diff --git a/app/controllers/shared_searches_controller.rb b/app/controllers/shared_searches_controller.rb
index 066dd3e..7b1005e 100644
--- a/app/controllers/shared_searches_controller.rb
+++ b/app/controllers/shared_searches_controller.rb
@@ -8,6 +8,6 @@ def index
   end
 
   def show
-    @search = Search.find(params[:search_id])
+    @search = Search.where(shared: true).find(params[:search_id])
   end
 end
diff --git a/test/controllers/shared_searches_controller_test.rb b/test/controllers/shared_searches_controller_test.rb
new file mode 100644
index 0000000..e432316
--- /dev/null
+++ b/test/controllers/shared_searches_controller_test.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class SharedSearchesControllerTest < ActionDispatch::IntegrationTest
+  # We need the session to be initialized as a signed in user.
+  setup { post sessions_url, params: { username: users(:user).username, password: '12341234' } }
+
+  test 'does not allow to show searches which have not been shared' do
+    get search_shared_url(searches(:search1).id)
+    assert_equal @response.code.to_i, 404
+
+    searches(:search1).update!(shared: true)
+
+    get search_shared_url(searches(:search1).id)
+    assert_equal @response.code.to_i, 200
+  end
+end