diff --git a/aleksis/core/urls.py b/aleksis/core/urls.py
index 5de76472c91da9243edfa13c57c5ce29a7782e08..6c1648ee402020e33e5f37230b0730174a55e39f 100644
--- a/aleksis/core/urls.py
+++ b/aleksis/core/urls.py
@@ -9,6 +9,7 @@ from django.views.i18n import JavaScriptCatalog
 import calendarweek.django
 import debug_toolbar
 from django_js_reverse.views import urls_js
+from rules.contrib.views import permission_required
 from two_factor.urls import urlpatterns as tf_urls
 
 from . import views
@@ -41,7 +42,7 @@ urlpatterns = [
     path("announcement/edit/<int:pk>/", views.announcement_form, name="edit_announcement"),
     path("announcement/delete/<int:pk>/", views.delete_announcement, name="delete_announcement"),
     path("search/searchbar/", views.searchbar_snippets, name="searchbar_snippets"),
-    path("search/", include("haystack.urls")),
+    path("search/", views.PermissionSearchView(), name="haystack_search"),
     path("maintenance-mode/", include("maintenance_mode.urls")),
     path("impersonate/", include("impersonate.urls")),
     path("__i18n__/", include("django.conf.urls.i18n")),
diff --git a/aleksis/core/views.py b/aleksis/core/views.py
index 8344435504de03644faa678373e8385498c1d7b4..151852d840b265591f420da6541ea9c6eaeb6247 100644
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -2,6 +2,7 @@ from importlib import import_module
 from typing import Optional
 
 from django.apps import apps
+from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.core.exceptions import PermissionDenied
 from django.http import Http404, HttpRequest, HttpResponse
 from django.shortcuts import get_object_or_404, redirect, render
@@ -11,6 +12,7 @@ from django_tables2 import RequestConfig
 from guardian.shortcuts import get_objects_for_user
 from haystack.inputs import AutoQuery
 from haystack.query import SearchQuerySet
+from haystack.views import SearchView
 from rules.contrib.views import permission_required
 
 from .forms import (
@@ -364,3 +366,13 @@ def searchbar_snippets(request: HttpRequest) -> HttpResponse:
     context = {"results": results}
 
     return render(request, "search/searchbar_snippets.html", context)
+
+
+class PermissionSearchView(PermissionRequiredMixin, SearchView):
+    permission_required = "core.search"
+
+    def create_response(self):
+        context = self.get_context()
+        if not self.has_permission():
+            return self.handle_no_permission()
+        return render(self.request, self.template, context)