diff --git a/Controller/ApiController.php b/Controller/ApiController.php
index bef1a66..909fe3a 100755
--- a/Controller/ApiController.php
+++ b/Controller/ApiController.php
@@ -287,7 +287,7 @@ final class ApiController extends Controller
         if (!$template->isStandalone) {
             /** @var Report[] $report */
             $report = ReportMapper::getNewest(1,
-                (new Builder($this->app->dbPool->get()))->where('helper_report.helper_report_template', '=', $template->getId())
+                (new Builder($this->app->dbPool->get()))->where('helper_report_d3.helper_report_template', '=', $template->getId())
             );
 
             $rcoll  = [];
diff --git a/tests/Controller/ApiControllerTest.php b/tests/Controller/ApiControllerTest.php
index b6489ea..129a987 100644
--- a/tests/Controller/ApiControllerTest.php
+++ b/tests/Controller/ApiControllerTest.php
@@ -31,6 +31,7 @@ use phpOMS\Module\ModuleManager;
 use phpOMS\Router\WebRouter;
 use phpOMS\Uri\HttpUri;
 use phpOMS\Utils\TestUtils;
+use phpOMS\System\File\Local\Directory;
 
 /**
  * @testdox Modules\Helper\tests\Controller\ApiControllerTest: Helper api controller
@@ -188,6 +189,53 @@ final class ApiControllerTest extends \PHPUnit\Framework\TestCase
         \rmdir(__DIR__ . '/temp');
     }
 
+    /**
+     * @covers Modules\Helper\Controller\ApiController
+     * @group module
+     */
+    public function testTemplateCreateInvalidPermission() : void
+    {
+        $response = new HttpResponse();
+        $request  = new HttpRequest(new HttpUri(''));
+
+        $request->header->account = 9999;
+        $request->setData('name', \ucfirst('depreciation'));
+        $request->setData('standalone', false);
+        $request->setData('tags', '[{"title": "TestTitle", "color": "#f0f", "language": "en"}, {"id": 1}]');
+
+        $files = [];
+
+        if (!\is_dir(__DIR__ . '/temp')) {
+            \mkdir(__DIR__ . '/temp');
+        }
+
+        $helperFiles = \scandir(__DIR__ . '/../depreciation');
+        foreach ($helperFiles as $filePath) {
+            if (!\is_file(__DIR__ . '/../depreciation/' . $filePath)
+                || $filePath === '..' || $filePath === '.'
+            ) {
+                continue;
+            }
+
+            \copy(__DIR__ . '/../depreciation/' . $filePath, __DIR__ . '/temp/' . $filePath);
+
+            $files[] = [
+                'error'    => \UPLOAD_ERR_OK,
+                'type'     => \substr($filePath, \strrpos($filePath, '.') + 1),
+                'name'     => $filePath,
+                'tmp_name' => __DIR__ . '/temp/' . $filePath,
+                'size'     => \filesize(__DIR__ . '/temp/' . $filePath),
+            ];
+        }
+
+        TestUtils::setMember($request, 'files', $files);
+
+        $this->module->apiTemplateCreate($request, $response);
+        self::assertEquals(RequestStatusCode::R_403, $response->header->status);
+
+        Directory::delete(__DIR__ . '/temp');
+    }
+
     /**
      * @covers Modules\Helper\Controller\ApiController
      * @group module
@@ -387,6 +435,23 @@ final class ApiControllerTest extends \PHPUnit\Framework\TestCase
         $this->module->apiReportCreate($request, $response);
     }
 
+    /**
+     * @covers Modules\Helper\Controller\ApiController
+     * @group module
+     */
+    public function testExportOtherTypeNotStandalone() : void
+    {
+        $response = new HttpResponse();
+        $request  = new HttpRequest(new HttpUri(''));
+
+        $request->header->account = 1;
+        $request->setData('id', self::$depreciationHelper2);
+        $request->setData('type', 'invalid');
+
+        $this->module->apiHelperExport($request, $response);
+        self::assertEquals(RequestStatusCode::R_200, $response->header->status); // is html "export"/render
+    }
+
     /**
      * @covers Modules\Helper\Controller\ApiController
      * @group module
diff --git a/tests/phpunit_default.xml b/tests/phpunit_default.xml
index 722365c..9208c99 100755
--- a/tests/phpunit_default.xml
+++ b/tests/phpunit_default.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="Bootstrap.php" colors="true" stopOnError="true" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" beStrictAboutTestsThatDoNotTestAnything="false" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="Bootstrap.php" colors="true" columns="120" stopOnError="true" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" beStrictAboutTestsThatDoNotTestAnything="false" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
   <coverage includeUncoveredFiles="true" processUncoveredFiles="false">
     <exclude>
       <directory>*vendor*</directory>