diff --git a/app/controllers/bids_controller.rb b/app/controllers/bids_controller.rb
index 047f7103e..7264c03ee 100644
--- a/app/controllers/bids_controller.rb
+++ b/app/controllers/bids_controller.rb
@@ -832,7 +832,7 @@ class BidsController < ApplicationController
       }
        end
     else
-      render 403
+      render_403
     end
   end
   
diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb
index da527e552..945b8c514 100644
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@@ -216,10 +216,15 @@ class CoursesController < ApplicationController
   end
 
   def settings
-    @issue_custom_fields = IssueCustomField.sorted.all
-    @issue_category ||= IssueCategory.new
-    @member ||= @course.members.new
-    @trackers = Tracker.sorted.all
+    if User.current.allowed_to?(:as_teacher,@course)
+      @issue_custom_fields = IssueCustomField.sorted.all
+      @issue_category ||= IssueCategory.new
+      @member ||= @course.members.new
+      @trackers = Tracker.sorted.all
+    else
+      render_403
+    end
+
   end
 
   def create