diff --git a/app/Http/Api/Controllers/AnswerController.php b/app/Http/Api/Controllers/AnswerController.php
index d49ed3ae..2a52ac9c 100644
--- a/app/Http/Api/Controllers/AnswerController.php
+++ b/app/Http/Api/Controllers/AnswerController.php
@@ -35,7 +35,7 @@ class AnswerController extends Controller
             $this->notFound();
         }
 
-        $approved = $answer['published'] != AnswerModel::PUBLISH_APPROVED;
+        $approved = $answer['published'] == AnswerModel::PUBLISH_APPROVED;
         $owned = $answer['me']['owned'] == 1;
 
         if (!$approved && !$owned) {
diff --git a/app/Http/Api/Controllers/OrderController.php b/app/Http/Api/Controllers/OrderController.php
index cd5fb1f3..866dff0f 100644
--- a/app/Http/Api/Controllers/OrderController.php
+++ b/app/Http/Api/Controllers/OrderController.php
@@ -33,6 +33,10 @@ class OrderController extends Controller
             $this->notFound();
         }
 
+        if ($order['me']['owned'] == 0) {
+            $this->forbidden();
+        }
+
         return $this->jsonSuccess(['order' => $order]);
     }
 
diff --git a/app/Http/Home/Controllers/AnswerController.php b/app/Http/Home/Controllers/AnswerController.php
index a833382b..663ff936 100644
--- a/app/Http/Home/Controllers/AnswerController.php
+++ b/app/Http/Home/Controllers/AnswerController.php
@@ -61,7 +61,7 @@ class AnswerController extends Controller
             $this->notFound();
         }
 
-        $approved = $answer['published'] != AnswerModel::PUBLISH_APPROVED;
+        $approved = $answer['published'] == AnswerModel::PUBLISH_APPROVED;
         $owned = $answer['me']['owned'] == 1;
 
         if (!$approved && !$owned) {