diff --git a/app/views/shared/_list_groups.html.erb b/app/views/shared/_list_groups.html.erb
index 083fb8d..2878d97 100644
--- a/app/views/shared/_list_groups.html.erb
+++ b/app/views/shared/_list_groups.html.erb
@@ -12,7 +12,9 @@
       <%= _('Members: %s') % group.members_count.to_s %> <br/>
       <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
       <% button_bar do %>
-        <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
+        <% if user.has_permission?(:edit_profile, group) %>
+          <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
+        <% end %>
         <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %>
         <% if (group.community? && user.has_permission?(:destroy_profile, group)) %>
           <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %>
diff --git a/test/functional/memberships_controller_test.rb b/test/functional/memberships_controller_test.rb
index 766312c..4146dfd 100644
--- a/test/functional/memberships_controller_test.rb
+++ b/test/functional/memberships_controller_test.rb
@@ -6,7 +6,7 @@ require 'memberships_controller'
 class MembershipsController; def rescue_action(e) raise e end; end
 
 class MembershipsControllerTest < ActionController::TestCase
-  
+
   include ApplicationHelper
 
   def setup
@@ -22,7 +22,7 @@ class MembershipsControllerTest < ActionController::TestCase
   def test_local_files_reference
     assert_local_files_reference :get, :index, :profile => profile.identifier
   end
-  
+
   def test_valid_xhtml
     assert_valid_xhtml
   end
@@ -245,4 +245,23 @@ class MembershipsControllerTest < ActionController::TestCase
     assert_tag :tag => 'input', :attributes => {:id => 'community_plugin2', :type => 'hidden', :value => 'Plugin 2'}
   end
 
+  should 'only display control panel link to members with permission' do
+    c1 = fast_create(Community, :name => 'My own community')
+    c2 = fast_create(Community, :name => 'Not my community')
+
+    owner = fast_create(Person)
+    c2.add_admin(owner)
+
+    person = Person['testuser']
+    c1.add_admin(person)
+    c2.add_member(person)
+
+    login_as('testuser')
+    get :index, :profile => 'testuser'
+
+    assert_template 'index'
+    assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{c2.identifier}" }
+    assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{c1.identifier}" }
+  end
+
 end
--
libgit2 0.21.2