diff --git a/app/controllers/commons_controller.rb b/app/controllers/commons_controller.rb
index ca68c65d3..105cbefbe 100644
--- a/app/controllers/commons_controller.rb
+++ b/app/controllers/commons_controller.rb
@@ -42,7 +42,18 @@ class CommonsController < ApplicationController
   end
 
   def validate_power
-    tip_exception(403, "无操作权限") unless current_user.admin?
+    code =
+      case params[:object_type].strip
+      when 'message'
+        if current_user.course_identity(@object.board.course) >= 5 || @object.author != current_user
+          403
+        else
+          200
+        end
+      else
+        current_user.admin? ? 200 : 403
+      end
+    return normal_status(403, "你没有权限操作！") if code == 403
   end
 
   def action(flag)