diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb
index 7ccfb0e10..4a27f02ff 100644
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -32,13 +32,17 @@ class BoardsController < ApplicationController
     #modify by nwb
     @flag = params[:flag] || false
     if @project
-      @boards = @project.boards.includes(:last_message => :author).all
-      @boards = [] << @boards[0] if @boards.any?
-      if @boards.size == 1
-        @board = @boards.first
-        show and return
+      if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
+        render_403
+      else
+        @boards = @project.boards.includes(:last_message => :author).all
+        @boards = [] << @boards[0] if @boards.any?
+        if @boards.size == 1
+          @board = @boards.first
+          show and return
+        end
+        render :layout => false if request.xhr?
       end
-      render :layout => false if request.xhr?
     elsif @course
       if (User.current.admin? || @course.is_public == 1 || (@course.is_public == 0 && User.current.member_of_course?(@course)))
         @boards = @course.boards.includes(:last_message => :author).all
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 041fa8529..06a157c0f 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -677,7 +677,7 @@ class ProjectsController < ApplicationController
   end
 
   def watcherlist
-    if !@project.is_public? && !User.current.member_of?(@project)
+    if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
       render_403
     else
       @users -= watched.watcher_users if  @watched