diff --git a/lib/api/v1/comments.rb b/lib/api/v1/comments.rb
index 42c6f4b..a701886 100644
--- a/lib/api/v1/comments.rb
+++ b/lib/api/v1/comments.rb
@@ -16,24 +16,27 @@ module API
         get ":id/comments" do
 
           conditions = make_conditions_with_parameter(params)
+          article = find_article(environment.articles, params[:id])
 
           if params[:reference_id]
-            comments = environment.articles.find(params[:id]).comments.send("#{params.key?(:oldest) ? 'older_than' : 'newer_than'}", params[:reference_id]).reorder("created_at DESC").find(:all, :conditions => conditions, :limit => limit)
+            comments = article.comments.send("#{params.key?(:oldest) ? 'older_than' : 'newer_than'}", params[:reference_id]).reorder("created_at DESC").find(:all, :conditions => conditions, :limit => limit)
           else
-            comments = environment.articles.find(params[:id]).comments.reorder("created_at DESC").find(:all, :conditions => conditions, :limit => limit)
+            comments = article.comments.reorder("created_at DESC").find(:all, :conditions => conditions, :limit => limit)
           end
           present comments, :with => Entities::Comment
 
         end
 
         get ":id/comments/:comment_id" do
-          present environment.articles.find(params[:id]).comments.find(params[:comment_id]), :with => Entities::Comment
+          article = find_article(environment.articles, params[:id])
+          present article.comments.find(params[:comment_id]), :with => Entities::Comment
         end
 
         # Example Request:
         #  POST api/v1/articles/12/comments?private_toke=234298743290432&body=new comment
         post ":id/comments" do
-          present environment.articles.find(params[:id]).comments.create(:author => current_person, :body => params[:body]), :with => Entities::Comment
+          article = find_article(environment.articles, params[:id])
+          present article.comments.create(:author => current_person, :body => params[:body]), :with => Entities::Comment
         end
       end
 
diff --git a/lib/api/v1/communities.rb b/lib/api/v1/communities.rb
index f19f689..707c6af 100644
--- a/lib/api/v1/communities.rb
+++ b/lib/api/v1/communities.rb
@@ -20,14 +20,14 @@ module API
           present communities, :with => Entities::Community
         end
 
-        #FIXME See only public communities
         get '/all' do
           communities = select_filtered_collection_of(environment, 'communities', params)
+          communities = communities.visible
           present communities, :with => Entities::Community
         end
 
         get ':id' do
-          community = environment.communities.find(params[:id])
+          community = environment.communities.visible.find_by_id(params[:id])
           present community, :with => Entities::Community
         end
 
diff --git a/lib/api/v1/enterprises.rb b/lib/api/v1/enterprises.rb
index ea0d765..6143140 100644
--- a/lib/api/v1/enterprises.rb
+++ b/lib/api/v1/enterprises.rb
@@ -2,7 +2,7 @@ module API
   module V1
     class Enterprises < Grape::API
       before { authenticate! }
-   
+
       resource :enterprises do
 
         # Collect comments from articles
@@ -19,14 +19,14 @@ module API
           enterprises = select_filtered_collection_of(environment, 'enterprises', params)
           present enterprises, :with => Entities::Enterprise
         end
-  
-        desc "Return the article id" 
+
+        desc "Return one environment by id"
         get ':id' do
           present environment.enterprises.find(params[:id]), :with => Entities::Enterprise
         end
 
       end
-   
+
     end
   end
 end
diff --git a/lib/api/v1/people.rb b/lib/api/v1/people.rb
index 56e55ab..988034f 100644
--- a/lib/api/v1/people.rb
+++ b/lib/api/v1/people.rb
@@ -2,7 +2,7 @@ module API
   module V1
     class People < Grape::API
       before { authenticate! }
-   
+
       resource :people do
 
         # Collect comments from articles
@@ -20,13 +20,13 @@ module API
           present people, :with => Entities::Person
         end
 
-        desc "Return the person information" 
+        desc "Return the person information"
         get '/:id' do
           present environment.people.find(params[:id]), :with => Entities::Person
         end
 
       end
-   
+
     end
   end
 end
diff --git a/test/unit/api/comments_test.rb b/test/unit/api/comments_test.rb
index fe8874d..59c3fb4 100644
--- a/test/unit/api/comments_test.rb
+++ b/test/unit/api/comments_test.rb
@@ -6,6 +6,34 @@ class CommentsTest < ActiveSupport::TestCase
     login_api
   end
 
+  should 'not list comments if user has no permission to view the source article' do
+    person = fast_create(Person)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    assert !article.published?
+
+    get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not return comment if user has no permission to view the source article' do
+    person = fast_create(Person)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    comment = article.comments.create!(:body => "another comment", :author => user.person)
+    assert !article.published?
+
+    get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not comment a article if user has no permission to view it' do
+    person = fast_create(Person)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    assert !article.published?
+
+    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
   should 'return comments of an article' do
     article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
     article.comments.create!(:body => "some comment", :author => user.person)
diff --git a/test/unit/api/communities_test.rb b/test/unit/api/communities_test.rb
new file mode 100644
index 0000000..d080032
--- /dev/null
+++ b/test/unit/api/communities_test.rb
@@ -0,0 +1,53 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class CommunitiesTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'list user communities' do
+    community1 = fast_create(Community)
+    fast_create(Community)
+    community1.add_member(user.person)
+
+    get "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [community1.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'list all communities' do
+    community1 = fast_create(Community)
+    community2 = fast_create(Community)
+
+    get "/api/v1/communities/all?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'get community' do
+    community = fast_create(Community)
+
+    get "/api/v1/communities/#{community.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal community.id, json['community']['id']
+  end
+
+  should 'not list invisible communities' do
+    community1 = fast_create(Community)
+    fast_create(Community, :visible => false)
+
+    get "/api/v1/communities/all?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [community1.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'not get invisible community' do
+    community = fast_create(Community, :visible => false)
+
+    get "/api/v1/communities/#{community.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['community'].blank?
+  end
+
+end
diff --git a/test/unit/api/enterprises_test.rb b/test/unit/api/enterprises_test.rb
new file mode 100644
index 0000000..d63370f
--- /dev/null
+++ b/test/unit/api/enterprises_test.rb
@@ -0,0 +1,29 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class EnterprisesTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'list enterprises' do
+    enterprise1 = fast_create(Enterprise)
+    enterprise2 = fast_create(Enterprise)
+
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_includes json.map {|c| c['id']}, enterprise1.id
+    assert_includes json.map {|c| c['id']}, enterprise2.id
+  end
+
+  should 'return one enterprise by id' do
+    enterprise = fast_create(Enterprise)
+
+    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal enterprise.id, json['id']
+  end
+
+end
diff --git a/test/unit/api/people_test.rb b/test/unit/api/people_test.rb
new file mode 100644
index 0000000..9a684b0
--- /dev/null
+++ b/test/unit/api/people_test.rb
@@ -0,0 +1,29 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class PeopleTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'list persons' do
+    person1 = fast_create(Person)
+    person2 = fast_create(Person)
+
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_includes json.map {|c| c['id']}, person1.id
+    assert_includes json.map {|c| c['id']}, person2.id
+  end
+
+  should 'return one person by id' do
+    person = fast_create(Person)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal person.id, json['id']
+  end
+
+end
--
libgit2 0.21.2