diff --git a/cookbook/helper/permission_helper.py b/cookbook/helper/permission_helper.py
index 6afb2e923..78210152b 100644
--- a/cookbook/helper/permission_helper.py
+++ b/cookbook/helper/permission_helper.py
@@ -434,3 +434,10 @@ def switch_user_active_space(user, space):
             return us
     except ObjectDoesNotExist:
         return None
+
+
+class IsReadOnlyDRF(permissions.BasePermission):
+    message = 'You cannot interact with this object as it is not owned by you!'
+
+    def has_permission(self, request, view):
+        return request.method in SAFE_METHODS
diff --git a/cookbook/views/api.py b/cookbook/views/api.py
index 45c05ffaa..695dd2ee1 100644
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@@ -421,6 +421,10 @@ class UserSpaceViewSet(viewsets.ModelViewSet):
         return super().destroy(request, *args, **kwargs)
 
     def get_queryset(self):
+        internal_note = self.request.query_params.get('internal_note', None)
+        if internal_note is not None:
+            self.queryset = self.queryset.filter(internal_note=internal_note)
+
         if is_space_owner(self.request.user, self.request.space):
             return self.queryset.filter(space=self.request.space)
         else:
@@ -1165,6 +1169,11 @@ class InviteLinkViewSet(viewsets.ModelViewSet, StandardFilterMixin):
     permission_classes = [CustomIsSpaceOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]
 
     def get_queryset(self):
+
+        internal_note = self.request.query_params.get('internal_note', None)
+        if internal_note is not None:
+            self.queryset = self.queryset.filter(internal_note=internal_note)
+
         if is_space_owner(self.request.user, self.request.space):
             self.queryset = self.queryset.filter(space=self.request.space).all()
             return super().get_queryset()