diff --git a/ckanext/datarequests/auth.py b/ckanext/datarequests/auth.py
index 36d69e3..9cc31ea 100644
--- a/ckanext/datarequests/auth.py
+++ b/ckanext/datarequests/auth.py
@@ -21,7 +21,7 @@
 from ckan.plugins.toolkit import current_user, h
 from ckan.plugins.toolkit import asbool, auth_allow_anonymous_access, config, get_action
 
-from . import constants, db
+from . import constants, db, request_helpers
 from .actions import _dictize_datarequest
 
 
@@ -41,21 +41,33 @@ def _is_any_group_member(context):
     return user_name and authz.has_user_permission_for_some_org(user_name, 'read')
 
 
-@auth_allow_anonymous_access
-def show_datarequest(context, data_dict):
+def _check_organization_access(data_dict, is_listing=False):
     # Sysadmins can see all data requests, other users can only see their own organization's data requests.
-    if not current_user.sysadmin:
+    if is_listing:
+        organization_name = request_helpers.get_first_query_param('organization')
+        if not organization_name:
+            return {'success': True}
+
+        organization = get_action('organization_show')({'ignore_auth': True}, {'id': organization_name})
+        organization_id = organization.get('id', None)
+    else:
         result = db.DataRequest.get(id=data_dict.get('id'))
         data_req = result[0]
         data_dict = _dictize_datarequest(data_req)
+        organization_id = data_dict.get('organization_id', None)
 
-        current_user_orgs = [org['id'] for org in h.organizations_available('read')] or []
-        if data_dict.get('requesting_organisation', None) not in current_user_orgs:
-            return {'success': False}
+    current_user_orgs = [org['id'] for org in h.organizations_available('read')] or []
+    if organization_id not in current_user_orgs:
+        return {'success': False}
 
     return {'success': True}
 
 
+@auth_allow_anonymous_access
+def show_datarequest(context, data_dict):
+    return _check_organization_access(data_dict)
+
+
 def auth_if_creator(context, data_dict, show_function):
     # Sometimes data_dict only contains the 'id'
     if 'user_id' not in data_dict:
@@ -91,7 +103,7 @@ def update_datarequest(context, data_dict):
 
 @auth_allow_anonymous_access
 def list_datarequests(context, data_dict):
-    return {'success': True}
+    return _check_organization_access(data_dict, True)
 
 
 def delete_datarequest(context, data_dict):
diff --git a/ckanext/datarequests/db.py b/ckanext/datarequests/db.py
index 6900227..25cc077 100644
--- a/ckanext/datarequests/db.py
+++ b/ckanext/datarequests/db.py
@@ -81,10 +81,12 @@ def get_ordered_by_date(cls, organization_id=None, user_id=None, closed=None, q=
 
         # For sysadmins, we show all the data requests.
         restricted_org_id = None
+
+        # If it is regular user, and the organization_id is not provided, filter it based on current user's organizations.
         if not current_user.sysadmin and organization_id is None:
             current_user_orgs = h.organizations_available('read') or []
             restricted_org_id = [org['id'] for org in current_user_orgs]
-            query = query.filter(cls.requesting_organisation.in_(restricted_org_id))
+            query = query.filter(cls.organization_id.in_(restricted_org_id))
 
         current_user_id = current_user.id if current_user else None
         if current_user_id: