diff --git a/src/main/scala/gitbucket/core/ssh/GitCommand.scala b/src/main/scala/gitbucket/core/ssh/GitCommand.scala
index e3078e6..ca1e021 100644
--- a/src/main/scala/gitbucket/core/ssh/GitCommand.scala
+++ b/src/main/scala/gitbucket/core/ssh/GitCommand.scala
@@ -95,6 +95,24 @@
     }
   }
 
+  protected def isReadableUser(authType: AuthType, repositoryInfo: RepositoryService.RepositoryInfo)
+                              (implicit session: Session): Boolean = {
+    authType match {
+      case AuthType.UserAuthType(username) => {
+        getAccountByUserName(username) match {
+          case Some(account) => hasGuestRole(owner, repoName, Some(account))
+          case None => false
+        }
+      }
+      case AuthType.DeployKeyType(key) => {
+        getDeployKeys(owner, repoName).filter(sshKey => SshUtil.str2PublicKey(sshKey.publicKey).exists(_ == key)) match {
+          case List(_) => true
+          case _ => false
+        }
+      }
+    }
+  }
+
   protected def isWritableUser(authType: AuthType, repositoryInfo: RepositoryService.RepositoryInfo)
                               (implicit session: Session): Boolean = {
     authType match {
@@ -106,7 +124,7 @@
       }
       case AuthType.DeployKeyType(key) => {
         getDeployKeys(owner, repoName).filter(sshKey => SshUtil.str2PublicKey(sshKey.publicKey).exists(_ == key)) match {
-          case List(_) => true
+          case List(x) if x.allowWrite => true
           case _ => false
         }
       }
@@ -122,7 +140,7 @@
   override protected def runTask(authType: AuthType): Unit = {
     val execute = Database() withSession { implicit session =>
       getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", "")).map { repositoryInfo =>
-        !repositoryInfo.repository.isPrivate || isWritableUser(authType, repositoryInfo)
+        !repositoryInfo.repository.isPrivate || isReadableUser(authType, repositoryInfo)
       }.getOrElse(false)
     }