diff --git a/NEWS.mdtext b/NEWS.mdtext
index 93e687c..4d37b1f 100644
--- a/NEWS.mdtext
+++ b/NEWS.mdtext
@@ -1,3 +1,12 @@
+# InDefero 1.3.3 - xxx xxx xx xx:xx 2012 UTC
+
+## Bugfixes
+
+- If an anonymous or authenticated user had no access
+  to any project in a forge, all projects were listed
+  for him (but still no one was actually accessible).
+  This has been fixed. 
+
 # InDefero 1.3.2 - Wed May 09 20:05 2012 UTC
 
 ## Bugfixes
diff --git a/src/IDF/Views.php b/src/IDF/Views.php
index bcc1492..b56cb5f 100644
--- a/src/IDF/Views.php
+++ b/src/IDF/Views.php
@@ -443,10 +443,12 @@ class IDF_Views
         }
 
         $projectIds = self::getUserVisibleProjectIds($user);
-        if (count($projectIds) > 0) {
-            $sql->SAnd(new Pluf_SQL(sprintf($db->pfx.'idf_projects.id IN (%s)', implode(', ', $projectIds))));
+        if (count($projectIds) == 0) {
+            return new ArrayObject();
         }
 
+        $sql->SAnd(new Pluf_SQL(sprintf($db->pfx.'idf_projects.id IN (%s)', implode(', ', $projectIds))));
+
         $orderTypes = array(
             'name' => 'name ASC',
             'activity' => 'value DESC, name ASC',
@@ -470,10 +472,12 @@ class IDF_Views
         $sql = new Pluf_SQL('project IS NULL');
 
         $projectIds = self::getUserVisibleProjectIds($user);
-        if (count($projectIds) > 0) {
-            $sql->SAnd(new Pluf_SQL(sprintf('idf_project_id IN (%s)', implode(', ', $projectIds))));
+        if (count($projectIds) == 0) {
+            return new ArrayObject();
         }
 
+        $sql->SAnd(new Pluf_SQL(sprintf('idf_project_id IN (%s)', implode(', ', $projectIds))));
+
         $tagList = Pluf::factory('IDF_Tag')->getList(array(
             'filter' => $sql->gen(),
             'view' => 'join_projects',