diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index f650cae9b..952270735 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -44,10 +44,10 @@ class InvitesController < ApplicationController
   end
 
   def destroy
-    invite = Invite.find(params[:id])
-    @dossier = invite.dossier
+    invite = Invite.find_by(id: params[:id], dossier: current_user.dossiers.visible_by_user)
 
-    if @dossier.user == current_user
+    if invite.present?
+      @dossier = invite.dossier
       invite.destroy!
       flash.notice = "L’autorisation de #{invite.email} vient d’être révoquée."
     else
@@ -55,7 +55,7 @@ class InvitesController < ApplicationController
     end
 
     respond_to do |format|
-      format.html { redirect_back(fallback_location: helpers.url_for_dossier(@dossier)) }
+      format.html { redirect_back(fallback_location: @dossier.present? ? helpers.url_for_dossier(@dossier) : root_url) }
       format.turbo_stream
     end
   end
diff --git a/app/views/invites/_dropdown.html.haml b/app/views/invites/_dropdown.html.haml
index 6fb0f1196..5902deb5d 100644
--- a/app/views/invites/_dropdown.html.haml
+++ b/app/views/invites/_dropdown.html.haml
@@ -2,7 +2,7 @@
 .dropdown.invite-user-action{ data: { controller: 'menu-button', popover: 'true' } }
   %button.button.dropdown-button{ data: { menu_button_target: 'button' } }
     %span.icon.person
-    - if invites.size > 0
+    - if invites.present?
       = t('views.invites.dropdown.view_invited_people')
       %span.badge= invites.size
     - else
diff --git a/app/views/invites/destroy.turbo_stream.haml b/app/views/invites/destroy.turbo_stream.haml
index 6d420243e..64b203eec 100644
--- a/app/views/invites/destroy.turbo_stream.haml
+++ b/app/views/invites/destroy.turbo_stream.haml
@@ -1,2 +1,3 @@
-= turbo_stream.replace_all '.invite-user-action', partial: 'invites/dropdown', locals: { dossier: @dossier }
-= turbo_stream.focus_all '.invite-user-action > button'
+- if @dossier.present?
+  = turbo_stream.replace_all '.invite-user-action', partial: 'invites/dropdown', locals: { dossier: @dossier }
+  = turbo_stream.focus_all '.invite-user-action > button'
diff --git a/spec/controllers/invites_controller_spec.rb b/spec/controllers/invites_controller_spec.rb
index e389fe50b..59a017075 100644
--- a/spec/controllers/invites_controller_spec.rb
+++ b/spec/controllers/invites_controller_spec.rb
@@ -263,18 +263,20 @@ describe InvitesController, type: :controller do
   end
 
   describe '#DELETE destroy' do
-    let!(:invite) { create :invite, email: email, dossier: dossier }
-    let(:signed_in_profile) { dossier.user }
+    render_views
+    let(:invite) { create(:invite, email: email, dossier: dossier) }
 
     before do
-      sign_in signed_in_profile
+      invite
+      sign_in dossier.user
     end
 
-    subject { delete :destroy, params: { id: invite.id } }
+    subject { delete :destroy, params: { id: invite.id }, format: :turbo_stream }
 
     context 'when user is signed in' do
       it "destroy invites" do
         expect { subject }.to change { Invite.count }.from(1).to(0)
+        expect(response.body).to include(".invite-user-action")
       end
     end
 
@@ -284,6 +286,7 @@ describe InvitesController, type: :controller do
       it 'does not destroy invite' do
         sign_in another_user
         expect { subject }.not_to change { Invite.count }
+        expect(response.body).not_to include(".invite-user-action")
       end
     end
   end