diff --git a/src/controllers/groups_controller.rs b/src/controllers/groups_controller.rs
index eee129d..65ff0d0 100644
--- a/src/controllers/groups_controller.rs
+++ b/src/controllers/groups_controller.rs
@@ -155,7 +155,14 @@ pub fn delete_logo(r: &mut HttpRequestHandler) -> RequestResult {
 
 /// Get the list of members of a group
 pub fn get_members(r: &mut HttpRequestHandler) -> RequestResult {
-    let group_id = r.post_group_id_with_access("id", GroupAccessLevel::MODERATOR_ACCESS)?;
+    let group_id = r.post_group_id("id")?;
+    let group_access_level = groups_helper::get_access_level(&group_id, r.user_id_opt())?;
+    let group = groups_helper::get_info(&group_id)?;
+
+    if group_access_level < GroupAccessLevel::VIEW_ACCESS
+        || (!group.is_members_list_public && group_access_level < GroupAccessLevel::MODERATOR_ACCESS) {
+        r.forbidden("You can not access the list of members of this group!".to_string())?;
+    }
 
     let members = groups_helper::get_list_members(&group_id)?;