diff --git a/services/web/app/coffee/Features/Authorization/AuthorizationManager.coffee b/services/web/app/coffee/Features/Authorization/AuthorizationManager.coffee
index 81d62c8b8e..db49881bbf 100644
--- a/services/web/app/coffee/Features/Authorization/AuthorizationManager.coffee
+++ b/services/web/app/coffee/Features/Authorization/AuthorizationManager.coffee
@@ -1,6 +1,8 @@
 CollaboratorsHandler = require("../Collaborators/CollaboratorsHandler")
 Project = require("../../models/Project").Project
 User = require("../../models/User").User
+PrivilegeLevels = require("./PrivilegeLevels")
+PublicAccessLevels = require("./PublicAccessLevels")
 
 module.exports = AuthorizationManager =
 	# Get the privilege level that the user has for the project
@@ -12,17 +14,19 @@ module.exports = AuthorizationManager =
 		getPublicAccessLevel = () ->
 			Project.findOne { _id: project_id }, { publicAccesLevel: 1 }, (error, project) ->
 				return callback(error) if error?
-				if project.publicAccesLevel in ["readOnly", "readAndWrite"]
-					return callback null, project.publicAccesLevel, true
+				if project.publicAccesLevel == PublicAccessLevels.READ_ONLY
+					return callback null, PrivilegeLevels.READ_ONLY
+				else if project.publicAccesLevel == PublicAccessLevels.READ_AND_WRITE
+					return callback null, PrivilegeLevels.READ_AND_WRITE, true
 				else
-					return callback null, false, false
+					return callback null, PrivilegeLevels.NONE, false
 		
 		if !user_id?
 			getPublicAccessLevel()
 		else
 			CollaboratorsHandler.getMemberIdPrivilegeLevel user_id, project_id, (error, privilegeLevel) ->
 				return callback(error) if error?
-				if privilegeLevel? and privilegeLevel
+				if privilegeLevel? and privilegeLevel != PrivilegeLevels.NONE
 					# The user has direct access
 					callback null, privilegeLevel, false
 				else
@@ -31,19 +35,19 @@ module.exports = AuthorizationManager =
 	canUserReadProject: (user_id, project_id, callback = (error, canRead) ->) ->
 		AuthorizationManager.getPrivilegeLevelForProject user_id, project_id, (error, privilegeLevel) ->
 			return callback(error) if error?
-			return callback null, (privilegeLevel in ["owner", "readAndWrite", "readOnly"])
+			return callback null, (privilegeLevel in [PrivilegeLevels.OWNER, PrivilegeLevels.READ_AND_WRITE, PrivilegeLevels.READ_ONLY])
 		
 	canUserWriteProjectContent: (user_id, project_id, callback = (error, canWriteContent) ->) ->
 		AuthorizationManager.getPrivilegeLevelForProject user_id, project_id, (error, privilegeLevel) ->
 			return callback(error) if error?
-			return callback null, (privilegeLevel in ["owner", "readAndWrite"])
+			return callback null, (privilegeLevel in [PrivilegeLevels.OWNER, PrivilegeLevels.READ_AND_WRITE])
 		
 	canUserWriteProjectSettings: (user_id, project_id, callback = (error, canWriteSettings) ->) ->
 		AuthorizationManager.getPrivilegeLevelForProject user_id, project_id, (error, privilegeLevel, becausePublic) ->
 			return callback(error) if error?
-			if privilegeLevel == "owner"
+			if privilegeLevel == PrivilegeLevels.OWNER
 				return callback null, true
-			else if privilegeLevel == "readAndWrite" and !becausePublic
+			else if privilegeLevel == PrivilegeLevels.READ_AND_WRITE and !becausePublic
 				return callback null, true
 			else
 				return callback null, false
@@ -51,7 +55,7 @@ module.exports = AuthorizationManager =
 	canUserAdminProject: (user_id, project_id, callback = (error, canAdmin) ->) ->
 		AuthorizationManager.getPrivilegeLevelForProject user_id, project_id, (error, privilegeLevel) ->
 			return callback(error) if error?
-			return callback null, (privilegeLevel == "owner")
+			return callback null, (privilegeLevel == PrivilegeLevels.OWNER)
 	
 	isUserSiteAdmin: (user_id, callback = (error, isAdmin) ->) ->
 		if !user_id?
diff --git a/services/web/app/coffee/Features/Authorization/PrivilegeLevels.coffee b/services/web/app/coffee/Features/Authorization/PrivilegeLevels.coffee
new file mode 100644
index 0000000000..682ae08a02
--- /dev/null
+++ b/services/web/app/coffee/Features/Authorization/PrivilegeLevels.coffee
@@ -0,0 +1,5 @@
+module.exports =
+	NONE: false
+	READ_ONLY: "readOnly"
+	READ_AND_WRITE: "readAndWrite"
+	OWNER: "owner"
\ No newline at end of file
diff --git a/services/web/app/coffee/Features/Authorization/PublicAccessLevels.coffee b/services/web/app/coffee/Features/Authorization/PublicAccessLevels.coffee
new file mode 100644
index 0000000000..8e63a64a33
--- /dev/null
+++ b/services/web/app/coffee/Features/Authorization/PublicAccessLevels.coffee
@@ -0,0 +1,4 @@
+module.exports =
+	READ_ONLY: "readOnly"
+	READ_AND_WRITE: "readAndWrite"
+	PRIVATE: "private"
\ No newline at end of file
diff --git a/services/web/app/coffee/Features/Collaborators/CollaboratorsHandler.coffee b/services/web/app/coffee/Features/Collaborators/CollaboratorsHandler.coffee
index 7f0cd6ebca..cb6459c85f 100644
--- a/services/web/app/coffee/Features/Collaborators/CollaboratorsHandler.coffee
+++ b/services/web/app/coffee/Features/Collaborators/CollaboratorsHandler.coffee
@@ -6,6 +6,7 @@ UserGetter = require "../User/UserGetter"
 ContactManager = require "../Contacts/ContactManager"
 CollaboratorsEmailHandler = require "./CollaboratorsEmailHandler"
 async = require "async"
+PrivilegeLevels = require "../Authorization/PrivilegeLevels"
 
 module.exports = CollaboratorsHandler =
 	getMemberIdsWithPrivilegeLevels: (project_id, callback = (error, members) ->) ->
@@ -13,11 +14,11 @@ module.exports = CollaboratorsHandler =
 			return callback(error) if error?
 			return callback null, null if !project?
 			members = []
-			members.push { id: project.owner_ref.toString(), privilegeLevel: "owner" }
+			members.push { id: project.owner_ref.toString(), privilegeLevel: PrivilegeLevels.OWNER }
 			for member_id in project.readOnly_refs or []
-				members.push { id: member_id.toString(), privilegeLevel: "readOnly" }
+				members.push { id: member_id.toString(), privilegeLevel: PrivilegeLevels.READ_ONLY }
 			for member_id in project.collaberator_refs or []
-				members.push { id: member_id.toString(), privilegeLevel: "readAndWrite" }
+				members.push { id: member_id.toString(), privilegeLevel: PrivilegeLevels.READ_AND_WRITE }
 			return callback null, members
 	
 	getMemberIds: (project_id, callback = (error, member_ids) ->) ->
@@ -43,7 +44,7 @@ module.exports = CollaboratorsHandler =
 			for member in members
 				if member.id == user_id?.toString()
 					return callback null, member.privilegeLevel
-			return callback null, false
+			return callback null, PrivilegeLevels.NONE
 	
 	getMemberCount: (project_id, callback = (error, count) ->) ->
 		CollaboratorsHandler.getMemberIdsWithPrivilegeLevels project_id, (error, members) ->
@@ -100,10 +101,10 @@ module.exports = CollaboratorsHandler =
 			if existing_users.indexOf(user_id.toString()) > -1
 				return callback null # User already in Project
 				
-			if privilegeLevel == 'readAndWrite'
+			if privilegeLevel == PrivilegeLevels.READ_AND_WRITE
 				level = {"collaberator_refs":user_id}
 				logger.log {privileges: "readAndWrite", user_id, project_id}, "adding user"
-			else if privilegeLevel == 'readOnly'
+			else if privilegeLevel == PrivilegeLevels.READ_ONLY
 				level = {"readOnly_refs":user_id}
 				logger.log {privileges: "readOnly", user_id, project_id}, "adding user"
 			else
diff --git a/services/web/app/coffee/Features/Project/ProjectController.coffee b/services/web/app/coffee/Features/Project/ProjectController.coffee
index 4e1a6acf2c..d6a3e69ce4 100644
--- a/services/web/app/coffee/Features/Project/ProjectController.coffee
+++ b/services/web/app/coffee/Features/Project/ProjectController.coffee
@@ -17,6 +17,7 @@ fs = require "fs"
 InactiveProjectManager = require("../InactiveData/InactiveProjectManager")
 ProjectUpdateHandler = require("./ProjectUpdateHandler")
 ProjectGetter = require("./ProjectGetter")
+PrivilegeLevels = require("../Authorization/PrivilegeLevels")
 
 module.exports = ProjectController =
 
@@ -226,7 +227,7 @@ module.exports = ProjectController =
 
 			AuthorizationManager.getPrivilegeLevelForProject user_id, project_id, (error, privilegeLevel)->
 				return next(error) if error?
-				if !privilegeLevel
+				if !privilegeLevel? or privilegeLevel == PrivilegeLevels.NONE
 					return res.sendStatus 401
 
 				if subscription? and subscription.freeTrial? and subscription.freeTrial.expiresAt?
diff --git a/services/web/app/coffee/Features/Project/ProjectDetailsHandler.coffee b/services/web/app/coffee/Features/Project/ProjectDetailsHandler.coffee
index a0f8cca509..80eb67d88e 100644
--- a/services/web/app/coffee/Features/Project/ProjectDetailsHandler.coffee
+++ b/services/web/app/coffee/Features/Project/ProjectDetailsHandler.coffee
@@ -4,6 +4,7 @@ Project = require('../../models/Project').Project
 logger = require("logger-sharelatex")
 tpdsUpdateSender = require '../ThirdPartyDataStore/TpdsUpdateSender'
 _ = require("underscore")
+PublicAccessLevels = require("../Authorization/PublicAccessLevels")
 
 module.exports = 
 
@@ -49,6 +50,6 @@ module.exports =
 
 	setPublicAccessLevel : (project_id, newAccessLevel, callback = ->)->
 		logger.log project_id: project_id, level: newAccessLevel, "set public access level"
-		if project_id? && newAccessLevel? and _.include ['readOnly', 'readAndWrite', 'private'], newAccessLevel
+		if project_id? && newAccessLevel? and _.include [PublicAccessLevels.READ_ONLY, PublicAccessLevels.READ_AND_WRITE, PublicAccessLevels.PRIVATE], newAccessLevel
 			Project.update {_id:project_id},{publicAccesLevel:newAccessLevel}, (err)->
 				callback()
\ No newline at end of file