diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb
index f6dc9ea..c0fac24 100644
--- a/app/controllers/public/content_viewer_controller.rb
+++ b/app/controllers/public/content_viewer_controller.rb
@@ -21,6 +21,10 @@ class ContentViewerController < PublicController
       end
     end
 
+    if !@page.display_to?(user)
+      render :action => 'access_denied', :status => 403
+    end
+
     if @page.mime_type != 'text/html'
       headers['Content-Type'] = @page.mime_type
       data = @page.data
diff --git a/app/views/content_viewer/access_denied.rhtml b/app/views/content_viewer/access_denied.rhtml
new file mode 100644
index 0000000..3cabd2d
--- /dev/null
+++ b/app/views/content_viewer/access_denied.rhtml
@@ -0,0 +1,5 @@
+<h1><%= _('Access denied') %></h1>
+
+<p>
+<%= _('You are not allowed to view this content.') %>
+</p>
diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb
index e2c7828..5275826 100644
--- a/test/functional/content_viewer_controller_test.rb
+++ b/test/functional/content_viewer_controller_test.rb
@@ -229,31 +229,22 @@ class ContentViewerControllerTest < Test::Unit::TestCase
     assert_tag :tag => 'div', :attributes => { :class => 'article-tags' }, :descendant => { :content => /This article's tags:/ }
   end
 
-  should 'not display articles from private content' do
+  should 'not display forbidden articles' do
     profile.articles.create!(:name => 'test')
     profile.update_attributes!(:public_content => false)
 
+    Article.any_instance.expects(:display_to?).with(anything).returns(false)
     get :view_page, :profile => profile.identifier, :page => [ 'test' ]
     assert_response 403
   end
 
-  #should 'display articles to its owner' do
-    #profile.articles.create!(:name => 'test')
-    #profile.update_attributes!(:public_content => false)
-
-    #login_as(@profile.identifier)
-    #get :view_page, :profile => profile.identifier, :page => [ 'test' ]
-    #assert_response 200
-  #end
-
-  #should 'display articles to profile members' do
-    #c = Community.create!(:name => 'my community')
-    #c.update_attributes!(:public_content => false)
-    #c.add_member(@profile)
+  should 'display allowed articles' do
+    profile.articles.create!(:name => 'test')
+    profile.update_attributes!(:public_content => false)
 
-    #login_as(@profile.identifier)
-    #get :view_page, :profile => profile.identifier, :page => [ 'test' ]
-    #assert_response 200
-  #end
+    Article.any_instance.expects(:display_to?).with(anything).returns(true)
+    get :view_page, :profile => profile.identifier, :page => [ 'test' ]
+    assert_response 200
+  end
 
 end
--
libgit2 0.21.2