diff --git a/controllers/custom_wizard/wizard.rb b/controllers/custom_wizard/wizard.rb
index 37728ecb..9670fd62 100644
--- a/controllers/custom_wizard/wizard.rb
+++ b/controllers/custom_wizard/wizard.rb
@@ -61,7 +61,7 @@ class CustomWizard::WizardController < ::ApplicationController
     result = success_json
     user = current_user
 
-    if user
+    if user && wizard.can_access?
       submission = wizard.current_submission
       if submission && submission['redirect_to']
         result.merge!(redirect_to: submission['redirect_to'])
diff --git a/spec/requests/custom_wizard/wizard_controller_spec.rb b/spec/requests/custom_wizard/wizard_controller_spec.rb
index 3e7ddd3d..4380bc73 100644
--- a/spec/requests/custom_wizard/wizard_controller_spec.rb
+++ b/spec/requests/custom_wizard/wizard_controller_spec.rb
@@ -11,6 +11,14 @@ describe CustomWizard::WizardController do
     )
   }
 
+  let(:permitted_json) {
+    JSON.parse(
+      File.open(
+        "#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/wizard/permitted.json"
+      ).read
+    )
+  }
+
   before do
     CustomWizard::Template.save(
       JSON.parse(File.open(
@@ -47,6 +55,14 @@ describe CustomWizard::WizardController do
     expect(response.status).to eq(200)
   end
 
+  it 'lets user skip if user cant access wizard' do
+    @template["permitted"] = permitted_json["permitted"]
+    CustomWizard::Template.save(@template, skip_jobs: true)
+
+    put '/w/super-mega-fun-wizard/skip.json'
+    expect(response.status).to eq(200)
+  end
+
   it 'returns a no skip message if user is not allowed to skip' do
     @template['required'] = 'true'
     CustomWizard::Template.save(@template)