diff --git a/services/web/app/src/Features/Authorization/AuthorizationManager.js b/services/web/app/src/Features/Authorization/AuthorizationManager.js
index ee6e168b90..49e3af707e 100644
--- a/services/web/app/src/Features/Authorization/AuthorizationManager.js
+++ b/services/web/app/src/Features/Authorization/AuthorizationManager.js
@@ -1,5 +1,6 @@
 let AuthorizationManager
 const CollaboratorsGetter = require('../Collaborators/CollaboratorsGetter')
+const CollaboratorsHandler = require('../Collaborators/CollaboratorsHandler')
 const ProjectGetter = require('../Project/ProjectGetter')
 const { User } = require('../../models/User')
 const PrivilegeLevels = require('./PrivilegeLevels')
@@ -15,6 +16,32 @@ module.exports = AuthorizationManager = {
     )
   },
 
+  isRestrictedUserForProject(userId, projectId, callback) {
+    this.getPrivilegeLevelForProject(
+      userId,
+      projectId,
+      null,
+      (err, privilegeLevel) => {
+        if (err) {
+          return callback(err)
+        }
+        CollaboratorsHandler.userIsTokenMember(
+          userId,
+          projectId,
+          (err, isTokenMember) => {
+            if (err) {
+              return callback(err)
+            }
+            callback(
+              null,
+              this.isRestrictedUser(userId, privilegeLevel, isTokenMember)
+            )
+          }
+        )
+      }
+    )
+  },
+
   getPublicAccessLevel(projectId, callback) {
     if (!ObjectId.isValid(projectId)) {
       return callback(new Error('invalid project id'))
diff --git a/services/web/app/views/project/editor/editor.pug b/services/web/app/views/project/editor/editor.pug
index 31a4510cf4..6b5d4e1747 100644
--- a/services/web/app/views/project/editor/editor.pug
+++ b/services/web/app/views/project/editor/editor.pug
@@ -75,7 +75,8 @@ div.full-size(
 			line-height="settings.lineHeight || ui.defaultLineHeight"
 		)
 
-		include ./review-panel
+		if !isRestrictedTokenMember
+			include ./review-panel
 
 	.ui-layout-east
 		div(ng-if="ui.pdfLayout == 'sideBySide'")
diff --git a/services/web/test/unit/src/Authorization/AuthorizationManagerTests.js b/services/web/test/unit/src/Authorization/AuthorizationManagerTests.js
index 7055d2f58e..42e84f0c2c 100644
--- a/services/web/test/unit/src/Authorization/AuthorizationManagerTests.js
+++ b/services/web/test/unit/src/Authorization/AuthorizationManagerTests.js
@@ -28,6 +28,7 @@ describe('AuthorizationManager', function() {
       },
       requires: {
         '../Collaborators/CollaboratorsGetter': (this.CollaboratorsGetter = {}),
+        '../Collaborators/CollaboratorsHandler': (this.CollaboratorsHandler = {}),
         '../Project/ProjectGetter': (this.ProjectGetter = {}),
         '../../models/User': {
           User: (this.User = {})