diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 3267466e18cfab0f9e76552a93147822e8571bb4..8758d42c92928ecdd3bb562921a11c2b441b85d1 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,14 @@ All notable changes to this project will be documented in this file.
 The format is based on `Keep a Changelog`_,
 and this project adheres to `Semantic Versioning`_.
 
+`3.2.2`_ - 2025-01-18
+---------------------
+
+Fixed
+~~~~~
+
+* Not-logged in users were able to access all PDF files.
+
 `3.2.1`_ - 2024-06-27
 ---------------------
 
@@ -1255,3 +1263,4 @@ Fixed
 .. _3.1.5: https://edugit.org/AlekSIS/official/AlekSIS-Core/-/tags/3.1.5
 .. _3.2.0: https://edugit.org/AlekSIS/official/AlekSIS-Core/-/tags/3.2.0
 .. _3.2.1: https://edugit.org/AlekSIS/official/AlekSIS-Core/-/tags/3.2.1
+.. _3.2.2: https://edugit.org/AlekSIS/official/AlekSIS-Core/-/tags/3.2.2
diff --git a/aleksis/core/schema/__init__.py b/aleksis/core/schema/__init__.py
index a11fbb427d3c585ec145c83446dbab9cc7b856e4..229ba34e9672c8ad94e3db78e6dbad88bbf30977 100644
--- a/aleksis/core/schema/__init__.py
+++ b/aleksis/core/schema/__init__.py
@@ -131,9 +131,9 @@ class Query(graphene.ObjectType):
 
     def resolve_pdf_by_id(root, info, id, **kwargs):  # noqa
         pdf_file = PDFFile.objects.get(pk=id)
-        if has_person(info.context) and not info.context.user.person == pdf_file.person:
-            raise PermissionDenied()
-        return pdf_file
+        if has_person(info.context) and info.context.user.person == pdf_file.person:
+            return pdf_file
+        return None
 
     def resolve_search_snippets(root, info, query, limit=-1, **kwargs):
         indexed_models = UnifiedIndex().get_indexed_models()