diff --git a/app/src/server.js b/app/src/server.js
index d0e15c8b..6a748c66 100644
--- a/app/src/server.js
+++ b/app/src/server.js
@@ -188,9 +188,14 @@ server.route('/building/:building_id.json')
         })
     })
     .post(function (req, res) {
+        if (!req.session.user_id) {
+            res.send({error: 'Must be logged in'});
+            return
+        }
+        const user_id = req.session.user_id;
         const { building_id } = req.params;
         const building = req.body;
-        saveBuilding(building_id, building).then(building => {
+        saveBuilding(building_id, building, user_id).then(building => {
             if (building.error) {
                 res.send(building)
                 return