diff --git a/api/views/__init__.py b/api/views/__init__.py
index 97682e80..86a33cc6 100644
--- a/api/views/__init__.py
+++ b/api/views/__init__.py
@@ -2,10 +2,20 @@ from rest_framework.response import Response
 from rest_framework import viewsets
 from django.core.exceptions import PermissionDenied
 from rest_framework.decorators import detail_route
+from django.db.models.query import QuerySet
 
 from core.views import can_view, can_edit
 
-class RightManagedModelViewSet(viewsets.ModelViewSet):
+def check_if(obj, user, test):
+    if (isinstance(obj, QuerySet)):
+        for o in obj:
+            if (test(o, user) is False):
+                return False
+        return True
+    else:
+        return test(obj, user)
+
+class RightManagedModelViewSet(viewsets.ReadOnlyModelViewSet):
 
     @detail_route()
     def id(self, request, pk=None):
@@ -22,9 +32,7 @@ class RightManagedModelViewSet(viewsets.ModelViewSet):
         obj = self.queryset
         user = self.request.user
         try:
-            if (request.method == 'GET' and can_view(obj, user)):
-                return res
-            elif (request.method != 'GET' and can_edit(obj, user)):
+            if (check_if(obj, user, can_view)):
                 return res
         except: pass # To prevent bug with Anonymous user
         raise PermissionDenied