diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
index e21b28c4..e78d5f33 100644
--- a/src/Controllers/DatabaseController.js
+++ b/src/Controllers/DatabaseController.js
@@ -18,7 +18,14 @@ function addWriteACL(query, acl) {
 function addReadACL(query, acl) {
   const newQuery = _.cloneDeep(query);
   //Can't be any existing '_rperm' query, we don't allow client queries on that, no need to $and
-  newQuery._rperm = { "$in" : [null, "*", ...acl]};
+  if (newQuery.hasOwnProperty('$or')) {
+    newQuery.$or = newQuery.$or.map(function(qobj) {
+      qobj._rperm = {'$in' : [null, '*', ...acl]};
+      return qobj;
+    });
+  } else {
+    newQuery._rperm = { "$in" : [null, "*", ...acl]};
+  }
   return newQuery;
 }