diff --git a/app/db.sqlite3 b/app/db.sqlite3
index 06194aeb..4051eb7f 100644
Binary files a/app/db.sqlite3 and b/app/db.sqlite3 differ
diff --git a/app/server/views.py b/app/server/views.py
index d54d2569..1457222f 100644
--- a/app/server/views.py
+++ b/app/server/views.py
@@ -107,6 +107,12 @@ class ProjectViewSet(viewsets.ModelViewSet):
     pagination_class = None
     permission_classes = (IsAuthenticated, IsAdminUserAndWriteOnly)
 
+    def get_queryset(self):
+        user = self.request.user
+        queryset = self.queryset.filter(users__id__contains=user.id)
+
+        return queryset
+
     @action(methods=['get'], detail=True)
     def progress(self, request, pk=None):
         project = self.get_object()
@@ -193,8 +199,10 @@ class AnnotationsAPI(generics.ListCreateAPIView):
         return self.serializer_class
 
     def get_queryset(self):
+        project_id = self.kwargs['project_id']
+        project = get_object_or_404(Project, pk=project_id)
         doc_id = self.kwargs['doc_id']
-        document = get_object_or_404(Document, pk=doc_id)
+        document = get_object_or_404(Document, pk=doc_id, project=project)
         self.queryset = Factory.get_annotations_by_doc(document)
 
         return self.queryset