diff --git a/controllers/public/proposals_discussion_plugin_public_controller.rb b/controllers/public/proposals_discussion_plugin_public_controller.rb
index 2ce0ee2..491f502 100644
--- a/controllers/public/proposals_discussion_plugin_public_controller.rb
+++ b/controllers/public/proposals_discussion_plugin_public_controller.rb
@@ -2,13 +2,14 @@ class ProposalsDiscussionPluginPublicController < ApplicationController
 
   needs_profile
 
+  before_filter :check_permission
+
   def load_proposals
-    @holder = profile.articles.find(params[:holder_id])
     page = (params[:page] || 1).to_i
     set_rand_cookie if page == 1
     order = params[:order]
 
-    @proposals = order_proposals(@holder.proposals.public, order)
+    @proposals = order_proposals(@holder.proposals.published, order)
     @proposals = @proposals.page(page).per_page(4)
 
     render :partial => 'content_viewer/proposals_list_content', :locals => {:proposals => @proposals, :holder => @holder, :page => page+1, :order => order}
@@ -16,6 +17,11 @@ class ProposalsDiscussionPluginPublicController < ApplicationController
 
   private
 
+  def check_permission
+    @holder = profile.articles.find(params[:holder_id])
+    render_access_denied unless @holder.display_to?(user)
+  end
+
   def order_proposals(proposals, order)
     case order
     when 'alphabetical'
diff --git a/test/functional/proposals_discussion_plugin_public_controller_test.rb b/test/functional/proposals_discussion_plugin_public_controller_test.rb
index 189991b..822d151 100644
--- a/test/functional/proposals_discussion_plugin_public_controller_test.rb
+++ b/test/functional/proposals_discussion_plugin_public_controller_test.rb
@@ -76,4 +76,23 @@ class ProposalsDiscussionPluginPublicControllerTest < ActionController::TestCase
     assert_equal [proposal3, proposal1, proposal2], assigns(:proposals)
   end
 
+  should 'load proposals when profile is private and the user is a member' do
+    person = create_user.person
+    login_as(person.identifier)
+    profile.add_member(person)
+    profile.update_attribute(:public_profile, false)
+
+    proposals = 3.times.map { fast_create(ProposalsDiscussionPlugin::Proposal, :name => 'proposal title', :abstract => 'proposal abstract', :profile_id => profile.id, :parent_id => topic.id)}
+    get :load_proposals, :profile => profile.identifier, :holder_id => topic.id
+    assert_equivalent proposals, assigns(:proposals)
+  end
+
+  should 'not load proposals when profile is private and user is not logged' do
+    logout
+    profile.update_attribute(:public_profile, false)
+    proposals = 3.times.map { fast_create(ProposalsDiscussionPlugin::Proposal, :name => 'proposal title', :abstract => 'proposal abstract', :profile_id => profile.id, :parent_id => topic.id)}
+    get :load_proposals, :profile => profile.identifier, :holder_id => topic.id
+    assert_equal nil, assigns(:proposals)
+  end
+
 end
--
libgit2 0.21.2