diff --git a/app/controllers/oer/endpoints.php b/app/controllers/oer/endpoints.php
index 30c97160f57b82204b48679ec45865abee74be7b..8eb286fad1cd2e7df9a6930c3a360d4aa58b6575 100644
--- a/app/controllers/oer/endpoints.php
+++ b/app/controllers/oer/endpoints.php
@@ -3,6 +3,8 @@
 class Oer_EndpointsController extends StudipController
 {
 
+    protected $with_session = true;  //we do need to have a session for this controller
+
     public function index_action()
     {
         $this->controllerreflection = new ReflectionClass($this);
@@ -297,7 +299,7 @@ class Oer_EndpointsController extends StudipController
     public function download_action($material_id, $disposition = "inline")
     {
         $this->material = new OERMaterial($material_id);
-        if ($this->material['draft']) {
+        if ($this->material['draft'] && !$this->material->isMine()) {
             throw new AccessDeniedException();
         }