diff --git a/models/repo_permission.go b/models/repo_permission.go
index 9dd7cc559d2c9..c5a8ad9ddde07 100644
--- a/models/repo_permission.go
+++ b/models/repo_permission.go
@@ -23,25 +23,49 @@ func (p *Permission) IsAdmin() bool {
 
 // HasAccess returns true if the current user has at least read access to any unit of this repository
 func (p *Permission) HasAccess() bool {
+	for _, u := range p.Units {
+		if u.AllowAnonymous {
+			return true
+		}
+	}
+
 	if p.UnitsMode == nil {
 		return p.AccessMode >= AccessModeRead
 	}
 	return len(p.UnitsMode) > 0
 }
 
-// UnitAccessMode returns current user accessmode to the specify unit of the repository
+// UnitAccessMode returns the unit's minial accessmode to be accessed
 func (p *Permission) UnitAccessMode(unitType UnitType) AccessMode {
-	if p.UnitsMode == nil {
-		for _, u := range p.Units {
-			if u.Type == unitType {
-				return p.AccessMode
+	var found bool
+	for _, u := range p.Units {
+		if u.Type == unitType {
+			if u.AllowAnonymous {
+				return AccessModeRead
 			}
+			found = true
+		}
+	}
+
+	if p.UnitsMode == nil {
+		if found {
+			return p.AccessMode
 		}
 		return AccessModeNone
 	}
 	return p.UnitsMode[unitType]
 }
 
+// CanAnonymousAccess returns true if anonymous access is enabled
+func (p *Permission) CanAnonymousAccess(unitType UnitType) bool {
+	for _, u := range p.Units {
+		if u.Type == unitType {
+			return u.AllowAnonymous
+		}
+	}
+	return false
+}
+
 // CanAccess returns true if user has mode access to the unit of the repository
 func (p *Permission) CanAccess(mode AccessMode, unitType UnitType) bool {
 	return p.UnitAccessMode(unitType) >= mode
@@ -96,22 +120,19 @@ func GetUserRepoPermission(repo *Repository, user *User) (Permission, error) {
 }
 
 func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permission, err error) {
-	// anonymous user visit private repo.
-	// TODO: anonymous user visit public unit of private repo???
-	if user == nil && repo.IsPrivate {
-		perm.AccessMode = AccessModeNone
-		return
-	}
-
+	// always load repo unit so that we can read unit's allow_anonymous
 	if err = repo.getUnits(e); err != nil {
 		return
 	}
-
 	perm.Units = repo.Units
 
-	// anonymous visit public repo
+	// for anonymous user
 	if user == nil {
-		perm.AccessMode = AccessModeRead
+		if repo.IsPrivate {
+			perm.AccessMode = AccessModeNone
+		} else {
+			perm.AccessMode = AccessModeRead
+		}
 		return
 	}
 
diff --git a/models/repo_unit.go b/models/repo_unit.go
index 430f5a242ff55..79267006d0803 100644
--- a/models/repo_unit.go
+++ b/models/repo_unit.go
@@ -16,11 +16,12 @@ import (
 
 // RepoUnit describes all units of a repository
 type RepoUnit struct {
-	ID          int64
-	RepoID      int64           `xorm:"INDEX(s)"`
-	Type        UnitType        `xorm:"INDEX(s)"`
-	Config      core.Conversion `xorm:"TEXT"`
-	CreatedUnix util.TimeStamp  `xorm:"INDEX CREATED"`
+	ID             int64
+	RepoID         int64           `xorm:"INDEX(s)"`
+	Type           UnitType        `xorm:"INDEX(s)"`
+	Config         core.Conversion `xorm:"TEXT"`
+	AllowAnonymous bool
+	CreatedUnix    util.TimeStamp `xorm:"INDEX CREATED"`
 }
 
 // UnitConfig describes common unit config
diff --git a/modules/auth/repo_form.go b/modules/auth/repo_form.go
index ff64d9a56b7fc..90cda80f791d7 100644
--- a/modules/auth/repo_form.go
+++ b/modules/auth/repo_form.go
@@ -117,6 +117,8 @@ type RepoSettingForm struct {
 	EnableTimetracker                bool
 	AllowOnlyContributorsToTrackTime bool
 	EnableIssueDependencies          bool
+	AllowAnonymousIssues             bool
+	AllowAnonymousWiki               bool
 	IsArchived                       bool
 
 	// Admin settings
diff --git a/modules/context/repo.go b/modules/context/repo.go
index f9e366ed487ab..b80f87969e0e5 100644
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -219,7 +219,7 @@ func repoAssignment(ctx *Context, repo *models.Repository) {
 	}
 
 	// Check access.
-	if ctx.Repo.Permission.AccessMode == models.AccessModeNone {
+	if !ctx.Repo.Permission.HasAccess() {
 		if ctx.Query("go-get") == "1" {
 			EarlyResponseForGoGetMeta(ctx)
 			return
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 2d32fac9c7342..5abf6d422341a 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1021,6 +1021,8 @@ settings.tracker_issue_style = External Issue Tracker Number Format
 settings.tracker_issue_style.numeric = Numeric
 settings.tracker_issue_style.alphanumeric = Alphanumeric
 settings.tracker_url_format_desc = Use the placeholders <code>{user}</code>, <code>{repo}</code> and <code>{index}</code> for the username, repository name and issue index.
+settings.anonymous_access_issues = Allow Anonymous Access To Issues
+settings.anonymous_access_wiki = Allow Anonymous Access To Wiki
 settings.enable_timetracker = Enable Time Tracking
 settings.allow_only_contributors_to_track_time = Let Only Contributors Track Time
 settings.pulls_desc = Enable Repository Pull Requests
diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index 4fb74f6cfa71e..02b008bf386a9 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -178,9 +178,10 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
 				})
 			} else {
 				units = append(units, models.RepoUnit{
-					RepoID: repo.ID,
-					Type:   models.UnitTypeWiki,
-					Config: new(models.UnitConfig),
+					RepoID:         repo.ID,
+					Type:           models.UnitTypeWiki,
+					Config:         new(models.UnitConfig),
+					AllowAnonymous: form.AllowAnonymousWiki,
 				})
 			}
 		}
@@ -215,6 +216,7 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
 						AllowOnlyContributorsToTrackTime: form.AllowOnlyContributorsToTrackTime,
 						EnableDependencies:               form.EnableIssueDependencies,
 					},
+					AllowAnonymous: form.AllowAnonymousIssues,
 				})
 			}
 		}
diff --git a/routers/repo/view.go b/routers/repo/view.go
index 872dc5fa3a4df..638cac1108827 100644
--- a/routers/repo/view.go
+++ b/routers/repo/view.go
@@ -299,12 +299,15 @@ func Home(ctx *context.Context) {
 		var firstUnit *models.Unit
 		for _, repoUnit := range ctx.Repo.Units {
 			if repoUnit.Type == models.UnitTypeCode {
-				renderCode(ctx)
-				return
+				if ctx.Repo.CanRead(models.UnitTypeCode) {
+					renderCode(ctx)
+					return
+				}
+				continue
 			}
 
 			unit, ok := models.Units[repoUnit.Type]
-			if ok && (firstUnit == nil || !firstUnit.IsLessThan(unit)) {
+			if ok && ctx.Repo.CanRead(repoUnit.Type) && (firstUnit == nil || !firstUnit.IsLessThan(unit)) {
 				firstUnit = &unit
 			}
 		}
diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index e5a3ce0752a03..347aa80884d28 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -104,13 +104,23 @@
 				<div class="field {{if not $isWikiEnabled}}disabled{{end}}" id="wiki_box">
 					<div class="field">
 						<div class="ui radio checkbox">
-							<input class="hidden enable-system-radio" tabindex="0" name="enable_external_wiki" type="radio" value="false" data-target="#external_wiki_box" {{if not (.Repository.UnitEnabled $.UnitTypeExternalWiki)}}checked{{end}}/>
+							<input class="hidden enable-system-radio" tabindex="0" name="enable_external_wiki" type="radio" value="false" data-context="#internal_wiki_box" data-target="#external_wiki_box" {{if not (.Repository.UnitEnabled $.UnitTypeExternalWiki)}}checked{{end}}/>
 							<label>{{.i18n.Tr "repo.settings.use_internal_wiki"}}</label>
 						</div>
 					</div>
+					<div class="field {{if (.Repository.UnitEnabled $.UnitTypeExternalWiki)}}disabled{{end}}" id="internal_wiki_box">
+						{{if .Repository.IsPrivate}}
+							<div class="field">
+								<div class="ui checkbox">
+									<input name="allow_anonymous_wiki" type="checkbox" {{if .Permission.CanAnonymousAccess $.UnitTypeWiki}}checked{{end}}>
+									<label>{{.i18n.Tr "repo.settings.anonymous_access_wiki"}}</label>
+								</div>
+							</div>
+						{{end}}
+					</div>
 					<div class="field">
 						<div class="ui radio checkbox">
-							<input class="hidden enable-system-radio" tabindex="0" name="enable_external_wiki" type="radio" value="true" data-target="#external_wiki_box" {{if .Repository.UnitEnabled $.UnitTypeExternalWiki}}checked{{end}}/>
+							<input class="hidden enable-system-radio" tabindex="0" name="enable_external_wiki" type="radio" value="true" data-context="#internal_wiki_box" data-target="#external_wiki_box" {{if .Repository.UnitEnabled $.UnitTypeExternalWiki}}checked{{end}}/>
 							<label>{{.i18n.Tr "repo.settings.use_external_wiki"}}</label>
 						</div>
 					</div>
@@ -159,6 +169,14 @@
 									<label>{{.i18n.Tr "repo.issues.dependency.setting"}}</label>
 								</div>
 							</div>
+							{{if .Repository.IsPrivate}}
+								<div class="field">
+									<div class="ui checkbox">
+										<input name="allow_anonymous_issues" type="checkbox" {{if .Permission.CanAnonymousAccess $.UnitTypeIssues}}checked{{end}}>
+										<label>{{.i18n.Tr "repo.settings.anonymous_access_issues"}}</label>
+									</div>
+								</div>
+							{{end}}
 					</div>
 					<div class="field">
 						<div class="ui radio checkbox">