diff --git a/views.py b/views.py
index 237626b221..fd8f2cfe8d 100644
--- a/views.py
+++ b/views.py
@@ -9,6 +9,7 @@ from django.views.decorators.csrf import csrf_protect
 from auth.forms import AuthenticationForm, PasswordResetForm, SetPasswordForm, PasswordChangeForm
 from auth.tokens import default_token_generator
 
+from pysearpc import SearpcError
 from seaserv import cclient, ccnet_rpc, get_groups, get_users, get_repos, \
     get_repo, get_commits, get_branches, \
     seafserv_threaded_rpc, seafserv_rpc, get_binding_peerids, get_ccnetuser
@@ -161,33 +162,36 @@ def validate_emailuser(email):
     
     return False
 
-@login_required
 def repo(request, repo_id):
-    # if user is not staff and not owner and not fetch this repo
+    # get repo web access property, if no repo access property in db, then
+    # assume repo ap is 'own'
+    repo_ap = seafserv_threaded_rpc.repo_query_access_property(repo_id)
+    if repo_ap == None:
+        repo_ap = 'own'
+        
+    # if repo is 'own' and user is not staff and is not owner
     # and not shared this repo, then goto 404 page..
-    if not validate_owner(request, repo_id) and not check_shared_repo(request, repo_id) \
-            and not request.user.is_staff:
+    if cmp(repo_ap, 'own') == 0 and not validate_owner(request, repo_id) \
+            and not check_shared_repo(request, repo_id) and not request.user.is_staff:
         raise Http404
 
     repo = get_repo(repo_id)
-
+    if repo == None:
+        raise Http404
+    
     recent_commits = get_commits(repo_id, 0, 3)
 
-    token = ""
     is_owner = False
-    repo_ap = ""
-    
     if request.user.is_authenticated():
         if validate_owner(request, repo_id):
             is_owner = True
-            token = seafserv_threaded_rpc.get_repo_token(repo_id)
-        repo_ap = seafserv_threaded_rpc.repo_query_access_property(repo_id)
-        repo_size = seafserv_threaded_rpc.server_repo_size(repo_id)
+
+    repo_size = seafserv_threaded_rpc.server_repo_size(repo_id)
 
     dirs = []
     if not repo.props.encrypted:
         if not request.GET.get('root_id'):
-            # ..use HEAD commit's root id
+            # use HEAD commit's root id
             commit = seafserv_rpc.get_commit(repo.props.head_cmmt_id)
             root_id = commit.props.root_id
         else:
@@ -209,7 +213,6 @@ def repo(request, repo_id):
             "is_owner": is_owner,
             "repo_ap": repo_ap,
             "repo_size": repo_size,
-            "token": token,
             "dirs": dirs,
             }, context_instance=RequestContext(request))
 
@@ -371,7 +374,6 @@ def repo_list_dir(request, repo_id):
             },
             context_instance=RequestContext(request))
 
-@login_required
 def repo_operation_file(request, op, repo_id, obj_id):
     if repo_id:
         # any person visit private repo, go to 404 page