diff --git a/framework/core/src/Core/Access/UserPolicy.php b/framework/core/src/Core/Access/UserPolicy.php
index 6daf97c87..1bc0be78e 100644
--- a/framework/core/src/Core/Access/UserPolicy.php
+++ b/framework/core/src/Core/Access/UserPolicy.php
@@ -11,6 +11,7 @@
 namespace Flarum\Core\Access;
 
 use Flarum\Core\User;
+use Illuminate\Database\Eloquent\Builder;
 
 class UserPolicy extends AbstractPolicy
 {
@@ -30,4 +31,15 @@ class UserPolicy extends AbstractPolicy
             return true;
         }
     }
+
+    /**
+     * @param User $actor
+     * @param Builder $query
+     */
+    public function find(User $actor, Builder $query)
+    {
+        if ($actor->cannot('viewDiscussions')) {
+            $query->whereRaw('FALSE');
+        }
+    }
 }
diff --git a/framework/core/src/Core/Repository/PostRepository.php b/framework/core/src/Core/Repository/PostRepository.php
index ea106c477..7c14c6192 100644
--- a/framework/core/src/Core/Repository/PostRepository.php
+++ b/framework/core/src/Core/Repository/PostRepository.php
@@ -96,6 +96,8 @@ class PostRepository
                         event(new ScopePostVisibility($discussion, $query, $actor));
                     });
                 }
+
+                $query->orWhereRaw('FALSE');
             })
             ->get();