diff --git a/src/homework/serializers.py b/src/homework/serializers.py
index 15fb166b29112dff56842ee7d93eedba5d53af41..f7d7c81b2d31467a445b1d9a547808b85c9bc6f4 100755
--- a/src/homework/serializers.py
+++ b/src/homework/serializers.py
@@ -32,5 +32,8 @@ class SolutionSerializer(serializers.ModelSerializer):
     def validate(self, data):
         if timezone.now() > data['task'].deadline:
             raise serializers.ValidationError('You late.')
-        data['accepted'] = False
         return data
+
+    def create(self, validated_data):
+        validated_data['accepted'] = False
+        return self.Meta.model.objects.create(**validated_data)
diff --git a/src/homework/views.py b/src/homework/views.py
index 253bb39230e05f96f21ce26351c305f9fbc8933a..41f1638a5484fe74cf9f471ea353da89cb9ee7c8 100755
--- a/src/homework/views.py
+++ b/src/homework/views.py
@@ -1,6 +1,7 @@
 from rest_framework import viewsets
 
 from common import permissions
+from rest_framework.permissions import IsAuthenticated
 from . import serializers
 from . import models
 
@@ -13,7 +14,14 @@ class TasksViewSet(viewsets.ModelViewSet):
 
 class SolutionsViewSet(viewsets.ModelViewSet):
     serializer_class = serializers.SolutionSerializer
-    queryset = models.Solution.objects.all()
-    permission_classes = (permissions.IsStaffOrReadOnlyForAuthenticated, )
+    permission_classes = (IsAuthenticated, )
 
-    # view
+    def get_queryset(self):
+        user = self.request.user
+        queryset = models.Solution.objects.filter(created_by=user)
+        if user.has_perm(permissions.IsStaffUser):
+            queryset = models.Solution.objects.all()
+            user_id = self.request.query_params.get('userID', None)
+            if user_id is not None:
+                queryset = queryset.filter(created_by=user_id)
+        return queryset