diff --git a/app/controllers/commons_controller.rb b/app/controllers/commons_controller.rb
index fa5e14dc1..a23d4dba7 100644
--- a/app/controllers/commons_controller.rb
+++ b/app/controllers/commons_controller.rb
@@ -44,12 +44,18 @@ class CommonsController < ApplicationController
   def validate_power
     code =
       case params[:object_type].strip
-      when 'message', 'journals_for_message'
+      when 'message'
         if current_user.course_identity(@object.board.course) >= Course::STUDENT && @object.author != current_user
           403
         else
           200
         end
+      when 'journals_for_message'
+        if current_user.course_identity(@object.jour.course)  >= Course::STUDENT && @object.user != current_user
+          403
+        else
+          200
+        end
       else
         current_user.admin? ? 200 : 403
       end