diff --git a/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php b/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php
new file mode 100644
index 000000000..beeb76089
--- /dev/null
+++ b/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php
@@ -0,0 +1,67 @@
+<?php
+
+namespace Chill\MainBundle\Controller;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
+
+class PermissionApiController extends AbstractController
+{
+    private DenormalizerInterface $denormalizer;
+    private Security $security;
+
+    public function __construct(
+        DenormalizerInterface $denormalizer,
+        Security $security
+    ) {
+        $this->denormalizer = $denormalizer;
+        $this->security = $security;
+    }
+
+    /**
+     * @Route("/api/1.0/main/permissions/info.json", methods={"POST"})
+     * @throws \Symfony\Component\Serializer\Exception\ExceptionInterface
+     */
+    public function getPermissions(Request $request): JsonResponse
+    {
+        $this->denyAccessUnlessGranted('ROLE_USER');
+
+        $data = \json_decode($request->getContent(), true);
+
+        if (null === $data) {
+            throw new BadRequestHttpException(sprintf(
+                "Could not decode json received, or data invalid: %s, %s", \json_last_error(), \json_last_error_msg()
+            ));
+        }
+
+        if (!\array_key_exists('object', $data)) {
+            throw new BadRequestHttpException("the object key is not present");
+        }
+        if (!\array_key_exists('class', $data)) {
+            throw new BadRequestHttpException("the class key is not present");
+        }
+
+        if (null !== $data['object']) {
+            $object = $this->denormalizer->denormalize($data['object'], $data['class'], 'json');
+        } else {
+            $object = null;
+        }
+        $roles = [];
+
+        foreach (($data['roles'] ?? []) as $role) {
+           $roles[$role] = $this->security->isGranted($role, $object);
+        }
+
+        return $this->json(
+            ['roles' => $roles, ],
+            200,
+            [],
+        );
+    }
+
+}
diff --git a/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php b/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php
new file mode 100644
index 000000000..0eac990ec
--- /dev/null
+++ b/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Controller;
+
+use Chill\MainBundle\Test\PrepareClientTrait;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+
+class PermissionApiControllerTest extends WebTestCase
+{
+    use PrepareClientTrait;
+
+    public function testNullObject()
+    {
+        $client = $this->getClientAuthenticated();
+
+        $client->request(
+            'POST',
+            '/api/1.0/main/permissions/info.json',
+            [], // parameters
+            [], // files
+            [], // server
+            \json_encode([
+                'object' => null,
+                'class' => null,
+                'roles' => ['ROLE_USER', 'ROLE_ADMIN']
+            ])
+        );
+
+        $this->assertResponseIsSuccessful();
+
+        $data = \json_decode($client->getResponse()->getContent(), true);
+        $this->assertTrue($data['roles']['ROLE_USER']);
+        $this->assertFalse($data['roles']['ROLE_ADMIN']);
+    }
+
+}
diff --git a/src/Bundle/ChillMainBundle/chill.api.specs.yaml b/src/Bundle/ChillMainBundle/chill.api.specs.yaml
index 110547201..ff0c844df 100644
--- a/src/Bundle/ChillMainBundle/chill.api.specs.yaml
+++ b/src/Bundle/ChillMainBundle/chill.api.specs.yaml
@@ -624,3 +624,40 @@ paths:
                 401:
                     description: "Unauthorized"
 
+    /1.0/main/permissions/info.json:
+        post:
+            tags:
+                - permissions
+            summary: Return info about permissions on entity
+            responses:
+                200:
+                    description: "ok"
+                401:
+                    description: "Unauthorized"
+                400:
+                    description: "Bad request"
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            type: object
+                            properties:
+                                object:
+                                    type: object
+                                class:
+                                    type: string
+                                roles:
+                                    type: array
+                                    items:
+                                        type: string
+                        examples:
+                            an-accompanying-period:
+                                value:
+                                    object:
+                                        type: accompanying_period
+                                        id: 1
+                                    class: 'Chill\PersonBundle\Entity\AccompanyingPeriod'
+                                    roles:
+                                        - 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE'
+