diff --git a/controllers/profile/proposals_discussion_plugin_profile_controller.rb b/controllers/profile/proposals_discussion_plugin_profile_controller.rb
index c991db2..2357728 100644
--- a/controllers/profile/proposals_discussion_plugin_profile_controller.rb
+++ b/controllers/profile/proposals_discussion_plugin_profile_controller.rb
@@ -1,7 +1,16 @@
 class ProposalsDiscussionPluginProfileController < ProfileController
 
+  before_filter :check_access_to_profile
+
   def export
-    @comments = profile.articles.find(params[:article_id]).proposals_comments
+    @comments = @target.proposals_comments
+  end
+
+  protected
+
+  def check_access_to_profile
+    @target = profile.articles.find(params[:article_id])
+    render_access_denied(_('You are not allowed to export data from this article')) unless @target.allow_create?(user)
   end
 
 end
diff --git a/test/functional/proposals_discussion_plugin_profile_controller_test.rb b/test/functional/proposals_discussion_plugin_profile_controller_test.rb
index e285207..69642af 100644
--- a/test/functional/proposals_discussion_plugin_profile_controller_test.rb
+++ b/test/functional/proposals_discussion_plugin_profile_controller_test.rb
@@ -13,6 +13,7 @@ class ProposalsDiscussionPluginProfileControllerTest < ActionController::TestCas
   attr_reader :profile, :discussion, :topic, :person
 
   should 'assigns comments of all proposals' do
+    discussion.class.any_instance.stubs(:allow_create?).returns(true)
     proposal1 = fast_create(ProposalsDiscussionPlugin::Proposal, :profile_id => profile.id, :parent_id => topic.id)
     proposal2 = fast_create(ProposalsDiscussionPlugin::Proposal, :profile_id => profile.id, :parent_id => topic.id)
     comment1 = fast_create(Comment, :source_id => proposal1.id)
@@ -22,4 +23,15 @@ class ProposalsDiscussionPluginProfileControllerTest < ActionController::TestCas
     assert_equivalent [comment1, comment2, comment3], assigns(:comments)
   end
 
+  should 'deny access to export when user is not logged' do
+    logout
+    get :export, :format => :csv, :article_id => discussion.id, :profile => profile.identifier
+    assert_template 'access_denied'
+  end
+
+  should 'deny access to export when user has no permission' do
+    get :export, :format => :csv, :article_id => discussion.id, :profile => profile.identifier
+    assert_template 'access_denied'
+  end
+
 end
--
libgit2 0.21.2