diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php
index 8ae65eb44..d1bd9cac2 100644
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@@ -956,8 +956,7 @@ class ApiV1Controller extends Controller
      */
     public function accountRelationshipsById(Request $request)
     {
-        abort_if(!$request->user() || !$request->user()->token(), 403);
-        abort_unless($request->user()->tokenCan('read'), 403);
+        abort_if(!$request->user(), 403);
 
         $this->validate($request, [
             'id'    => 'required|array|min:1|max:20',
diff --git a/app/Http/Controllers/ComposeController.php b/app/Http/Controllers/ComposeController.php
index e17a37fd7..36bd5a66c 100644
--- a/app/Http/Controllers/ComposeController.php
+++ b/app/Http/Controllers/ComposeController.php
@@ -260,6 +260,8 @@ class ComposeController extends Controller
             $q = mb_substr($q, 1);
         }
 
+        $user = $request->user();
+
         abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
 
         $blocked = UserFilter::whereFilterableType('App\Profile')