application/utils/authorization.py
+++ b/pillar/application/utils/authorization.py
@@ -70,7 +70,13 @@ def check_permissions(collection_name, resource, method, append_allowed_methods=
     if permission_granted:
         if append_allowed_methods:
             # TODO: rename this field _allowed_methods
-            resource['allowed_methods'] = list(set(allowed_methods))
+            if check_node_type:
+                node_type = next((node_type for node_type in resource['node_types']
+                                  if node_type['name'] == check_node_type))
+                assign_to = node_type
+            else:
+                assign_to = resource
+            assign_to['allowed_methods'] = list(set(allowed_methods))
         return
 
     abort(403)