diff --git a/app/controllers/commons_controller.rb b/app/controllers/commons_controller.rb
index 105cbefbe..1f6dce053 100644
--- a/app/controllers/commons_controller.rb
+++ b/app/controllers/commons_controller.rb
@@ -45,7 +45,7 @@ class CommonsController < ApplicationController
     code =
       case params[:object_type].strip
       when 'message'
-        if current_user.course_identity(@object.board.course) >= 5 || @object.author != current_user
+        if current_user.course_identity(@object.board.course) >= 5 && @object.author != current_user
           403
         else
           200
@@ -53,7 +53,7 @@ class CommonsController < ApplicationController
       else
         current_user.admin? ? 200 : 403
       end
-    return normal_status(403, "你没有权限操作！") if code == 403
+    return normal_status(code, "你没有权限操作！") if code == 403
   end
 
   def action(flag)