diff --git a/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py b/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py
index 845fb9466ffe3d87a049f4eaf9307ebab95459c8..cc544080d45bdb6259f3049628c2a66950e65ff8 100644
--- a/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py
+++ b/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py
@@ -169,18 +169,20 @@ class IsProjectMember(drf_permissions.DjangoObjectPermissions):
             else:
                 raise AttributeError(f'The model {view.serializer_class.Meta.model} requires an attribute "project" or "path_to_project" to check project permissions.')
             for attr in attrs:
+                obj_resolved_in_this_iteration = False
                 if not obj:
                     # on first iteration, the referenced object needs to be resolved from POSTed FQDN
                     obj_ref = request.data[attr]
                     path = urllib.parse.urlparse(obj_ref).path
                     resolved_func, _, resolved_kwargs = resolve(path)
                     obj = resolved_func.cls().get_queryset().get(pk=resolved_kwargs['pk'])
-                else:
-                    if attr == 'project':
-                        # has_object_permission checks the project from obj, so we can just check project permission on
-                        # something that has the correct project attribute
-                        p=self.has_object_permission(request, view, obj)
-                        return p
+                    obj_resolved_in_this_iteration = True
+                if attr == 'project':
+                    # has_object_permission checks the project from obj, so we can just check project permission on
+                    # something that has the correct project attribute
+                    p = self.has_object_permission(request, view, obj)
+                    return p
+                if not obj_resolved_in_this_iteration:
                     obj = getattr(obj, attr)
 
         pk = view.kwargs.get('pk', None)
diff --git a/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/specification.py b/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/specification.py
index 58da64724b5e3af9c68cf53d2f81760a7a738c01..ac8f96c27882fd6d56b6b0eab8b9ee9e13cc3cf6 100644
--- a/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/specification.py
+++ b/SAS/TMSS/backend/src/tmss/tmssapp/viewsets/specification.py
@@ -422,9 +422,12 @@ class ProjectViewSet(LOFARViewSet):
         queryset = models.Project.objects.all()
 
         # query by cycle
-        cycle = self.request.query_params.get('cycle', None)
-        if cycle is not None:
-            return queryset.filter(cycles__name=cycle)
+        try:
+            cycle = self.request.query_params.get('cycle', None)
+            if cycle is not None:
+                return queryset.filter(cycles__name=cycle)
+        except AttributeError:
+            pass
 
         return queryset