diff --git a/aleksis/apps/alsijil/models.py b/aleksis/apps/alsijil/models.py
index c85b285eb1b11b54f7d5ad1896a9d0d04ec7dcc6..ed1da5ee7538b53ac64b5a9d152ce38f1425ebe7 100644
--- a/aleksis/apps/alsijil/models.py
+++ b/aleksis/apps/alsijil/models.py
@@ -709,7 +709,10 @@ class Documentation(CalendarEvent):
                 *cls.parse_dummy(_id),
             ), True
 
-        return cls.objects.get(id=_id), False
+        obj = cls.objects.get(id=_id)
+        if not user.has_perm("alsijil.edit_documentation_rule", obj):
+            raise PermissionDenied()
+        return obj, False
 
     def touch(self):
         """Ensure that participation statuses are created for this documentation."""
diff --git a/aleksis/apps/alsijil/schema/documentation.py b/aleksis/apps/alsijil/schema/documentation.py
index 39eed04a4a688c4c8c0aa0dc333fc02e852ab2a4..4f6436297e9ecdb0cc93223bbe960286ca54fe9f 100644
--- a/aleksis/apps/alsijil/schema/documentation.py
+++ b/aleksis/apps/alsijil/schema/documentation.py
@@ -110,9 +110,6 @@ class DocumentationBatchCreateOrUpdateMutation(graphene.Mutation):
         # is only introduced in Django 5.0
         obj, __ = Documentation.get_or_create_by_id(_id, info.context.user)
 
-        if not info.context.user.has_perm("alsijil.edit_documentation_rule", obj):
-            raise PermissionDenied()
-
         if doc.topic is not None:
             obj.topic = doc.topic
         if doc.homework is not None: