diff --git a/app/controllers/concerns/publisher_controller.rb b/app/controllers/concerns/publisher_controller.rb
index 3b1ada1238af321311f1636cbf9e8c80d109a697..dd385d9ae4331708102b173dc9111605c5b63b1f 100644
--- a/app/controllers/concerns/publisher_controller.rb
+++ b/app/controllers/concerns/publisher_controller.rb
@@ -2,43 +2,47 @@ module PublisherController
   extend ActiveSupport::Concern
 
   included do
-    before_action :authenticate_user!, only: [:show_all_drafts, :show_all_learning_objects, :show_all_collections, :show_liked_learning_objects, :show_liked_collections]
+    before_action :authenticate, only: [:show_all_drafts, :show_liked_learning_objects, :show_liked_collections]
+    before_action :set_publisher, only: [:show_all_drafts, :show_all_learning_objects, :show_all_collections, :show_liked_learning_objects, :show_liked_collections]
+    before_action -> { authorize @publisher }, only: [:show_all_drafts, :show_liked_learning_objects, :show_liked_collections]
   end
 
   def show_all_drafts
-    render json: LearningObject.where(publisher: publisher, state: LearningObject.states[:draft])
+    render json: LearningObject.where(publisher: @publisher, state: LearningObject.states[:draft])
   end
 
   # GET /v1/users/1/learning_objects
   def show_all_learning_objects
-    render json: LearningObject.where(publisher: publisher, state: LearningObject.states[:published])
+    render json: LearningObject.where(publisher: @publisher, state: LearningObject.states[:published])
   end
 
   def show_all_collections
-    render json: Collection.where(owner: publisher)
+    render json: ::UserPolicy::Scope.new(current_user, @publisher, Collection).resolve.where(owner: @publisher)
   end
 
   def show_liked_learning_objects
     includes = [:taggings, :tags, :subject_relations, :subjects, :stage_relations, :educational_stages, :publisher, :language, :license]
     render json: LearningObject.includes(includes).find(
-      Like.where(user: publisher, likeable_type: 'LearningObject').pluck(:likeable_id)
+      Like.where(user: @publisher, likeable_type: 'LearningObject').pluck(:likeable_id)
     )
   end
 
   def show_liked_collections
     render json: Collection.find(
-      Like.where(user: publisher, likeable_type: 'Collection').pluck(:likeable_id)
+      Like.where(user: @publisher, likeable_type: 'Collection').pluck(:likeable_id)
     )
   end
 
   protected
 
-  def publisher
+  def authenticate
+    authenticate_user!
+  end
+
+  def set_publisher
     user, id = request.path.split('/')[2, 3]
     return nil unless %w(users institutions).include? user
     publisher_model = user.singularize.classify.constantize
-    publisher = publisher_model.find(id)
-    authorize publisher
-    publisher
+    @publisher = publisher_model.find(id)
   end
 end
diff --git a/app/controllers/v1/collections_controller.rb b/app/controllers/v1/collections_controller.rb
index a46d143816e313801d8b93606f9ef02c8ea684f3..b0dea3d5722d5ad0ecc3e0e839f3b85bbc7c9243 100644
--- a/app/controllers/v1/collections_controller.rb
+++ b/app/controllers/v1/collections_controller.rb
@@ -11,7 +11,7 @@ class V1::CollectionsController < ApplicationController
   before_action :authenticate_user!, only: [:create, :update, :destroy]
   before_action :set_collection, only: [:show, :update, :destroy, :add_object, :delete_object, :subjecting, :unsubjecting, :add_stages, :remove_stages]
   before_action :set_new_collection, only: :index
-  before_action :authorize!, except: [:create, :tagging, :untagging]
+  before_action :authorize!, except: [:create, :tagging, :untagging, :follow, :unfollow]
 
   # GET /v1/collections
   # GET /v1/collections.json
diff --git a/app/models/concerns/followable.rb b/app/models/concerns/followable.rb
index ef04ded79d40b282650d068ac622b6a903c0f8a6..d24840009e5d4017fad03f6f43a6982b570b44cb 100644
--- a/app/models/concerns/followable.rb
+++ b/app/models/concerns/followable.rb
@@ -10,6 +10,10 @@ module Followable
     Follow.where(followable: self)
   end
 
+  def followed?(user)
+    !follows.where(user: user).blank?
+  end
+
   ## get all activities from user
   # return an array of PublicActivity::Activity
   def activities
diff --git a/app/policies/publisher_policy.rb b/app/policies/publisher_policy.rb
index f0c8dc94dc12063c34a06c6fd7362c7d6345cd79..1da55efa6a5d9278f9825d2e174d261f25d5bef2 100644
--- a/app/policies/publisher_policy.rb
+++ b/app/policies/publisher_policy.rb
@@ -1,13 +1,26 @@
 module PublisherPolicy
-  def show_all_drafts?
-    record if same_user? || user.is_admin?
-  end
 
-  def show_all_learning_objects?
-    record if same_user? || user.is_admin?
+  class Scope < ApplicationPolicy::Scope
+    attr_reader :user, :record, :scope
+
+    def initialize(user, record, scope)
+      @user = user
+      @record = user
+      @scope = scope
+    end
+
+    def resolve
+      if user.nil?
+        scope.where(privacy: 'public')
+      elsif user.is_admin? || record == user
+        scope.all
+      else
+        scope.where(privacy: 'public')
+      end
+    end
   end
 
-  def show_all_collections?
+  def show_all_drafts?
     record if same_user? || user.is_admin?
   end
 
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 424a0a68dc7e2304daffce0daeed2326de355843..2f6bfddaafb48a1ae8de9d85737d47d08fede22f 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -2,6 +2,8 @@ class UserPolicy < ApplicationPolicy
   include FollowablePolicy
   include PublisherPolicy
 
+  class Scope < PublisherPolicy::Scope; end
+
   def create?
     user.is_admin?
   end
diff --git a/app/serializers/collection_serializer.rb b/app/serializers/collection_serializer.rb
index e8cff1baacf1e7995660829e478abb6d40f7b8c8..8ab0f80edb6d089a03d4cbf6aac4041ac7336cdd 100644
--- a/app/serializers/collection_serializer.rb
+++ b/app/serializers/collection_serializer.rb
@@ -1,5 +1,5 @@
 class CollectionSerializer < ActiveModel::Serializer
-  cache key: 'collection', expires_in: 4.hours, except: [:likes_count, :liked, :reviewed, :complained]
+  cache key: 'collection', expires_in: 4.hours, except: [:likes_count, :liked, :reviewed, :complained, :followed]
 
   def liked
     object.liked? current_user
@@ -13,6 +13,10 @@ class CollectionSerializer < ActiveModel::Serializer
     object.complained? current_user
   end
 
+  def followed
+    object.followed? current_user
+  end
+
   def items_thumbnails
     thumbs = []
     i = 0
@@ -25,6 +29,7 @@ class CollectionSerializer < ActiveModel::Serializer
   end
 
   attributes :id, :name, :created_at, :updated_at, :description, :privacy, :score, :likes_count, :liked, :reviewed, :complained, :review_average, :thumbnail, :items_thumbnails
+
   belongs_to :owner
   has_many :tags
   has_many :subjects