diff --git a/tournaments/permissions.py b/tournaments/permissions.py
new file mode 100644
index 0000000..96c917e
--- /dev/null
+++ b/tournaments/permissions.py
@@ -0,0 +1,11 @@
+from rest_framework import permissions
+
+class IsClubOwner(permissions.BasePermission):
+
+    def has_object_permission(self, request, view, club):
+        # Check if the request user is the owner of the club
+
+        print(club.creator.id)
+        print(request.user.id)
+
+        return club.creator == request.user
diff --git a/tournaments/views.py b/tournaments/views.py
index e8836d2..15d51f0 100644
--- a/tournaments/views.py
+++ b/tournaments/views.py
@@ -23,6 +23,7 @@ from rest_framework import status
 from rest_framework.generics import UpdateAPIView
 from rest_framework.exceptions import MethodNotAllowed
 from rest_framework.permissions import IsAuthenticated
+from .permissions import IsClubOwner
 from django.template import loader
 from datetime import date
 from django.http import JsonResponse
@@ -230,7 +231,7 @@ class UserViewSet(viewsets.ModelViewSet):
 class ClubViewSet(viewsets.ModelViewSet):
     queryset = Club.objects.all()
     serializer_class = ClubSerializer
-    permission_classes = [] # Clubs are public whereas the other requests are only for logged users
+    permission_classes = [IsClubOwner] # Clubs are public whereas the other requests are only for logged users
 
 class TournamentViewSet(viewsets.ModelViewSet):
     queryset = Tournament.objects.all()