diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index a86084528..25e1bf487 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -64,5 +64,6 @@ class Kernel extends HttpKernel {
         'permission' => \Laratrust\Middleware\Permission::class,
         'ability' => \Laratrust\Middleware\Ability::class,
         'toggle' => \App\Http\Middleware\FeatureToggles::class,
+        'event_visibility' => \App\Http\Middleware\EventViewPolicy::class,
     ];
 }
diff --git a/app/Http/Middleware/EventViewPolicy.php b/app/Http/Middleware/EventViewPolicy.php
new file mode 100644
index 000000000..a1535b6aa
--- /dev/null
+++ b/app/Http/Middleware/EventViewPolicy.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Event;
+use App\EventRegistration;
+use Auth;
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Route;
+use Symfony\Component\HttpFoundation\Response;
+
+class EventViewPolicy {
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response {
+        $event_id = null;
+        $route = Route::current();
+
+        if ($route->getName() == 'viewEvent') {
+            $event_id = $request->route('id');
+        } elseif ($route->getName() == 'signupForEvent') {
+            $event_id = $request->event_id;
+        } elseif ($route->getName() == 'unSignupForEvent') {
+            $event_registration = EventRegistration::find($request->route('id'));
+            if (!is_null($event_registration)) {
+                $event_id = $event_registration->event_id;
+            }
+        }
+        $event = Event::find($event_id);
+
+        if (is_null($event) || ($event->status == 0 && !Auth::user()->hasPermission('events'))) {
+            abort(404, 'Not found');
+        }
+        
+        return $next($request);
+    }
+}
diff --git a/routes/web.php b/routes/web.php
index 39f42f6cb..ac84c7db2 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -95,10 +95,14 @@
         Route::post('/ticket/{id}', 'TrainingDash@addStudentComments')->name('addStudentComments');
         Route::get('/profile/feedback-details/{id}', 'ControllerDash@showFeedbackDetails');
         Route::get('/profile/trainer-feedback-details/{id}', 'ControllerDash@showTrainerFeedbackDetails');
-        Route::get('/events', 'ControllerDash@showEvents');
-        Route::get('/events/view/{id}', 'ControllerDash@viewEvent');
-        Route::post('/events/view/signup', 'ControllerDash@signupForEvent')->name('signupForEvent');
-        Route::get('/events/view/{id}/un-signup', 'ControllerDash@unsignupForEvent');
+        Route::prefix('events')->group(function () {
+            Route::get('/', 'ControllerDash@showEvents');
+            Route::prefix('view')->middleware('event_visibility')->group(function () {
+                Route::get('/{id}', 'ControllerDash@viewEvent')->name('viewEvent');
+                Route::post('/signup', 'ControllerDash@signupForEvent')->name('signupForEvent');
+                Route::get('/{id}/un-signup', 'ControllerDash@unsignupForEvent')->name('unSignupForEvent');
+            });
+        });
         Route::get('/scenery', 'ControllerDash@sceneryIndex');
         Route::get('/scenery/view/{id}', 'ControllerDash@showScenery');
         Route::post('/scenery/search', 'ControllerDash@searchScenery');