diff --git a/src/routes/guilds/#guild_id/welcome_screen.ts b/src/routes/guilds/#guild_id/welcome_screen.ts
index 213aad80..ff25b37c 100644
--- a/src/routes/guilds/#guild_id/welcome_screen.ts
+++ b/src/routes/guilds/#guild_id/welcome_screen.ts
@@ -3,22 +3,25 @@ import { GuildModel, getPermission, toObject, Snowflake } from "@fosscord/server
 import { HTTPError } from "lambert-server";
 import { emitEvent } from "../../../util/Event";
 import { check } from "../../../util/instanceOf";
+import { isMember } from "../../../util/Member";
 import { GuildAddChannelToWelcomeScreenSchema } from "../../../schema/Guild";
 import { getPublicUser } from "../../../util/User";
 
 const router: Router = Router();
 
 router.get("/", async (req: Request, res: Response) => {
-	const guild_id = req.params.id;
+	const guild_id = req.params.guild_id;
 
 	const guild = await GuildModel.findOne({ id: guild_id });
 	if (!guild) throw new HTTPError("Guild not found", 404);
 
+	if(!isMember(req.user_id, guild_id)) throw new HTTPError("You are not member of this guild", 403);
+
 	res.json(toObject(guild.welcome_screen));
 });
 
 router.post("/", check(GuildAddChannelToWelcomeScreenSchema), async (req: Request, res: Response) => {
-	const guild_id = req.params.id;
+	const guild_id = req.params.guild_id;
 	const body = req.body as GuildAddChannelToWelcomeScreenSchema;
 
 	const guild = await GuildModel.findOne({ id: guild_id }).exec();
@@ -28,6 +31,11 @@ router.post("/", check(GuildAddChannelToWelcomeScreenSchema), async (req: Reques
 		...body
 	}
 
+	if(!isMember(req.user_id, guild_id)) throw new HTTPError("You are not member of this guild", 403);
+	const perms = await getPermission(req.user_id, guild_id);
+	perms.hasThrow("MANAGE_GUILD");
+
+	if(!guild.welcome_screen.enabled) throw new HTTPError("Welcome screen disabled", 400);
 	if(guild.welcome_screen.welcome_channels.some(channel => channel.channel_id === body.channel_id)) throw new Error("Welcome Channel exists")