diff --git a/controllers/topics.js b/controllers/topics.js
index a2087b8896..911d6e5b99 100644
--- a/controllers/topics.js
+++ b/controllers/topics.js
@@ -372,7 +372,11 @@ router.get('/:topicId', (req, res, next) => {
 		const isCourseTeacher = (course.teacherIds || []).includes(res.locals.currentUser._id);
 		const isCourseSubstitutionTeacher = (course.substitutionIds || []).includes(res.locals.currentUser._id);
 		const isTeacher = isCourseTeacher || isCourseSubstitutionTeacher;
-
+		if (!isTeacher && !isCourseSubstitutionTeacher) {
+			const error = new Error("You don't have permissions!");
+			error.status = 403;
+			return next(error);
+		} else
 		// return for consistent return
 		return res.render('topic/topic', {
 			...lesson,
diff --git a/package-lock.json b/package-lock.json
index ee61a4faf7..7c19346f34 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -164,7 +164,7 @@
 			},
 			"engines": {
 				"node": "18",
-				"npm": "9"
+				"npm": ">=9"
 			}
 		},
 		"node_modules/@ampproject/remapping": {