diff --git a/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee b/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee
index a7a5a45ef4..c21e89a1fa 100644
--- a/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee
+++ b/services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee
@@ -4,8 +4,10 @@ UserMembershipHandler = require('./UserMembershipHandler')
 EntityConfigs = require('./UserMembershipEntityConfigs')
 Errors = require('../Errors/Errors')
 logger = require("logger-sharelatex")
+settings = require 'settings-sharelatex'
+request = require 'request'
 
-module.exports =
+module.exports = UserMembershipAuthorization =
 	requireTeamAccess: (req, res, next) ->
 		requireAccessToEntity('team', req.params.id, req, res, next)
 
@@ -21,7 +23,41 @@ module.exports =
 	requirePublisherAccess: (req, res, next) ->
 		requireAccessToEntity('publisher', req.params.id, req, res, next)
 
+	requireTemplateAccess: (req, res, next) ->
+		templateId = req.params.id
+		request {
+			baseUrl: settings.apis.v1.url
+			url: "/api/v2/templates/#{templateId}"
+			method: 'GET'
+			auth:
+				user: settings.apis.v1.user
+				pass: settings.apis.v1.pass
+				sendImmediately: true
+		}, (error, response, body) =>
+			if response.statusCode == 404
+				return next(new Errors.NotFoundError())
+
+			if response.statusCode != 200
+				logger.err { templateId }, "[TemplateMetrics] Couldn't fetch template data from v1"
+				return next(new Error("Couldn't fetch template data from v1"))
+
+			return next(error) if error?
+			try
+				body = JSON.parse(body)
+			catch error
+				return next(error)
+
+			req.template =
+				id: body.id
+				title: body.title
+			requireAccessToEntity('publisher', body.brand.slug, req, res, next)
+
 	requireGraphAccess: (req, res, next) ->
+		if req.query.resource_type == 'template'
+			# templates are a special case; can't use requireaccesstoentity directly
+			req.params.id = req.query.resource_id
+			return UserMembershipAuthorization.requireTemplateAccess(req, res, next)
+
 		requireAccessToEntity(
 			req.query.resource_type, req.query.resource_id, req, res, next
 		)
diff --git a/services/web/test/unit/coffee/UserMembership/UserMembershipAuthorizationTests.coffee b/services/web/test/unit/coffee/UserMembership/UserMembershipAuthorizationTests.coffee
index 5a35eba898..6e2514cb0f 100644
--- a/services/web/test/unit/coffee/UserMembership/UserMembershipAuthorizationTests.coffee
+++ b/services/web/test/unit/coffee/UserMembership/UserMembershipAuthorizationTests.coffee
@@ -26,6 +26,7 @@ describe "UserMembershipAuthorization", ->
 			'./UserMembershipHandler': @UserMembershipHandler
 			'./EntityConfigs': EntityConfigs
 			'../Errors/Errors': Errors
+			'request': @request = sinon.stub().yields(null, null, {})
 			"logger-sharelatex":
 				log: ->
 				err: ->
@@ -103,6 +104,21 @@ describe "UserMembershipAuthorization", ->
 				)
 				done()
 
+		it 'handle template access', (done) ->
+			templateData =
+				id: 123
+				title: 'Template Title'
+				brand: { slug: 'brand-slug' }
+			@request.yields(null, { statusCode: 200 }, JSON.stringify(templateData))
+			@UserMembershipAuthorization.requireTemplateAccess @req, null, (error) =>
+				expect(error).to.not.extist
+				sinon.assert.calledWithMatch(
+					@UserMembershipHandler.getEntity,
+					'brand-slug',
+					modelName: 'Publisher',
+				)
+				done()
+
 		it 'handle graph access', (done) ->
 			@req.query.resource_id = 'mock-resource-id'
 			@req.query.resource_type = 'institution'