diff --git a/bigbluebutton-html5/imports/api/guest-users/server/publishers.js b/bigbluebutton-html5/imports/api/guest-users/server/publishers.js
index bc0b063a221c4f914dde39d4894044ba78105222..136559b95faea131d1bde3c592b36f0d447afb38 100644
--- a/bigbluebutton-html5/imports/api/guest-users/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/guest-users/server/publishers.js
@@ -1,18 +1,30 @@
 import GuestUsers from '/imports/api/guest-users/';
+import Users from '/imports/api/users';
 import { Meteor } from 'meteor/meteor';
 import Logger from '/imports/startup/server/logger';
 import AuthTokenValidation, { ValidationStates } from '/imports/api/auth-token-validation';
 
+const ROLE_MODERATOR = Meteor.settings.public.user.role_moderator;
+
 function guestUsers() {
   const tokenValidation = AuthTokenValidation.findOne({ connectionId: this.connection.id });
 
   if (!tokenValidation || tokenValidation.validationStatus !== ValidationStates.VALIDATED) {
-    Logger.warn(`Publishing GuestUsers was requested by unauth connection ${this.connection.id}`);
+    Logger.warn(`Publishing GuestUser was requested by unauth connection ${this.connection.id}`);
     return GuestUsers.find({ meetingId: '' });
   }
 
   const { meetingId, userId } = tokenValidation;
 
+  const User = Users.findOne({ userId, meetingId }, { fields: { role: 1 } });
+  if (!User || User.role !== ROLE_MODERATOR) {
+    Logger.warn(
+      'Publishing current-poll was requested by non-moderator connection',
+      { meetingId, userId, connectionId: this.connection.id },
+    );
+    return GuestUsers.find({ meetingId: '' });
+  }
+
   Logger.debug(`Publishing GuestUsers for ${meetingId} ${userId}`);
 
   return GuestUsers.find({ meetingId });
diff --git a/bigbluebutton-html5/imports/api/polls/server/publishers.js b/bigbluebutton-html5/imports/api/polls/server/publishers.js
index 0fed60c6773d91382fa4bee474f2385489603b73..620a73b22dceb5847ae7647536ecb8b2bd8ee7cc 100644
--- a/bigbluebutton-html5/imports/api/polls/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/polls/server/publishers.js
@@ -16,10 +16,10 @@ function currentPoll() {
   const { meetingId, userId } = tokenValidation;
 
   const User = Users.findOne({ userId, meetingId }, { fields: { role: 1 } });
-  if (!User || User.role != ROLE_MODERATOR) {
+  if (!User || User.role !== ROLE_MODERATOR) {
     Logger.warn(
       'Publishing current-poll was requested by non-moderator connection',
-      { meetingId, userId, connectionId: this.connection.id }
+      { meetingId, userId, connectionId: this.connection.id },
     );
     return Polls.find({ meetingId: '' });
   }