diff --git a/app/controllers/search_results_controller.rb b/app/controllers/search_results_controller.rb
index 7b1a0579..1d3a098d 100644
--- a/app/controllers/search_results_controller.rb
+++ b/app/controllers/search_results_controller.rb
@@ -109,6 +109,7 @@ def index
       klass = klass.constantize
 
       @results = klass.single_query(params.merge({ languages: languages.flatten }))
+                      .filter { |search_result| result_allowed?(search_result) }
 
       if params[:limit] && Iqvoc.unlimited_search_results
         @results = @results.per(params[:limit].to_i)
@@ -162,4 +163,15 @@ def self.prepare_basic_variables(controller)
     controller.params['l'] = langs.keys if controller.params['l'].nil?
     controller.params['include_expired'] = (controller.params['include_expired'] == "true")
   end
+
+  private
+
+  def result_allowed?(result)
+    if result.result_object.is_a?(Labeling::Base)
+      can?(:read, result.owner)
+    else
+      can?(:read, result.result_object)
+    end
+  end
+
 end
diff --git a/app/helpers/link_helper.rb b/app/helpers/link_helper.rb
index cfe7ac60..587c0ad0 100644
--- a/app/helpers/link_helper.rb
+++ b/app/helpers/link_helper.rb
@@ -1,14 +1,18 @@
 module LinkHelper
   def link_to_object(object, name, html_options = nil, &block)
-    path = case object
-           when Iqvoc::Concept.base_class
-             concept_url(id: object)
-           when Iqvoc::Collection.base_class
-             collection_url(id: object)
-           when Label::Base
-             label_url(id: object)
-           end
+    link_to name, link_for(object), html_options, &block
+  end
 
-    link_to name, path, html_options, &block
+  def link_for(object, params = {})
+    case object
+    when Iqvoc::Concept.base_class
+      concept_url(object, params)
+    when Iqvoc::Collection.base_class
+      collection_url(object, params)
+    when Label::Base
+      label_url(object, params)
+    else
+      raise 'Unsupported object type'
+    end
   end
 end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 7b5b597d..4cecbd6c 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -6,6 +6,7 @@ class Ability
   def initialize(user = nil)
     can :read, Iqvoc::Concept.root_class.instance
     can :read, [::Concept::Base, ::Collection::Base, ::Label::Base], &@@if_published
+    can :read, ::Note::Base
 
     # static pages
     can :read, :help