diff --git a/packages/backend/src/models/permission.js b/packages/backend/src/models/permission.js
index 6ef9ae0d..a58aa53b 100644
--- a/packages/backend/src/models/permission.js
+++ b/packages/backend/src/models/permission.js
@@ -19,25 +19,39 @@ class Permission extends Base {
     },
   };
 
-  static sanitize(permissions) {
+  static filter(permissions) {
     const sanitizedPermissions = permissions.filter((permission) => {
       const { action, subject, conditions } = permission;
 
-      const relevantAction = permissionCatalog.actions.find(
-        (actionCatalogItem) => actionCatalogItem.key === action
-      );
-      const validSubject = relevantAction.subjects.includes(subject);
-      const validConditions = conditions.every((condition) => {
-        return !!permissionCatalog.conditions.find(
-          (conditionCatalogItem) => conditionCatalogItem.key === condition
-        );
-      });
+      const relevantAction = this.findAction(action);
+      const validSubject = this.isSubjectValid(subject, relevantAction);
+      const validConditions = this.areConditionsValid(conditions);
 
-      return validSubject && validConditions;
+      return relevantAction && validSubject && validConditions;
     });
 
     return sanitizedPermissions;
   }
+
+  static findAction(action) {
+    return permissionCatalog.actions.find(
+      (actionCatalogItem) => actionCatalogItem.key === action
+    );
+  }
+
+  static isSubjectValid(subject, action) {
+    return action && action.subjects.includes(subject);
+  }
+
+  static areConditionsValid(conditions) {
+    return conditions.every((condition) => this.isConditionValid(condition));
+  }
+
+  static isConditionValid(condition) {
+    return !!permissionCatalog.conditions.find(
+      (conditionCatalogItem) => conditionCatalogItem.key === condition
+    );
+  }
 }
 
 export default Permission;