diff --git a/build/api/module/professor/pdfController.php b/build/api/module/professor/pdfController.php
index 8fd154d..c2219ac 100644
--- a/build/api/module/professor/pdfController.php
+++ b/build/api/module/professor/pdfController.php
@@ -22,9 +22,17 @@ class pdfController{
 	* @return download<File>			The PDF fiche
 	---------------------------------------------------------*/
 	public static function get($args){
+
 		$prof_id = -1;
 		extract($args);
 
+        if(!$_SESSION["CAS"]["admin"] && $_SESSION["CAS"]["id"] != $prof_id){
+            return [
+                'headers' => ["Content-Type" => "text/html"],
+                'body'    => "Unauthorized access"
+            ];
+        }
+
 		/* (0) Initialize
 		---------------------------------------------------------*/
 		/* (1) Initialize data structure */
diff --git a/config/modules.json b/config/modules.json
index b68a155..6602225 100644
--- a/config/modules.json
+++ b/config/modules.json
@@ -260,7 +260,7 @@
 
 			"GET": {
 				"des": "Get a professor's fiche",
-				"per": [["cas_admin"]],
+				"per": [["cas_admin"],["cas_user"]],
 				"par": {
 					"URL0": { "des": "Optional professor UID.", "typ": "id", "ren": "prof_id" }
 				},