diff --git a/g3w-admin/qdjango/api/projects/serializers.py b/g3w-admin/qdjango/api/projects/serializers.py
index b632f04d8..ae3809768 100644
--- a/g3w-admin/qdjango/api/projects/serializers.py
+++ b/g3w-admin/qdjango/api/projects/serializers.py
@@ -599,10 +599,12 @@ def readLeaf(layer, container):
         # reset tokenfilter by session
         self.reset_filtertoken()
 
-        ret['edit_url'] = reverse('qdjango-project-update', kwargs={
-            'group_slug': instance.group.slug,
-            'slug': instance.slug
-        })
+        # add edit url if user has grant
+        if self.request.user.has_perm('qdjango.change_project', instance):
+            ret['edit_url'] = reverse('qdjango-project-update', kwargs={
+                'group_slug': instance.group.slug,
+                'slug': instance.slug
+            })
 
         return ret