diff --git a/lib/Activity/ActivityManager.php b/lib/Activity/ActivityManager.php
index eaa79c70e..4266ef209 100644
--- a/lib/Activity/ActivityManager.php
+++ b/lib/Activity/ActivityManager.php
@@ -566,9 +566,9 @@ class ActivityManager {
 		];
 	}
 
-	public function canSeeCardActivity(int $cardId): bool {
+	public function canSeeCardActivity(int $cardId, string $userId): bool {
 		try {
-			$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
+			$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ, $userId);
 			$card = $this->cardMapper->find($cardId);
 			return $card->getDeletedAt() === 0;
 		} catch (NoPermissionException $e) {
@@ -576,9 +576,9 @@ class ActivityManager {
 		}
 	}
 
-	public function canSeeBoardActivity(int $boardId): bool {
+	public function canSeeBoardActivity(int $boardId, string $userId): bool {
 		try {
-			$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
+			$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ, $userId);
 			$board = $this->boardMapper->find($boardId);
 			return $board->getDeletedAt() === 0;
 		} catch (NoPermissionException $e) {
diff --git a/lib/Activity/DeckProvider.php b/lib/Activity/DeckProvider.php
index 9fcf6e1f0..12f9be73c 100644
--- a/lib/Activity/DeckProvider.php
+++ b/lib/Activity/DeckProvider.php
@@ -111,7 +111,7 @@ class DeckProvider implements IProvider {
 			$event->setAuthor($author);
 		}
 		if ($event->getObjectType() === ActivityManager::DECK_OBJECT_BOARD) {
-			if (!$this->activityManager->canSeeBoardActivity($event->getObjectId())) {
+			if (!$this->activityManager->canSeeBoardActivity($event->getObjectId(), $event->getAffectedUser())) {
 				throw new \InvalidArgumentException();
 			}
 			if (isset($subjectParams['board']) && $event->getObjectName() === '') {
@@ -128,7 +128,7 @@ class DeckProvider implements IProvider {
 		}
 
 		if (isset($subjectParams['card']) && $event->getObjectType() === ActivityManager::DECK_OBJECT_CARD) {
-			if (!$this->activityManager->canSeeCardActivity($event->getObjectId())) {
+			if (!$this->activityManager->canSeeCardActivity($event->getObjectId(), $event->getAffectedUser())) {
 				throw new \InvalidArgumentException();
 			}
 			if ($event->getObjectName() === '') {