diff --git a/lib/classes/JsonApi/Routes/Consultations/Authority.php b/lib/classes/JsonApi/Routes/Consultations/Authority.php
index d3022a1382067c91899d5b295a89afdf9c6e0946..90ce3dad31e2b7cc6dd6945eb5deb87505b66e1a 100644
--- a/lib/classes/JsonApi/Routes/Consultations/Authority.php
+++ b/lib/classes/JsonApi/Routes/Consultations/Authority.php
@@ -44,6 +44,15 @@ final class Authority
         );
     }
 
+    public static function canBookSlotForUser(\User $user, \ConsultationSlot $slot, \User $booking_user): bool
+    {
+        if ($user->id !== $booking_user->id && !self::canEditSlot($user, $slot)) {
+            return false;
+        }
+
+        return self::canBookSlot($booking_user, $slot);
+    }
+
     public static function canShowBooking(\User $user, \ConsultationBooking $booking): bool
     {
         return self::canShowSlot($user, $booking->slot)
diff --git a/lib/classes/JsonApi/Routes/Consultations/BookingsCreate.php b/lib/classes/JsonApi/Routes/Consultations/BookingsCreate.php
index dd3566187d0f3bc71b238a933e8fac73f6f162a3..d041f954e821034bdc532e86c3a494820d39cf27 100644
--- a/lib/classes/JsonApi/Routes/Consultations/BookingsCreate.php
+++ b/lib/classes/JsonApi/Routes/Consultations/BookingsCreate.php
@@ -19,9 +19,10 @@ class BookingsCreate extends JsonApiController
         $json = $this->validate($request, $args);
 
         $slot = $this->getBookingSlot($json, $args);
+        $user = $this->getUser($request);
         $booking_user = $this->getBookingUser($json);
 
-        if (!Authority::canBookSlot($booking_user, $slot)) {
+        if (!Authority::canBookSlotForUser($user, $slot, $booking_user)) {
             throw new AuthorizationFailedException();
         }
 
diff --git a/tests/jsonapi/ConsultationsBookingCreateBySlotIndexTest.php b/tests/jsonapi/ConsultationsBookingCreateBySlotIndexTest.php
index 590343ddd5904af4604ac848a5d8b6b13fa24c90..3f33de4ae306f1cf4117ac0cef5bda614b1304b5 100644
--- a/tests/jsonapi/ConsultationsBookingCreateBySlotIndexTest.php
+++ b/tests/jsonapi/ConsultationsBookingCreateBySlotIndexTest.php
@@ -6,7 +6,6 @@ use WoohooLabs\Yang\JsonApi\Response\JsonApiResponse;
 
 require_once __DIR__ . '/ConsultationHelper.php';
 
-// TODO: Test locked blocks
 class ConsultationsBookingCreateBySlotIndexTest extends Codeception\Test\Unit
 {
     use ConsultationHelper;