diff --git a/app/api/entities.rb b/app/api/entities.rb
index b0f44a3..e80a3ee 100644
--- a/app/api/entities.rb
+++ b/app/api/entities.rb
@@ -97,7 +97,7 @@ module Api
       root 'boxes', 'box'
       expose :id, :position
       expose :blocks, :using => Block do |box, options|
-        box.blocks.select {|block| block.visible_to_user?(options[:current_person]) }
+        box.blocks.select {|block| block.visible_to_user?(options[:current_person]) || block.allow_edit?(options[:current_person]) }
       end
     end
 
diff --git a/app/api/v1/blocks.rb b/app/api/v1/blocks.rb
index 84c3ff7..aefa370 100644
--- a/app/api/v1/blocks.rb
+++ b/app/api/v1/blocks.rb
@@ -5,7 +5,7 @@ module Api
       resource :blocks do
         get ':id' do
           block = Block.find(params["id"])
-          return forbidden! unless block.visible_to_user?(current_person)
+          return forbidden! unless block.visible_to_user?(current_person) || block.allow_edit?(current_person)
           present block, :with => Entities::Block, display_api_content: true, current_person: current_person
         end
 
diff --git a/test/api/blocks_test.rb b/test/api/blocks_test.rb
index 12128c2..de63f83 100644
--- a/test/api/blocks_test.rb
+++ b/test/api/blocks_test.rb
@@ -53,6 +53,16 @@ class BlocksTest < ActiveSupport::TestCase
     assert_equal 403, last_response.status
   end
 
+  should 'get an invisible profile block for an user with permission' do
+    profile = fast_create(Profile, public_profile: false)
+    profile.add_admin(person)
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(Block, box_id: box.id)
+    get "/api/v1/blocks/#{block.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal block.id, json["block"]["id"]
+  end
+
   should 'get a block for an user with permission in a private profile' do
     profile = fast_create(Profile, public_profile: false)
     profile.add_admin(person)
diff --git a/test/api/boxes_test.rb b/test/api/boxes_test.rb
index fe2de3e..9dec37f 100644
--- a/test/api/boxes_test.rb
+++ b/test/api/boxes_test.rb
@@ -81,6 +81,18 @@ class BoxesTest < ActiveSupport::TestCase
     assert_equal [block.id], json["boxes"].first["blocks"].map {|b| b['id']}
   end
 
+  should 'list a block with not logged in display_user for an admin user' do
+    profile = fast_create(Profile)
+    profile.add_admin(person)
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(Block, box_id: box.id)
+    block.display_user = 'not_logged'
+    block.save!
+    get "/api/v1/profiles/#{profile.id}/boxes?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [block.id], json["boxes"].first["blocks"].map {|b| b['id']}
+  end
+
   should 'not list boxes for user without permission' do
     profile = fast_create(Profile, public_profile: false)
     box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
--
libgit2 0.21.2