diff --git a/lib/api/v1/communities.rb b/lib/api/v1/communities.rb
index aa7d503..9cefe98 100644
--- a/lib/api/v1/communities.rb
+++ b/lib/api/v1/communities.rb
@@ -29,8 +29,11 @@ module API
       end
 
       resource :people do
+
         segment '/:person_id' do
+
           resource :communities do
+
             get do
               person = environment.people.find(params[:person_id])
               communities = select_filtered_collection_of(person, 'communities', params)
@@ -38,13 +41,8 @@ module API
               present communities, :with => Entities::Community
             end
 
-#            get ':id' do
-#              person = environment.people.find(params[:person_id])
-#              article = find_article(person.articles, params[:id])
-#              present article, :with => Entities::Article
-#            end
-
           end
+
         end
 
       end
diff --git a/test/unit/api/communities_test.rb b/test/unit/api/communities_test.rb
index f512d59..9ac17cf 100644
--- a/test/unit/api/communities_test.rb
+++ b/test/unit/api/communities_test.rb
@@ -31,6 +31,25 @@ class CommunitiesTest < ActiveSupport::TestCase
     assert_equal [community1.id], json['communities'].map {|c| c['id']}
   end
 
+  should 'not list private communities without permission' do
+    community1 = fast_create(Community)
+    fast_create(Community, :public_profile => false)
+
+    get "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [community1.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'list private community for members' do
+    c1 = fast_create(Community)
+    c2 = fast_create(Community, :public_profile => false)
+    c1.add_member(person)
+
+    get "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']}
+  end
+
   should 'not get invisible community' do
     community = fast_create(Community, :visible => false)
 
diff --git a/test/unit/api/test_helper.rb b/test/unit/api/test_helper.rb
index 05b9210..4aa470d 100644
--- a/test/unit/api/test_helper.rb
+++ b/test/unit/api/test_helper.rb
@@ -11,12 +11,13 @@ class ActiveSupport::TestCase
   def login_api
     @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default)
     @user.activate
+    @person = @user.person
 
     post "/api/v1/login?login=testapi&password=testapi"
     json = JSON.parse(last_response.body)
     @private_token = json["private_token"]
     @params = {:private_token => @private_token}
   end
-  attr_accessor :private_token, :user, :params
+  attr_accessor :private_token, :user, :person, :params
 
 end
--
libgit2 0.21.2