diff --git a/server/datastore/perm.go b/server/datastore/perm.go
index 9ee8eae22..b31546bb1 100644
--- a/server/datastore/perm.go
+++ b/server/datastore/perm.go
@@ -23,7 +23,44 @@ type Permstore interface {
 // GetPerm retrieves the User's permission from
 // the datastore for the given repository.
 func GetPerm(c context.Context, user *model.User, repo *model.Repo) (*model.Perm, error) {
-	return FromContext(c).GetPerm(user, repo)
+	// if the user is a gues they should only be granted
+	// read access to public repositories.
+	switch {
+	case user == nil && repo.Private:
+		return &model.Perm{
+			Guest: true,
+			Read:  false,
+			Write: false,
+			Admin: false}, nil
+	case user == nil && !reop.Private:
+		return &model.Perm{
+			Guest: true,
+			Read:  true,
+			Write: false,
+			Admin: false}, nil
+	}
+
+	// if the user is authenticated we'll retireive the
+	// permission details from the database.
+	perm, err := FromContext(c).GetPerm(user, repo)
+	if err == nil && perm.ID != 0 {
+		return perm, err
+	}
+
+	switch {
+	// if the user is a system admin grant super access.
+	case user.Admin == true:
+		perm.Read = true
+		perm.Write = true
+		perm.Admin = true
+		perm.Guest = true
+
+	// if the repo is public, grant read access only.
+	case repo.Private == false:
+		perm.Read = true
+		perm.Guest = true
+	}
+	return perm, err
 }
 
 // PostPerm saves permission in the datastore.