diff --git a/app/controllers/experiments_controller.rb b/app/controllers/experiments_controller.rb
index 63065e666..9879ae5de 100644
--- a/app/controllers/experiments_controller.rb
+++ b/app/controllers/experiments_controller.rb
@@ -2,6 +2,7 @@ class ExperimentsController < ApplicationController
   include PermissionHelper
   before_action :set_experiment, except: [:new, :create]
   before_action :set_project, only: [:new, :create]
+  before_action :check_view_permissions, only: [:canvas]
 
   # except parameter could be used but it is not working.
   layout :choose_layout
@@ -9,7 +10,7 @@ class ExperimentsController < ApplicationController
   def new
     @experiment = Experiment.new
     respond_to do |format|
-      format.json  {
+      format.json {
         render json:{
           html: render_to_string( {
             partial: "new_modal.html.erb"
@@ -69,16 +70,22 @@ class ExperimentsController < ApplicationController
 
   def set_experiment
     @experiment = Experiment.find_by_id(params[:id])
+    render_404 unless @experiment
   end
 
   def set_project
     @project = Project.find_by_id(params[:project_id])
+    render_404 unless @project
   end
 
   def experiment_params
     params.require(:experiment).permit(:name, :description)
   end
 
+  def check_view_permissions
+    render_403 unless can_view_experiment(@experiment)
+  end
+
   def choose_layout
     action_name.in?(['index', 'archive']) ? 'main' : 'fluid'
   end
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 5f3fd4296..0c5242da5 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -2,11 +2,11 @@ class ProjectsController < ApplicationController
   include SampleActions
   include RenamingUtil
 
-  before_action :load_vars, only: [:show, :edit, :update, :canvas,
+  before_action :load_vars, only: [:show, :edit, :update,
                                    :notifications, :reports,
                                    :samples, :module_archive,
                                    :delete_samples, :samples_index]
-  before_action :check_view_permissions, only: [:show, :canvas, :reports,
+  before_action :check_view_permissions, only: [:show, :reports,
                                                 :samples, :module_archive,
                                                 :samples_index]
   before_action :check_view_notifications_permissions, only: [ :notifications ]
@@ -238,10 +238,6 @@ class ProjectsController < ApplicationController
     # This is the "info" view
   end
 
-  def canvas
-    # This is the "structure/overview/canvas" view
-  end
-
   def notifications
     @modules = @project
       .assigned_modules(current_user)