diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb
index 0ee9dc968..da527e552 100644
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@@ -470,9 +470,7 @@ class CoursesController < ApplicationController
   end
 
   def homework
-    if @course.is_public == 0
-      render_403
-    else
+    if @course.is_public != 0 || User.current.member_of_course?(@course)
       @offset, @limit = api_offset_and_limit({:limit => 10})
       @bids = @course.homeworks.order('deadline DESC')
       @bids = @bids.like(params[:name]) if params[:name].present?
@@ -490,6 +488,8 @@ class CoursesController < ApplicationController
         @bids = @bids.offset(@offset).limit(limit).all.reverse
       end
       render :layout => 'base_courses'
+    else
+      render_403
     end
    end