diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 6ea8fb8ef..872263d86 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -486,7 +486,8 @@ class IssuesController < ApplicationController
   end
 
   def operate_issue_permission
-    return render_forbidden("您没有权限进行此操作.") unless current_user.present? && current_user.logged? && (current_user.admin? || @project.member?(current_user) || @project.is_public?)
+    set_issue unless @issue.present?
+    return render_forbidden("您没有权限进行此操作.") unless current_user.present? && current_user.logged? && (current_user.admin? || @project.member?(current_user) || (@project.is_public && @issue.nil?) || (@project.is_public && @issue.present? && @issue.author_id == current_user.id))
   end
 
   def export_issues(issues)