diff --git a/server/vbv_lernwelt/course/permissions.py b/server/vbv_lernwelt/course/permissions.py
index 54619d0d..dce53c49 100644
--- a/server/vbv_lernwelt/course/permissions.py
+++ b/server/vbv_lernwelt/course/permissions.py
@@ -18,7 +18,7 @@ def has_course_access(user, course_id):
     return False
 
 
-def is_course_expert(user, course_id):
+def is_course_expert(user, course_id: int):
     if user.is_superuser:
         return True
 
@@ -41,25 +41,23 @@ def course_sessions_for_user_qs(user):
     return course_sessions
 
 
-def is_circle_expert(user, learning_sequence, course) -> bool:
+def is_circle_expert(user, course_session_id: int, learning_sequence_id: int) -> bool:
     if user.is_superuser:
         return True
 
     try:
-        learning_sequence = LearningSequence.objects.get(id=learning_sequence)
+        learning_sequence = LearningSequence.objects.get(id=learning_sequence_id)
     except LearningSequence.DoesNotExist:
         return False
 
     circle_id = learning_sequence.get_parent().circle.id
 
-    try:
-        CourseSessionUser.objects.get(
-            course_session__id=course,
-            user_id=user.id,
-            role=CourseSessionUser.Role.EXPERT,
-            expert__id=circle_id,
-        )
-    except CourseSessionUser.DoesNotExist:
-        return False
+    if CourseSessionUser.objects.filter(
+        id=course_session_id,
+        user=user,
+        role=CourseSessionUser.Role.EXPERT,
+        expert__id=circle_id,
+    ).exists():
+        return True
 
-    return True
+    return False
diff --git a/server/vbv_lernwelt/course/views.py b/server/vbv_lernwelt/course/views.py
index 83f670a2..9ca01fe9 100644
--- a/server/vbv_lernwelt/course/views.py
+++ b/server/vbv_lernwelt/course/views.py
@@ -15,8 +15,8 @@ from vbv_lernwelt.course.permissions import (
     course_sessions_for_user_qs,
     has_course_access,
     has_course_access_by_page_request,
-    is_course_expert,
     is_circle_expert,
+    is_course_expert,
 )
 from vbv_lernwelt.course.serializers import (
     CourseCompletionSerializer,
@@ -161,8 +161,8 @@ def document_upload_start(request):
 
     if not is_circle_expert(
         request.user,
-        serializer.validated_data["learning_sequence"],
         serializer.validated_data["course_session"],
+        serializer.validated_data["learning_sequence"],
     ):
         raise PermissionDenied()
 
@@ -217,7 +217,7 @@ def document_direct_upload(request, file_id):
 def document_delete(request, document_id):
     document = get_object_or_404(CircleDocument, id=document_id)
     if not is_circle_expert(
-        request.user, document.learning_sequence_id, document.course_session_id
+        request.user, document.course_session.id, document.learning_sequence.id
     ):
         raise PermissionDenied()