diff --git a/models/issues/issue_project.go b/models/issues/issue_project.go
index 616bcc753e646..f722df79ce0e4 100644
--- a/models/issues/issue_project.go
+++ b/models/issues/issue_project.go
@@ -113,7 +113,7 @@ func IssueAssignOrRemoveProject(ctx context.Context, issue *Issue, doer *user_mo
 				}
 				newColumnID = newDefaultColumn.ID
 			}
-			if !newProject.CanBeAccessedByOwnerRepo(issue.Repo.OwnerID, issue.Repo.ID) {
+			if !newProject.CanBeAccessedByOwnerRepo(issue.Repo.OwnerID, issue.Repo) {
 				return util.NewPermissionDeniedErrorf("issue %d can't be accessed by project %d", issue.ID, newProject.ID)
 			}
 		}
diff --git a/models/project/project.go b/models/project/project.go
index a1cdf56eff5c4..8be38694c5223 100644
--- a/models/project/project.go
+++ b/models/project/project.go
@@ -161,9 +161,9 @@ func (p *Project) IsRepositoryProject() bool {
 	return p.Type == TypeRepository
 }
 
-func (p *Project) CanBeAccessedByOwnerRepo(ownerID, repoID int64) bool {
+func (p *Project) CanBeAccessedByOwnerRepo(ownerID int64, repo *repo_model.Repository) bool {
 	if p.Type == TypeRepository {
-		return p.RepoID == repoID // if a project belongs to a repository, then its OwnerID is 0 and can be ignored
+		return repo != nil && p.RepoID == repo.ID // if a project belongs to a repository, then its OwnerID is 0 and can be ignored
 	}
 	return p.OwnerID == ownerID && p.RepoID == 0
 }
diff --git a/routers/web/shared/project/column.go b/routers/web/shared/project/column.go
index f20f8b3b19a66..599842ea9e9bc 100644
--- a/routers/web/shared/project/column.go
+++ b/routers/web/shared/project/column.go
@@ -16,12 +16,8 @@ func MoveColumns(ctx *context.Context) {
 		ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err)
 		return
 	}
-	if project.OwnerID > 0 && project.OwnerID != ctx.ContextUser.ID {
-		ctx.NotFound("InvalidOwnerID", nil)
-		return
-	}
-	if project.RepoID > 0 && project.RepoID != ctx.Repo.Repository.ID {
-		ctx.NotFound("InvalidRepoID", nil)
+	if !project.CanBeAccessedByOwnerRepo(ctx.ContextUser.ID, ctx.Repo.Repository) {
+		ctx.NotFound("CanBeAccessedByOwnerRepo", nil)
 		return
 	}