diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 63348c0..d3da3a0 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -32,7 +32,9 @@ module API
     end
 
     class Person < Profile;end;
-    class Enterprise < Profile;end;
+    class Enterprise < Profile
+      root 'enterprises', 'enterprise'
+    end
     class Community < Profile
       root 'communities', 'community'
       expose :description
diff --git a/lib/api/v1/enterprises.rb b/lib/api/v1/enterprises.rb
index 6143140..670af84 100644
--- a/lib/api/v1/enterprises.rb
+++ b/lib/api/v1/enterprises.rb
@@ -17,16 +17,38 @@ module API
         #  GET /enterprises?reference_id=10&limit=10&oldest
         get do
           enterprises = select_filtered_collection_of(environment, 'enterprises', params)
+          enterprises = enterprises.visible_for_person(current_person)
           present enterprises, :with => Entities::Enterprise
         end
 
-        desc "Return one environment by id"
+        desc "Return one enterprise by id"
         get ':id' do
-          present environment.enterprises.find(params[:id]), :with => Entities::Enterprise
+          enterprise = environment.enterprises.visible.find_by_id(params[:id])
+          present enterprise, :with => Entities::Enterprise
         end
 
       end
 
+      resource :people do
+
+        segment '/:person_id' do
+
+          resource :enterprises do
+
+            get do
+              person = environment.people.find(params[:person_id])
+              enterprises = select_filtered_collection_of(person, 'enterprises', params)
+              enterprises = enterprises.visible
+              present enterprises, :with => Entities::Enterprise
+            end
+
+          end
+
+        end
+
+      end
+
+
     end
   end
 end
diff --git a/test/unit/api/enterprises_test.rb b/test/unit/api/enterprises_test.rb
index d63370f..0b1f21f 100644
--- a/test/unit/api/enterprises_test.rb
+++ b/test/unit/api/enterprises_test.rb
@@ -6,24 +6,95 @@ class EnterprisesTest < ActiveSupport::TestCase
     login_api
   end
 
-  should 'list enterprises' do
-    enterprise1 = fast_create(Enterprise)
+  should 'list all enterprises' do
+    enterprise1 = fast_create(Enterprise, :public_profile => true)
     enterprise2 = fast_create(Enterprise)
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'not list invisible enterprises' do
+    enterprise1 = fast_create(Enterprise)
+    fast_create(Enterprise, :visible => false)
+
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'not list private enterprises without permission' do
+    enterprise1 = fast_create(Enterprise)
+    fast_create(Enterprise, :public_profile => false)
+
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'list private enterprise for members' do
+    c1 = fast_create(Enterprise)
+    c2 = fast_create(Enterprise, :public_profile => false)
+    c2.add_member(person)
 
     get "/api/v1/enterprises?#{params.to_query}"
     json = JSON.parse(last_response.body)
+    assert_equivalent [c1.id, c2.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'get enterprise' do
+    enterprise = fast_create(Enterprise)
+
+    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal enterprise.id, json['enterprise']['id']
+  end
+
+  should 'not get invisible enterprise' do
+    enterprise = fast_create(Enterprise, :visible => false)
 
-    assert_includes json.map {|c| c['id']}, enterprise1.id
-    assert_includes json.map {|c| c['id']}, enterprise2.id
+    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['enterprise'].blank?
   end
 
-  should 'return one enterprise by id' do
+  should 'not get private enterprises without permission' do
     enterprise = fast_create(Enterprise)
+    fast_create(Enterprise, :public_profile => false)
+
+    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal enterprise.id, json['enterprise']['id']
+  end
+
+  should 'get private enterprise for members' do
+    enterprise = fast_create(Enterprise, :public_profile => false)
+    enterprise.add_member(person)
 
     get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
+    assert_equal enterprise.id, json['enterprise']['id']
+  end
+
+  should 'list person enterprises' do
+    enterprise = fast_create(Enterprise)
+    fast_create(Enterprise)
+    enterprise.add_member(person)
+
+    get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [enterprise.id], json['enterprises'].map {|c| c['id']}
+  end
 
-    assert_equal enterprise.id, json['id']
+  should 'not list person enterprises invisible' do
+    c1 = fast_create(Enterprise)
+    c2 = fast_create(Enterprise, :visible => false)
+    c1.add_member(person)
+    c2.add_member(person)
+
+    get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']}
   end
 
 end
--
libgit2 0.21.2