Removed the checks because otherwise logged-in users would get an
"unauthorized"-error but not-logged-in users would get an
"invalid-request"-error although they tried to access the same page.
Now everyone gets an unauthorized-error if they access a page that needs
access rights.