diff --git a/app/controllers/teambox_datas_controller.rb b/app/controllers/teambox_datas_controller.rb
index 5e4ebd64c5..11f7cb2e61 100644
--- a/app/controllers/teambox_datas_controller.rb
+++ b/app/controllers/teambox_datas_controller.rb
@@ -13,6 +13,8 @@ def index
   end
   
   def show
+    head(:forbidden) and return unless @data.downloadable?(current_user)
+
     respond_to do |f|
       if @data.type_name == :import and @data.need_data? and @data.data == nil
         @data.status_name = :uploading