diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 96807d2dc..041fa8529 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -676,11 +676,11 @@ class ProjectsController < ApplicationController
     true
   end
 
-  # added by huang
-
   def watcherlist
-    if @watched
-       @users -= watched.watcher_users
+    if !@project.is_public? && !User.current.member_of?(@project)
+      render_403
+    else
+      @users -= watched.watcher_users if  @watched
     end
   end