diff --git a/src/db/mongo/repo.ts b/src/db/mongo/repo.ts
index f299f907a..a76910c92 100644
--- a/src/db/mongo/repo.ts
+++ b/src/db/mongo/repo.ts
@@ -79,19 +79,19 @@ export const deleteRepo = async (name: string) => {
 export const isUserPushAllowed = async (name: string, user: string) => {
   name = name.toLowerCase();
   user = user.toLowerCase();
+  console.log(`checking if user ${user} can push to ${name}`);
   return new Promise(async (resolve) => {
     const repo = await exports.getRepo(name);
-    console.log(repo.users.canPush);
-    console.log(repo.users.canAuthorise);
-
-    if (repo.users.canPush.includes(user) || repo.users.canAuthorise.includes(user)) {
-      resolve(true);
-    } else {
+    if( !repo ) {
+      console.log(`repo ${name} not found`);
       resolve(false);
+      return;
     }
+    resolve(repo.users?.canPush.includes(user) || repo.users?.canAuthorise.includes(user));
   });
 };
 
+// not used in the codebase, but kept for compatibility
 export const canUserApproveRejectPushRepo = async (name: string, user: string) => {
   name = name.toLowerCase();
   user = user.toLowerCase();
diff --git a/test/db/mongo/repo.test.js b/test/db/mongo/repo.test.js
new file mode 100644
index 000000000..d150d0e88
--- /dev/null
+++ b/test/db/mongo/repo.test.js
@@ -0,0 +1,52 @@
+const chai = require('chai');
+const sinon = require('sinon');
+const repoModule = require('../../../src/db/mongo/repo');
+
+const { expect } = chai;
+
+describe('mongo repo', () => {
+  afterEach(() => {
+    sinon.restore();
+  });
+
+  describe('isUserPushAllowed', () => {
+    it('returns true if user is in canPush', async () => {
+      sinon.stub(repoModule, 'getRepo').resolves({
+        users: {
+          canPush: ['alice'],
+          canAuthorise: [],
+        },
+      });
+      const result = await repoModule.isUserPushAllowed('myrepo', 'alice');
+      expect(result).to.be.true;
+    });
+
+    it('returns true if user is in canAuthorise', async () => {
+      sinon.stub(repoModule, 'getRepo').resolves({
+        users: {
+          canPush: [],
+          canAuthorise: ['bob'],
+        },
+      });
+      const result = await repoModule.isUserPushAllowed('myrepo', 'bob');
+      expect(result).to.be.true;
+    });
+
+    it('returns false if user is in neither', async () => {
+      sinon.stub(repoModule, 'getRepo').resolves({
+        users: {
+          canPush: [],
+          canAuthorise: [],
+        },
+      });
+      const result = await repoModule.isUserPushAllowed('myrepo', 'charlie');
+      expect(result).to.be.false;
+    });
+
+    it('returns false if repo is not registered', async () => {
+      sinon.stub(repoModule, 'getRepo').resolves(null);
+      const result = await repoModule.isUserPushAllowed('myrepo', 'charlie');
+      expect(result).to.be.false;
+    });
+  });
+});