diff --git a/src/Controller/ActionController.php b/src/Controller/ActionController.php
index 0b02473..0815dc5 100644
--- a/src/Controller/ActionController.php
+++ b/src/Controller/ActionController.php
@@ -5,6 +5,7 @@ namespace App\Controller;
 use App\Entity\Actions;
 use App\Entity\Organizations;
 use App\Service\ActionService;
+use App\Service\UserService;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -15,21 +16,24 @@ class ActionController extends AbstractController
 {
     public function __construct(
         private EntityManagerInterface $entityManager,
-        private ActionService $actionService
+        private ActionService          $actionService, private readonly UserService $userService
     ) {
     }
 
     #[Route('/organization/{id}/activities-ajax', name: 'app_organization_activities_ajax', methods: ['GET'])]
     public function fetchActivitiesAjax(Organizations $organization): JsonResponse
     {
-        $this->denyAccessUnlessGranted('ROLE_ADMIN');
-        $actions = $this->entityManager->getRepository(Actions::class)->findBy(
-            ['Organization' => $organization],
-            ['date' => 'DESC'],
-            10
-        );
-        $formattedActivities = $this->actionService->formatActivities($actions);
+        $this->denyAccessUnlessGranted('ROLE_USER');
+        if($this->userService->isAdminOfOrganization($organization)){
+            $actions = $this->entityManager->getRepository(Actions::class)->findBy(
+                ['Organization' => $organization],
+                ['date' => 'DESC'],
+                10
+            );
+            $formattedActivities = $this->actionService->formatActivities($actions);
 
-        return new JsonResponse($formattedActivities);
+            return new JsonResponse($formattedActivities);
+        }
+        return new JsonResponse(['error' => 'You are not authorized to access this page.'], 403);
     }
 }