diff --git a/app/controllers/forms.server.controller.js b/app/controllers/forms.server.controller.js
index 8e99beb2..16ada7c4 100644
--- a/app/controllers/forms.server.controller.js
+++ b/app/controllers/forms.server.controller.js
@@ -136,6 +136,11 @@ exports.create = function(req, res) {
  * Show the current form
  */
 exports.read = function(req, res) {
+	if(!req.user || (req.form.admin._id !== req.user._id) ){
+		console.log("readForRender");	
+		readForRender(req, res);
+	} else {
+	
 	FormSubmission.find({ form: req.form._id }).exec(function(err, _submissions) {
 		if (err) {
 			res.status(400).send({
@@ -156,6 +161,7 @@ exports.read = function(req, res) {
 		}
 		return res.json(newForm);
 	});
+	}
 };
 
 /**
@@ -169,9 +175,8 @@ exports.uploadTemp = function(req, res) {
 /**
  * Show the current form for rendering form live
  */
-exports.readForRender = function(req, res) {
+var readForRender = exports.readForRender = function(req, res) {
 	var newForm = req.form.toJSON();
-
 	if (!newForm.isLive && !req.user) {
 		return res.status(401).send({
 			message: 'Form is Not Public'
@@ -181,7 +186,6 @@ exports.readForRender = function(req, res) {
 	//Remove extraneous fields from form object
 	delete newForm.submissions;
 	delete newForm.analytics;
-	delete newForm.isLive;
 	delete newForm.admin;
 
 	if(!newForm.startPage.showStart){
diff --git a/app/routes/forms.server.routes.js b/app/routes/forms.server.routes.js
index 68a14742..b347989d 100644
--- a/app/routes/forms.server.routes.js
+++ b/app/routes/forms.server.routes.js
@@ -13,7 +13,7 @@ module.exports = function(app) {
 		.post(auth.isAuthenticatedOrApiKey, forms.create);
 
 	app.route('/forms/:formId([a-zA-Z0-9]+)')
-		.get(auth.isAuthenticatedOrApiKey, forms.hasAuthorization, forms.read)
+		.get(forms.read)
 		.post(forms.createSubmission)
 		.put(auth.isAuthenticatedOrApiKey, forms.hasAuthorization, forms.update)
 		.delete(auth.isAuthenticatedOrApiKey, forms.hasAuthorization, forms.delete);