diff --git a/app/Http/Middleware/Binder.php b/app/Http/Middleware/Binder.php
index 3d13b49de5..87fa2fe0ff 100644
--- a/app/Http/Middleware/Binder.php
+++ b/app/Http/Middleware/Binder.php
@@ -9,6 +9,9 @@ class Binder
 {
     protected $binders = [];
 
+    /**
+     * Binder constructor.
+     */
     public function __construct()
     {
         $this->binders = Domain::getBindables();
diff --git a/app/Models/Attachment.php b/app/Models/Attachment.php
index c73424d76a..4d90fc06a1 100644
--- a/app/Models/Attachment.php
+++ b/app/Models/Attachment.php
@@ -2,11 +2,13 @@
 
 namespace FireflyIII\Models;
 
+use Auth;
 use Carbon\Carbon;
 use Crypt;
 use FireflyIII\User;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\SoftDeletes;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * FireflyIII\Models\Attachment
@@ -173,4 +175,15 @@ class Attachment extends Model
         $this->attributes['notes'] = Crypt::encrypt($value);
     }
 
+    public static function routeBinder(Attachment $value)
+    {
+        if (Auth::check()) {
+
+            if ($value->user_id == Auth::user()->id) {
+                return $value;
+            }
+        }
+        throw new NotFoundHttpException;
+    }
+
 }
diff --git a/app/Models/TransactionJournal.php b/app/Models/TransactionJournal.php
index ab4ed569ec..07f4048b47 100644
--- a/app/Models/TransactionJournal.php
+++ b/app/Models/TransactionJournal.php
@@ -1,5 +1,6 @@
 <?php namespace FireflyIII\Models;
 
+use Auth;
 use Carbon\Carbon;
 use Crypt;
 use FireflyIII\Support\CacheProperties;
@@ -10,6 +11,7 @@ use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\SoftDeletes;
 use Illuminate\Database\Query\Builder;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Watson\Validating\ValidatingTrait;
 
 /**
@@ -525,4 +527,23 @@ class TransactionJournal extends Model
 
         return $this->transactionType->isOpeningBalance();
     }
+
+    /**
+     * @param $value
+     * @param $route
+     *
+     * @return mixed
+     * @throws NotFoundHttpException
+     */
+    public static function routeBinder($value, $route)
+    {
+        if (Auth::check()) {
+            $object = TransactionJournal::where('id', $value)->where('user_id', Auth::user()->id)->first();
+            if ($object) {
+                return $object;
+            }
+        }
+
+        throw new NotFoundHttpException;
+    }
 }