diff --git a/project/views/event.py b/project/views/event.py
index b37bab9..d75d9b2 100644
--- a/project/views/event.py
+++ b/project/views/event.py
@@ -3,7 +3,7 @@ from datetime import datetime
 
 from flask import flash, jsonify, redirect, render_template, request, url_for
 from flask_babelex import gettext
-from flask_security import auth_required
+from flask_security import auth_required, current_user
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.sql import func
 
@@ -328,6 +328,7 @@ def get_user_rights(event):
 
 def get_menu_user_rights(event):
     return {
+        "can_view_actions": current_user.is_authenticated,
         "can_update_event": has_access(event.admin_unit, "event:update"),
     }
 
diff --git a/requirements.txt b/requirements.txt
index 75dee95..1db03f7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -68,7 +68,7 @@ packaging==20.8
 passlib==1.7.4
 pathspec==0.8.1
 pilkit==2.0
-Pillow==8.1.1
+Pillow==8.2.0
 pluggy==0.13.1
 pre-commit==2.9.3
 psycopg2-binary==2.8.6
diff --git a/tests/views/test_event.py b/tests/views/test_event.py
index 1ea1ff6..85289b7 100644
--- a/tests/views/test_event.py
+++ b/tests/views/test_event.py
@@ -13,6 +13,19 @@ def test_read(client, seeder, utils, external_link):
     utils.get_ok(url)
 
 
+def test_read_containsActionLink(seeder, utils):
+    user_id, admin_unit_id = seeder.setup_base()
+    other_user_id = seeder.create_user("other@test.de")
+    other_admin_unit_id = seeder.create_admin_unit(other_user_id, "Other Crew")
+    event_id = seeder.create_event(other_admin_unit_id)
+
+    url = utils.get_url("event", event_id=event_id)
+    response = utils.get_ok(url)
+
+    action_url = utils.get_url("event_actions", event_id=event_id)
+    assert action_url in str(response.data)
+
+
 @pytest.mark.parametrize("db_error", [True, False])
 def test_create(client, app, utils, seeder, mocker, db_error):
     user_id, admin_unit_id = seeder.setup_base()