diff --git a/app/controllers/public/profile_controller.rb b/app/controllers/public/profile_controller.rb
index 40013d0..280071a 100644
--- a/app/controllers/public/profile_controller.rb
+++ b/app/controllers/public/profile_controller.rb
@@ -1,7 +1,7 @@
 class ProfileController < ApplicationController
 
   needs_profile
-  before_filter :check_public_profile
+  before_filter :check_access_to_profile
 
   helper TagsHelper
 
@@ -36,8 +36,8 @@ class ProfileController < ApplicationController
 
   protected
 
-  def check_public_profile
-    if !profile.public_profile
+  def check_access_to_profile
+    unless profile.display_info_to?(user)
       render :action => 'private_profile', :status => 403, :layout => false
     end
   end
diff --git a/app/models/profile.rb b/app/models/profile.rb
index 9186e45..8562cf5 100644
--- a/app/models/profile.rb
+++ b/app/models/profile.rb
@@ -280,4 +280,15 @@ class Profile < ActiveRecord::Base
     self.find(:all, :order => 'profiles.name', :conditions => [ 'profiles.name like (?) or profiles.name like (?)', (initial + '%'), (initial.upcase + '%') ])
   end
 
+  # returns +true+ if the given +user+ can see profile information about this
+  # +profile+, and +false+ otherwise.
+  def display_info_to?(user)
+    if self.public_profile
+      true
+    else
+      # other possibilities would come here 
+      (user == self)
+    end
+  end
+
 end
diff --git a/test/functional/profile_controller_test.rb b/test/functional/profile_controller_test.rb
index 1c6135c..8e705e9 100644
--- a/test/functional/profile_controller_test.rb
+++ b/test/functional/profile_controller_test.rb
@@ -187,8 +187,8 @@ class ProfileControllerTest < Test::Unit::TestCase
     assert_no_tag :tag => 'a', :content => 'Leave this community'
   end
 
-  should 'not display private profile' do
-    @profile.update_attributes!(:public_profile => false)
+  should 'check access before displaying profile' do
+    Person.any_instance.expects(:display_info_to?).with(anything).returns(false)
     get :index, :profile => @profile.identifier
     assert_response 403
   end
diff --git a/test/unit/profile_test.rb b/test/unit/profile_test.rb
index 29c3897..437c82b 100644
--- a/test/unit/profile_test.rb
+++ b/test/unit/profile_test.rb
@@ -483,6 +483,23 @@ class ProfileTest < Test::Unit::TestCase
     assert_equal false, p.public_content
   end
 
+  should 'not display private profile to unauthenticated user' do
+    assert !Profile.new(:public_profile => false).display_info_to?(nil)
+  end
+
+  should 'display private profile for its owner' do
+    p = Profile.new(:public_profile => false)
+    assert p.display_info_to?(p)
+  end
+
+  should 'display private profile for members' do
+    p = create_user('testuser').person
+    c = Community.create!(:name => 'my community', :public_profile => false)
+    c.add_member(p)
+
+    assert c.display_info_to?(p)
+  end
+
   private
 
   def assert_invalid_identifier(id)
--
libgit2 0.21.2