diff --git a/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs b/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs
index 38f46d9e7..c638153f0 100644
--- a/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs
+++ b/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs
@@ -207,6 +207,9 @@ namespace Orchard.Core.Contents.Controllers {
         [HttpPost, ActionName("Create")]
         [FormValueRequired("submit.Publish")]
         public ActionResult CreateAndPublishPOST(string id) {
+            if (!Services.Authorizer.Authorize(Permissions.PublishOwnContent, T("Couldn't create content")))
+                return new HttpUnauthorizedResult();
+
             return CreatePOST(id, contentItem => _contentManager.Publish(contentItem));
         }
 
@@ -259,6 +262,14 @@ namespace Orchard.Core.Contents.Controllers {
         [HttpPost, ActionName("Edit")]
         [FormValueRequired("submit.Publish")]
         public ActionResult EditAndPublishPOST(int id, string returnUrl) {
+            var content = _contentManager.Get(id, VersionOptions.DraftRequired);
+
+            if (content == null)
+                return HttpNotFound();
+
+            if (!Services.Authorizer.Authorize(Permissions.PublishOthersContent, content, T("Couldn't publish content")))
+                return new HttpUnauthorizedResult();
+
             return EditPOST(id, returnUrl, contentItem => _contentManager.Publish(contentItem));
         }
 
diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs b/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs
index b91169970..d60e3e56d 100644
--- a/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs
+++ b/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs
@@ -53,6 +53,9 @@ namespace Orchard.Blogs.Controllers {
         [HttpPost, ActionName("Create")]
         [FormValueRequired("submit.Publish")]
         public ActionResult CreateAndPublishPOST() {
+            if (!Services.Authorizer.Authorize(Permissions.PublishOwnBlogPost, T("Couldn't create blog post")))
+                return new HttpUnauthorizedResult();
+
             return CreatePOST(contentItem => Services.ContentManager.Publish(contentItem));
         }
 
@@ -109,6 +112,18 @@ namespace Orchard.Blogs.Controllers {
         [HttpPost, ActionName("Edit")]
         [FormValueRequired("submit.Publish")]
         public ActionResult EditAndPublishPOST(int blogId, int postId, string returnUrl) {
+            var blog = _blogService.Get(blogId, VersionOptions.Latest);
+            if (blog == null)
+                return HttpNotFound();
+
+            // Get draft (create a new version if needed)
+            var blogPost = _blogPostService.Get(postId, VersionOptions.DraftRequired);
+            if (blogPost == null)
+                return HttpNotFound();
+
+            if (!Services.Authorizer.Authorize(Permissions.PublishOwnBlogPost, blogPost, T("Couldn't publish blog post")))
+                return new HttpUnauthorizedResult();
+
             return EditPOST(blogId, postId, returnUrl, contentItem => Services.ContentManager.Publish(contentItem));
         }