diff --git a/routes/api/tracks.js b/routes/api/tracks.js
index f2f22dd..e61554d 100644
--- a/routes/api/tracks.js
+++ b/routes/api/tracks.js
@@ -180,6 +180,7 @@ router.get('/', auth.optional, function(req, res, next) {
         .skip(Number(offset))
         .sort({createdAt: 'desc'})
         .populate('author')
+        .where('visibleForAll || author == user')
         .exec(),
       Track.countDocuments(query).exec(),
       req.payload ? User.findById(req.payload.id) : null,
diff --git a/routes/api/users.js b/routes/api/users.js
index 4a28dda..bbaa913 100644
--- a/routes/api/users.js
+++ b/routes/api/users.js
@@ -32,7 +32,7 @@ router.put('/user', auth.required, function(req, res, next){
     if(typeof req.body.user.areTracksVisibleForAll !== 'undefined'){
       user.areTracksVisibleForAll = req.body.user.areTracksVisibleForAll;
     }
-    if(typeof req.body.user.password !== 'undefined'){
+    if(typeof req.body.user.password !== 'undefined' && req.body.user.password !='' ){
       user.setPassword(req.body.user.password);
     }