diff --git a/config/example-config.php b/config/example-config.php
index b258391a..882349cd 100644
--- a/config/example-config.php
+++ b/config/example-config.php
@@ -39,7 +39,12 @@ $c->system_name = "Really Simple CalDAV Store";
 */
 $c->hide_alarm = true;
 
-
+/**
+*default is false
+*If true, then TODO requested  from someone other than the admmin or owner
+* of a calendar will not get any answer
+*/
+$c->hide_TODO = true;
 
 /***************************************************************************
 *                                                                          *
diff --git a/inc/caldav-REPORT.php b/inc/caldav-REPORT.php
index 52ea1601..d3cfdd23 100644
--- a/inc/caldav-REPORT.php
+++ b/inc/caldav-REPORT.php
@@ -389,6 +389,9 @@ for ( $i=0; $i <= $reportnum; $i++ ) {
   }
 
   $where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL OR get_permissions($session->user_no,caldav_data.user_no) ~ 'A') "; // Must have 'all' permissions to see confidential items
+  if($c->hide_TODO){
+    $where .= "AND (caldav_data.caldav_type NOT IN ('VTODO') OR get_permissions($session->user_no,caldav_data.user_no) ~ 'A') ";
+  }
   $qry = new PgQuery( "SELECT * , get_permissions($session->user_no,caldav_data.user_no) as permissions FROM caldav_data INNER JOIN calendar_item USING(user_no, dav_name)". $where );
   if ( $qry->Exec("REPORT",__LINE__,__FILE__) && $qry->rows > 0 ) {
     while( $calendar_object = $qry->Fetch() ) {