diff --git a/pagure/lib/__init__.py b/pagure/lib/__init__.py
index b94b72b..07e3d14 100644
--- a/pagure/lib/__init__.py
+++ b/pagure/lib/__init__.py
@@ -2088,23 +2088,6 @@ def get_project(session, name, user=None, namespace=None):
             model.Project.is_fork == False
         )
 
-    if private is False:
-        query = query.filter(
-            model.Project.private == False
-        )
-    elif isinstance(private, basestring):
-        user2 = aliased(model.User)
-        query = query.filter(
-            sqlalchemy.or_(
-                model.Project.private == False,
-                sqlalchemy.and_(
-                    model.Project.private == True,
-                    model.Project.user_id == user2.id,
-                    user2.user == private,
-                )
-            )
-        )
-
     return query.first()
 
 
diff --git a/pagure/ui/repo.py b/pagure/ui/repo.py
index 4567e2a..dac407b 100644
--- a/pagure/ui/repo.py
+++ b/pagure/ui/repo.py
@@ -79,16 +79,23 @@ def view_repo(repo, username=None, namespace=None):
     repo_db = flask.g.repo
     repo_obj = flask.g.repo_obj
 
-    if authenticated():
-        private = flask.g.fas_user.username
-    else:
-        private = False
-
-    repo = pagure.lib.get_project(SESSION, repo, user=username, private=private)
+    repo = pagure.lib.get_project(SESSION, repo, user=username)
 
     if repo is None:
         flask.abort(404, 'Project not found')
 
+    users = []
+    users.append(repo.user.username)
+    for user in repo.users:
+        users.append(user.username)
+
+    auth_user = None
+    if authenticated():
+        auth_user = flask.g.fas_user.username
+
+    if repo.private and auth_user not in users:
+        flask.abort(403, 'Forbidden')
+
     reponame = pagure.get_repo_path(repo)
 
     repo_obj = pygit2.Repository(reponame)
@@ -154,15 +161,10 @@ def view_repo(repo, username=None, namespace=None):
 @APP.route('/fork/<username>/<namespace>/<repo>/branch/<path:branchname>')
 def view_repo_branch(repo, branchname, username=None, namespace=None):
     ''' Returns the list of branches in the repo. '''
-    if authenticated():
-        private = flask.g.fas_user.username
-    else:
-        private = False
 
     repo = flask.g.repo
     repo_obj = flask.g.repo_obj
 
-
     if branchname not in repo_obj.listall_branches():
         flask.abort(404, 'Branch not found')
 
@@ -900,6 +902,9 @@ def view_forks(repo, username=None, namespace=None):
     """
     repo = flask.g.repo
 
+    if not repo:
+        flask.abort(404, 'Project not found')
+
     return flask.render_template(
         'forks.html',
         select='forks',