diff --git a/server/src/routes/git.rs b/server/src/routes/git.rs
index ab04aa7..da02c7e 100644
--- a/server/src/routes/git.rs
+++ b/server/src/routes/git.rs
@@ -105,15 +105,23 @@ fn forbidden() -> Response<Body> {
 /// Resolves an app name/id and checks whether the user may push to it.
 /// Returns the app_id on success.
 async fn check_push_access(s: &AppState, user_id: &str, app: &str) -> Option<String> {
-    let app_id: String =
-        sqlx::query_scalar("SELECT id FROM apps WHERE id = ? OR name = ?")
+    let app_id: Option<String> =
+        sqlx::query_scalar::<_, String>("SELECT id FROM apps WHERE id = ? OR name = ?")
             .bind(app)
             .bind(app)
             .fetch_optional(&s.db)
             .await
-            .unwrap_or(None)?;
+            .unwrap_or(None);
 
-    let is_admin: i64 = sqlx::query_scalar("SELECT is_admin FROM users WHERE id = ?")
+    let app_id = match app_id {
+        Some(id) => id,
+        None => {
+            tracing::debug!("check_push_access: no app found for {:?}", app);
+            return None;
+        }
+    };
+
+    let is_admin: i64 = sqlx::query_scalar::<_, i64>("SELECT is_admin FROM users WHERE id = ?")
         .bind(user_id)
         .fetch_optional(&s.db)
         .await
@@ -121,17 +129,24 @@ async fn check_push_access(s: &AppState, user_id: &str, app: &str) -> Option<Str
         .unwrap_or(0);
 
     if is_admin != 0 {
+        tracing::debug!("check_push_access: user {} is admin, access granted", user_id);
         return Some(app_id);
     }
 
     let granted: Option<i64> =
-        sqlx::query_scalar("SELECT 1 FROM user_apps WHERE user_id = ? AND app_id = ?")
+        sqlx::query_scalar::<_, i64>("SELECT 1 FROM user_apps WHERE user_id = ? AND app_id = ?")
             .bind(user_id)
             .bind(&app_id)
             .fetch_optional(&s.db)
             .await
             .unwrap_or(None);
 
+    if granted.is_none() {
+        tracing::debug!(
+            "check_push_access: user {} has no grant for app {}",
+            user_id, app_id
+        );
+    }
     granted.map(|_| app_id)
 }