diff --git a/app/application/app/Http/Middleware/IsProject.php b/app/application/app/Http/Middleware/IsProject.php
index a4b701f..8b6ca5b 100644
--- a/app/application/app/Http/Middleware/IsProject.php
+++ b/app/application/app/Http/Middleware/IsProject.php
@@ -20,6 +20,13 @@ public function handle(Request $request, \Closure $next): Response
             \abort(Response::HTTP_NOT_FOUND);
         }
 
+        if (
+            $project->is_public === false
+            && ( $request->user() === null || $request->user()->cannot('view', $project) )
+        ) {
+            \abort(Response::HTTP_FORBIDDEN);
+        }
+
         return $next($request);
     }
 }