diff --git a/api/funkwhale_api/music/permissions.py b/api/funkwhale_api/music/permissions.py
index a8e62f1e770dca45024400d5eff9686da1c50749..61fc65bebf523f916483e67e2c7a311588bfc6de 100644
--- a/api/funkwhale_api/music/permissions.py
+++ b/api/funkwhale_api/music/permissions.py
@@ -3,6 +3,7 @@ from django.conf import settings
 from rest_framework.permissions import BasePermission
 
 from funkwhale_api.federation import actors
+from funkwhale_api.federation import models
 
 
 class Listen(BasePermission):
@@ -20,4 +21,8 @@ class Listen(BasePermission):
             return False
 
         library = actors.SYSTEM_ACTORS['library'].get_actor_instance()
-        return library.followers.filter(url=actor.url).exists()
+        return models.Follow.objects.filter(
+            target=library,
+            actor=actor,
+            approved=True
+        ).exists()
diff --git a/api/tests/music/test_permissions.py b/api/tests/music/test_permissions.py
index 6cce85e088c9efbba879e67ffa1cd111183c7d37..d36f37886d9930883643126642ab278eee8acf93 100644
--- a/api/tests/music/test_permissions.py
+++ b/api/tests/music/test_permissions.py
@@ -47,10 +47,25 @@ def test_list_permission_protect_following_actor(
         factories, api_request, settings):
     settings.PROTECT_AUDIO_FILES = True
     library_actor = actors.SYSTEM_ACTORS['library'].get_actor_instance()
-    follow = factories['federation.Follow'](target=library_actor)
+    follow = factories['federation.Follow'](
+        approved=True, target=library_actor)
     view = APIView.as_view()
     permission = permissions.Listen()
     request = api_request.get('/')
     setattr(request, 'actor', follow.actor)
 
     assert permission.has_permission(request, view) is True
+
+
+def test_list_permission_protect_following_actor_not_approved(
+        factories, api_request, settings):
+    settings.PROTECT_AUDIO_FILES = True
+    library_actor = actors.SYSTEM_ACTORS['library'].get_actor_instance()
+    follow = factories['federation.Follow'](
+        approved=False, target=library_actor)
+    view = APIView.as_view()
+    permission = permissions.Listen()
+    request = api_request.get('/')
+    setattr(request, 'actor', follow.actor)
+
+    assert permission.has_permission(request, view) is False