diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb
index 1e706b1da..62ed12122 100644
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@@ -198,22 +198,26 @@ class CoursesController < ApplicationController
 
   def member
     ## 有角色参数的才是课程，没有的就是项目
-    @render_file = 'member_list'
-    @teachers= searchTeacherAndAssistant(@course)
-    @canShowCode = isCourseTeacher(User.current.id,@course) && params[:role] != '1'
-    case params[:role]
-      when '1'
-        @subPage_title = l :label_teacher_list
-        @members = searchTeacherAndAssistant(@course)
-      when '2'
-        @subPage_title = l :label_student_list
-        @members = searchStudent(@course)
-      else
-        @subPage_title = ''
-        @members = @course.member_principals.includes(:roles, :principal).all.sort
+    if User.current.member_of_course?(@course) || User.current.admin?
+      @render_file = 'member_list'
+      @teachers= searchTeacherAndAssistant(@course)
+      @canShowCode = isCourseTeacher(User.current.id,@course) && params[:role] != '1'
+      case params[:role]
+        when '1'
+          @subPage_title = l :label_teacher_list
+          @members = searchTeacherAndAssistant(@course)
+        when '2'
+          @subPage_title = l :label_student_list
+          @members = searchStudent(@course)
+        else
+          @subPage_title = ''
+          @members = @course.member_principals.includes(:roles, :principal).all.sort
+      end
+      @members = paginateHelper @members
+      render :layout => 'base_courses'
+    else
+       render_403
     end
-    @members = paginateHelper @members
-    render :layout => 'base_courses'
   end
 
   #判断指定用户是否为课程教师