diff --git a/aleksis/apps/alsijil/views.py b/aleksis/apps/alsijil/views.py
index b74df3175dd1fabc02f2d6e528b3ce8c580400fb..890f250e205a6f4dcf20b1fcd52e4fb55089b1db 100644
--- a/aleksis/apps/alsijil/views.py
+++ b/aleksis/apps/alsijil/views.py
@@ -856,12 +856,11 @@ def overview_person(request: HttpRequest, id_: Optional[int] = None) -> HttpResp
     context["personal_notes"] = personal_notes_list
     context["excuse_types"] = ExcuseType.objects.all()
 
-    form = PersonOverviewForm(request, request.POST or None, queryset=PersonalNote.objects.all())
+    form = PersonOverviewForm(request, request.POST or None, queryset=allowed_personal_notes)
     if request.method == "POST":
         if form.is_valid():
             with reversion.create_revision():
                 reversion.set_user(request.user)
-                # FIXME CHECK PERMISSION
                 form.execute()
             person.refresh_from_db()
     context["action_form"] = form