diff --git a/app/controllers/memos_controller.rb b/app/controllers/memos_controller.rb
index 71c96a06e..d44be19b4 100644
--- a/app/controllers/memos_controller.rb
+++ b/app/controllers/memos_controller.rb
@@ -3,6 +3,8 @@ class MemosController < ApplicationController
   before_filter :find_forum, :only => [:new, :preview]
   before_filter :find_attachments, :only => [:preview]
   before_filter :find_memo, :except => [:new, :create , :preview, :update]
+  before_filter :authenticate_user_edit, :only => [:edit, :update]
+  before_filter :authenticate_user_destroy, :only => [:destroy]
   
   helper :attachments
   include AttachmentsHelper
@@ -144,4 +146,15 @@ class MemosController < ApplicationController
     render_404
     nil
   end
+
+  def authenticate_user_edit
+    find_memo
+    render_403 unless @memo.editable_by? User.current
+  end
+
+  def authenticate_user_destroy
+    find_memo
+    render_403 unless @memo.destroyable_by? User.current
+    
+  end
 end
diff --git a/app/models/memo.rb b/app/models/memo.rb
index 532669a4b..0c1f7032e 100644
--- a/app/models/memo.rb
+++ b/app/models/memo.rb
@@ -85,11 +85,11 @@ class Memo < ActiveRecord::Base
 	
 	def editable_by? user
 		# user && user.logged? || (self.author == usr && usr.allowed_to?(:edit_own_messages, project))
-		(user && self.author == user && !self.lock || user.admin?) && true
+		user.admin?
 	end
 
 	def destroyable_by? user
-		user.admin?
+		user && user.logged? && Forum.find(self.forum_id).creator_id == user.id || user.admin?
 		#self.author == user || user.admin?
 	end