diff -r 2cb8d11aa9ca -r 8ff8e2aee0f9 src/notes/api/permissions/core.py
--- a/src/notes/api/permissions/core.py	Tue Jul 18 17:59:28 2017 +0200
+++ b/src/notes/api/permissions/core.py	Wed Jul 19 15:57:13 2017 +0200
@@ -35,3 +35,21 @@
         else:
             return True
 
+class RootNotePermission(IsAuthenticated):
+    """
+    Permissions for notes
+    """
+
+    def has_permission(self, request, view):
+        """
+        Return `True` if permission is granted, `False` otherwise.
+        """
+        is_authenticated = super().has_permission(request, view)
+        return is_authenticated
+        # if not is_authenticated:
+        #     return False
+        # session_ext_id = view.kwargs.get('session_ext_id')
+        # if is_authenticated and session_ext_id:
+        #     return Session.objects.filter(ext_id=session_ext_id, owner=request.user).exists()
+        # else:
+        #     return True