diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d3921d44a..0783d1805 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -95,9 +95,11 @@ class UsersController < ApplicationController
   # 说明： homework 发布作业；message：讨论区； news：新闻； poll：问卷；works_reviewers：作品评阅；works_reply:作品回复
   # issue：问题；journal：缺陷状态更新； forum：公共贴吧: user_feedback: 用户留言; new_reply:新闻回复（comment）
   def user_messages
-    unless User.current.logged?
+    if !User.current.logged?
       redirect_to signin_url
       return
+    elsif @user != User.current && !User.current.admin?
+     return render_403
     end
     # 记录当前点击按钮的时间
     # 考虑到用户未退出刷新消息页面
diff --git a/app/views/users/user_messages.html.erb b/app/views/users/user_messages.html.erb
index b9e626f2d..46964b14d 100644
--- a/app/views/users/user_messages.html.erb
+++ b/app/views/users/user_messages.html.erb
@@ -54,17 +54,17 @@
               <span style="color: red;float: left">【系统消息】</span><li class="homepageSystenMessageContent fl" id="content_<%= usm.id %>">
               <li class="homepageSystenMessageContent fl">
 
-              <%= link_to usm.subject.nil? ? (usm.content.nil? ? usm.description.html_safe : usm.content.html_safe) : usm.subject, user_system_messages_path(User.current),
+              <%= link_to usm.subject.blank? ? (usm.content.nil? ? usm.description.html_safe : usm.content.html_safe) : usm.subject, user_system_messages_path(User.current),
                           :id => "content_link_#{usm.id}",
                           :onmouseover =>"message_titile_show($(this),event);",
                           :onmouseout => "message_titile_hide($(this));"
               %>
             </li>
               <div style="display:none;" class="message_title_red system_message_style">
-                <% unless usm.subject.nil? %>
+                <% unless usm.subject.blank? %>
                     <p><strong>标题：</strong><%= usm.subject %></p>
                 <% end %>
-                <% if (!usm.description.nil? && usm.description != "") || (!usm.content.nil? && usm.content != "") %>
+                <% if (!usm.description.blank?) || (!usm.content.blank?) %>
                     <div class="fl"><strong>内容：</strong></div><div class="ml36"><%= usm.description.nil? ? usm.content.html_safe : usm.description.html_safe %></div>
                 <% end %>
               </div>