diff --git a/core/api/ticket.coffee b/core/api/ticket.coffee
index 08a60a1..3900f50 100644
--- a/core/api/ticket.coffee
+++ b/core/api/ticket.coffee
@@ -36,6 +36,12 @@ module.exports =
           return res.redirect '/account/login/'
 
         mTicket.findId req.body.id, (ticket) ->
+          unless ticket
+            return res.send 404
+
+          unless mTicket.hasMember ticket, account
+            return res.send 403
+
           res.render 'ticket/view',
             account: account
             ticket: ticket
diff --git a/core/static/script/ticket/create.coffee b/core/static/script/ticket/create.coffee
index 1d99fbf..b03edc0 100644
--- a/core/static/script/ticket/create.coffee
+++ b/core/static/script/ticket/create.coffee
@@ -17,4 +17,4 @@ $ ->
     .fail (reply) ->
       if reply.status is 400
         error = reply.responseJSON.error
-        ErrorHandle.flushError error
\ No newline at end of file
+        ErrorHandle.flushError error