diff --git a/lib/Controller/BoardApiController.php b/lib/Controller/BoardApiController.php
index 7859ea9cd..30296e150 100644
--- a/lib/Controller/BoardApiController.php
+++ b/lib/Controller/BoardApiController.php
@@ -75,7 +75,7 @@ class BoardApiController extends ApiController {
 	 *
 	 * Return the board specified by $this->request->getParam('boardId').
 	 */
-	public function get() {				
+	public function get() {
 
 		if (is_numeric($this->request->getParam('boardId')) === false) {
 			return new DataResponse('board id must be a number', HTTP::STATUS_BAD_REQUEST);
diff --git a/tests/unit/controller/BoardApiControllerTest.php b/tests/unit/controller/BoardApiControllerTest.php
index 0ed9915b7..1cd0f84ba 100644
--- a/tests/unit/controller/BoardApiControllerTest.php
+++ b/tests/unit/controller/BoardApiControllerTest.php
@@ -36,6 +36,7 @@ class BoardApiControllerTest extends \Test\TestCase {
 	private $controller;
 	private $boardService;
 	private $exampleBoard;
+	private $deniedBoard;
 
 	public function setUp() {
 		parent::setUp();					
@@ -51,7 +52,12 @@ class BoardApiControllerTest extends \Test\TestCase {
 
 		$this->exampleBoard['id'] = 1;
 		$this->exampleBoard['title'] = 'titled';
-		$this->exampleBoard['color'] = '000000';		
+		$this->exampleBoard['color'] = '000000';
+
+		$this->deniedBoard['id'] = 2;
+		$this->deniedBoard['owner'] = 'someone else';
+		$this->deniedBoard['title'] = 'titled';
+		$this->deniedBoard['color'] = '000000';
 	}
 
 	public function testIndex() {
@@ -113,6 +119,32 @@ class BoardApiControllerTest extends \Test\TestCase {
 
 		$this->assertEquals($expected, $actual);
 	}
+
+	public function testGetNoPermission() {
+
+		$board = new Board();
+		$board->setId($this->deniedBoard['id']);
+		$board->setOwner($this->deniedBoard['owner']);
+		$this->boardService->expects($this->once())
+			->method('find')
+			->willReturn($board);
+
+		// permission service check.
+		// ------ there be dragons here -----
+		// $this->permissionsService->expect($this->once())
+		// 	->method('matchPermissions')
+		// 	->with($board)
+		// 	->will($this->)
+
+		$this->request->expects($this->any())
+			->method('getParam')
+			->with('boardId')
+			->will($this->returnValue('999'));
+
+		$expected = new DataResponse("Access Denied: User has no access rights to board", HTTP::STATUS_FORBIDDEN);
+		$actual = $this->controller->get();
+		$this->assertEquals($expected, $actual);
+	}
 	
 	public function testCreate() {
 		$board = new Board();