diff --git a/src/Controller/OrganisationController.php b/src/Controller/OrganisationController.php
index 860f7c1..9db2620 100644
--- a/src/Controller/OrganisationController.php
+++ b/src/Controller/OrganisationController.php
@@ -646,7 +646,16 @@ class OrganisationController extends SimpleController
         /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
         $classMapper = $this->ci->classMapper;
 
+        $params['ci'] = $this->ci;
+
         $sprunje = $classMapper->createInstance('organisation_sprunje', $classMapper, $params);
+        if (!$currentUser->isMaster() && $currentUser->roles()->where('slug', 'organisations-admin')->count() == 0) {
+            $sprunje->extendQuery(function ($query) use ($currentUser) {
+                return $query->where('flag_approved', true)
+                    ->withUser($currentUser->id)
+                    ->orWhereNotNull('is_member');
+            });
+        }
 
         // Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
         // For example, if you plan to insert it into an HTML DOM, you must escape it on the client side (or use client-side templating).
diff --git a/src/Database/Seeds/OrganisationPermissions.php b/src/Database/Seeds/OrganisationPermissions.php
index 9517895..92eb4bb 100644
--- a/src/Database/Seeds/OrganisationPermissions.php
+++ b/src/Database/Seeds/OrganisationPermissions.php
@@ -203,6 +203,7 @@ class OrganisationPermissions extends BaseSeed
         $roleUser = Role::where('slug', 'user')->first();
         if ($roleUser) {
             $roleUser->permissions()->syncWithoutDetaching([
+                $permissions['uri_organisations']->id,
                 $permissions['uri_organisation_own']->id,
                 $permissions['view_organisation_field_own']->id,
                 $permissions['leave_organisation']->id,