diff --git a/src/apps.js b/src/apps.js
index 51d80360d..d17d00dd7 100644
--- a/src/apps.js
+++ b/src/apps.js
@@ -5,6 +5,8 @@
 exports = module.exports = {
     AppsError: AppsError,
 
+    hasAccessTo: hasAccessTo,
+
     get: get,
     getBySubdomain: getBySubdomain,
     getAll: getAll,
@@ -222,6 +224,20 @@ function getIconUrlSync(app) {
     return fs.existsSync(iconPath) ? '/api/v1/apps/' + app.id + '/icon' : null;
 }
 
+function hasAccessTo(app, user) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof user, 'object');
+
+    function validator(entry) {
+        if (entry.indexOf('user-') === 0 && entry.slice('user-'.length) === user.id) return true;
+        return false;
+    }
+
+    if (app.accessRestriction === '') return true;
+
+    return app.accessRestriction.split(',').some(validator);
+}
+
 function get(appId, callback) {
     assert.strictEqual(typeof appId, 'string');
     assert.strictEqual(typeof callback, 'function');
diff --git a/src/test/apps-test.js b/src/test/apps-test.js
index 2eb49a2a3..1ae0ab399 100644
--- a/src/test/apps-test.js
+++ b/src/test/apps-test.js
@@ -192,5 +192,27 @@ describe('Apps', function () {
             expect(apps._validateAccessRestriction('user-someuserid,user-someuserid1,user-someuserid2,foo-someuserid3')).to.be.an(Error);
         });
     });
+
+    describe('hasAccessTo', function () {
+        it('returns true for unrestricted access', function () {
+            expect(apps.hasAccessTo({ accessRestriction: '' }, { id: 'someuser' })).to.equal(true);
+        });
+
+        it('returns true for allowed user', function () {
+            expect(apps.hasAccessTo({ accessRestriction: 'user-someuser' }, { id: 'someuser' })).to.equal(true);
+        });
+
+        it('returns true for allowed user with multiple allowed', function () {
+            expect(apps.hasAccessTo({ accessRestriction: 'user-foo,user-someuser, user-anotheruser' }, { id: 'someuser' })).to.equal(true);
+        });
+
+        it('returns false for not allowed user', function () {
+            expect(apps.hasAccessTo({ accessRestriction: 'user-foo' }, { id: 'someuser' })).to.equal(false);
+        });
+
+        it('returns false for not allowed user with multiple allowed', function () {
+            expect(apps.hasAccessTo({ accessRestriction: 'user-foo, user-anotheruser' }, { id: 'someuser' })).to.equal(false);
+        });
+    });
 });