diff --git a/FAIRshake/urls.py b/FAIRshake/urls.py
index 5fa4d89..aa63a5f 100644
--- a/FAIRshake/urls.py
+++ b/FAIRshake/urls.py
@@ -22,9 +22,9 @@
 
 if not settings.DEBUG:
     handler400 = 'FAIRshakeHub.views.handler400'
-    handler403 = 'FAIRshakeHub.views.handler403'
     handler404 = 'FAIRshakeHub.views.handler404'
     handler500 = 'FAIRshakeHub.views.handler500'
+handler403 = 'FAIRshakeHub.views.handler403'
 
 urlpatterns = [
     path(settings.BASE_URL + '', include('FAIRshakeHub.urls')),
diff --git a/FAIRshakeAPI/models.py b/FAIRshakeAPI/models.py
index be64f2d..f929163 100644
--- a/FAIRshakeAPI/models.py
+++ b/FAIRshakeAPI/models.py
@@ -158,9 +158,7 @@ class Assessment(models.Model):
   timestamp = models.DateTimeField(auto_now_add=True)
 
   def has_permission(self, user, perm):
-    if perm in ['list', 'retrieve']:
-      return True
-    elif perm in ['create', 'add']:
+    if perm in ['list', 'retrieve', 'create', 'add']:
       return user.is_authenticated or user.is_staff
     elif perm in ['modify', 'remove', 'delete']:
       if self is None:
diff --git a/FAIRshakeAPI/views.py b/FAIRshakeAPI/views.py
index 36b62a5..494f9cb 100644
--- a/FAIRshakeAPI/views.py
+++ b/FAIRshakeAPI/views.py
@@ -8,6 +8,7 @@
 from django.core.cache import cache
 from django.db.models import Q
 from django.forms import ModelChoiceField
+from django.core.exceptions import PermissionDenied
 from rest_framework import views, viewsets, schemas, response, mixins, decorators, renderers, permissions
 from functools import reduce
 
@@ -250,6 +251,9 @@ def save_form(self, request, form):
     return assessment
   
   def get_template_context(self, request, context):
+    if not self.get_model().has_permission(self, request.user, self.action):
+      raise PermissionDenied
+
     if self.action in ['modify', 'retrieve']:
       assessment = self.get_object()
       assessment_form = forms.AssessmentForm(instance=assessment)
diff --git a/FAIRshakeHub/views.py b/FAIRshakeHub/views.py
index f0745fb..145a79e 100644
--- a/FAIRshakeHub/views.py
+++ b/FAIRshakeHub/views.py
@@ -1,6 +1,7 @@
-from django.shortcuts import render
+from django.shortcuts import render, redirect
 from django.core.paginator import Paginator
 from django.conf import settings
+from django.urls import reverse
 from django import http
 from FAIRshakeAPI import search, models, stats
 
@@ -53,15 +54,19 @@ def privacy_policy(request):
   return render(request, 'fairshake/privacy_policy.html')
 
 def handler(code, message):
-  def _handler(request):
+  def _handler(request, *args, **kwargs):
     return render(request, 'fairshake/error.html', dict(
       code=code,
       message=message,
     ))
   return _handler
 
+def handler403(request, *args, **kwargs):
+  if request.user.is_anonymous:
+    return redirect(reverse('account_login') + '?next=' + request.get_full_path())
+  return handler(403, 'Permission denied')(request, *args, **kwargs)
+
 handler400 = handler(400, 'Bad Request')
-handler403 = handler(403, 'Permission Denied')
 handler404 = handler(404, 'Page not Found')
 handler500 = handler(500, 'Server error')