diff --git a/server.py b/server.py
index 9bd7b07a54074b32a3a08ecdd7e86885d0e30a78..d9726542406f850d3b3ac2b58aecf162e44c9666 100644
--- a/server.py
+++ b/server.py
@@ -116,6 +116,8 @@ def evalperm(perms):
 
 @app.template_filter()
 def checkperm(perms, username=None, password=None):
+	if ismod():
+		return True
 	perms = evalperm(perms)
 	for perm in perms:
 		if perm['type'] == 'public':
@@ -501,7 +503,7 @@ def auth(): # For use with nginx auth_request
 		return 'Internal Server Error', 500
 	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
 	ip = request.headers.get('X-Real-IP', '')
-	if url.endswith('jpg'):
+	if url.endswith('jpg') or ismod():
 		return "OK", 200
 	perms = query('''SELECT videos.path, videos.id AS vid, perm.*
       FROM videos
@@ -509,10 +511,9 @@ def auth(): # For use with nginx auth_request
       JOIN courses ON (lectures.course_id = courses.id)
 			LEFT JOIN perm ON (videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id)
       WHERE videos.path = ?
-      AND (? OR (courses.visible AND lectures.visible AND videos.visible))
+      AND (courses.visible AND lectures.visible AND videos.visible)
 			ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
-			url, ismod())
-
+			url)
 	if not perms:
 		return "Not allowed", 403
 	auth = request.authorization