diff --git a/server/vbv_lernwelt/self_evaluation_feedback/tests/test_api.py b/server/vbv_lernwelt/self_evaluation_feedback/tests/test_api.py
index 5c9772d3..721d8fb3 100644
--- a/server/vbv_lernwelt/self_evaluation_feedback/tests/test_api.py
+++ b/server/vbv_lernwelt/self_evaluation_feedback/tests/test_api.py
@@ -436,6 +436,8 @@ class SelfEvaluationFeedbackAPI(APITestCase):
 
         # WHEN / THEN
         test_cases = [
+            # principle_user wants to access target_user
+            #   -> expected_status_code
             (self.member, self.member, 200),
             (self.mentor, self.member, 200),
             (expert, self.member, 200),
diff --git a/server/vbv_lernwelt/self_evaluation_feedback/views.py b/server/vbv_lernwelt/self_evaluation_feedback/views.py
index 5deea687..7d99cdb5 100644
--- a/server/vbv_lernwelt/self_evaluation_feedback/views.py
+++ b/server/vbv_lernwelt/self_evaluation_feedback/views.py
@@ -99,7 +99,7 @@ def get_course_session_user_feedback_summaries(
     user_to_lookup = get_object_or_404(User, id=user_id)
 
     if not can_view_course_completions(
-        user=get_object_or_404(User, id=user_id),
+        user=request.user,  # noqa
         course_session_id=course_session_id,
         target_user_id=user_id,
     ):