diff --git a/controllers/CalendarController.php b/controllers/CalendarController.php
index e7e7931..d625ad5 100644
--- a/controllers/CalendarController.php
+++ b/controllers/CalendarController.php
@@ -137,6 +137,11 @@ public function actionUpdate($id)
     {
         $model = $this->findModel($id);
 
+        if (!Access::isCreator($model)) {
+            throw new \yii\web\ForbiddenHttpException("Not allowed!");
+            return;
+        }
+
         if ($model->load(Yii::$app->request->post()) && $model->save()) {
             return $this->redirect(['view', 'id' => $model->id]);
         } else {
@@ -154,7 +159,13 @@ public function actionUpdate($id)
      */
     public function actionDelete($id)
     {
-        $this->findModel($id)->delete();
+        $this->findModel($id);
+
+        if (Access::isCreator($model)) {
+            $model->delete();
+        } else {
+            throw new \yii\web\ForbiddenHttpException("Not allowed!");
+        }
 
         return $this->redirect(['index']);
     }
diff --git a/models/Access.php b/models/Access.php
index 99e3d27..0d6d610 100644
--- a/models/Access.php
+++ b/models/Access.php
@@ -108,4 +108,15 @@ public static function check($model)
 
         return $result;
     }
+
+    /**
+     * Check if user is creator the model.
+     * @param \app\models\Calendar $model
+     * @return bool
+     */
+    public static function isCreator($model)
+    {
+        $currentUserID = \Yii::$app->user->id;
+        return $currentUserID === $model->creatorID;
+    }
 }