diff --git a/src/homework/migrations/0004_auto_20180125_1817.py b/src/homework/migrations/0004_auto_20180125_1817.py
new file mode 100644
index 0000000000000000000000000000000000000000..9693462cf1df61aa81b3afd1810968e5b8ee444b
--- /dev/null
+++ b/src/homework/migrations/0004_auto_20180125_1817.py
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.5 on 2018-01-25 17:17
+from __future__ import unicode_literals
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('homework', '0003_auto_20180124_1818'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='solution',
+            name='created_by',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+        ),
+    ]
diff --git a/src/homework/models.py b/src/homework/models.py
index 0e94c27c497efe4e6dd8eed001356a8b5b0a27b5..87772df30ab9d524475153825894519cac862e17 100644
--- a/src/homework/models.py
+++ b/src/homework/models.py
@@ -51,7 +51,7 @@ class Solution(models.Model):
     task = models.ForeignKey(Task, related_name='task_solution', on_delete=models.CASCADE, )
     # student = models.ForeignKey(account.models.Profile, related_name='student_solution',  on_delete=models.CASCADE)
     date = models.DateTimeField(auto_now_add=True, editable=False, )
-    ready = models.BooleanField(default=False, ) #if(Soulution.date <= Task.deadline)
+    ready = models.BooleanField(default=False, )  # if(Soulution.date <= Task.deadline)
     accepted = models.BooleanField(default=False, )
     files = models.FileField(
         validators=[validators.FileExtensionValidator(
diff --git a/src/homework/permissions.py b/src/homework/permissions.py
index 762faedb33fa88dc0dbe620325847a39bd1809ce..936e9032572e7ed3cf511771a3478170d16e72ff 100644
--- a/src/homework/permissions.py
+++ b/src/homework/permissions.py
@@ -34,4 +34,4 @@ class IsStaffOrReadOnlyForAuthenticated(BasePermission):
         return (request.user.is_staff or
                 request.method in SAFE_METHODS and
                 request.user.is_authenticated
-        )
+                )
diff --git a/src/homework/views.py b/src/homework/views.py
index 2d0344bd9b35109ba97288633535d3bfa4c0921e..4c295b6decd2c90aaeaa245ade211aad84666278 100644
--- a/src/homework/views.py
+++ b/src/homework/views.py
@@ -17,7 +17,7 @@ class TasksViewSet(viewsets.ModelViewSet):
 class SolutionViewSet(viewsets.ModelViewSet):
     serializer_class = serializers.SolutionSerializer
     queryset = models.Solution.objects.all()
-    permission_classes = (permissions.SolutionPermission, )
+    permission_classes = (permissions.IsStaffOrReadOnlyForAuthenticated, )
 
     def create(self, request, *args, **kwargs):
         serializer = self.get_serializer(data=request.data)
diff --git a/src/kszkepzes/urls.py b/src/kszkepzes/urls.py
index cb9bbcdc434a5db23b90606ebf69b6744b115a65..ca34d4bb7c71d3f73ced8ea75bdf733139b7d239 100644
--- a/src/kszkepzes/urls.py
+++ b/src/kszkepzes/urls.py
@@ -22,4 +22,5 @@ urlpatterns = [
     url(r'^api/v1/homework/', include('homework.urls')),
     url(r'^api/v1/', include('stats.urls')),
     url(r'^api/v1/', include('account.urls')),
+    url(r'^api/v1/', include('news.urls')),
 ]
diff --git a/src/news/permissions.py b/src/news/permissions.py
new file mode 100644
index 0000000000000000000000000000000000000000..af200e51fd2bded246fdff376bc667109a87f632
--- /dev/null
+++ b/src/news/permissions.py
@@ -0,0 +1,11 @@
+from rest_framework.permissions import BasePermission
+from rest_framework.permissions import SAFE_METHODS
+
+
+class IsStaffOrReadOnlyForAuthenticated(BasePermission):
+
+    def has_permission(self, request, view):
+        return (request.user.is_staff or
+                request.method in SAFE_METHODS and
+                request.user.is_authenticated
+                )
diff --git a/src/news/views.py b/src/news/views.py
index ab6f5f78958686a8070bf004faa4877061213d4f..7ddf4881487ae34e32428022d7887665c88cf685 100644
--- a/src/news/views.py
+++ b/src/news/views.py
@@ -1,4 +1,4 @@
-from rest_framework.permissions import IsAdminUser, IsAuthenticated
+from news.permissions import IsStaffOrReadOnlyForAuthenticated
 from rest_framework import viewsets
 from news.models import Article
 from news.serializers import ArticleListSerializer
@@ -6,5 +6,5 @@ from news.serializers import ArticleListSerializer
 
 class NewsViewSet(viewsets.ModelViewSet):
     serializer_class = ArticleListSerializer
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsStaffOrReadOnlyForAuthenticated]
     queryset = Article.objects.all()