diff --git a/forum/permissions.py b/forum/permissions.py
new file mode 100644
index 0000000..9d98c82
--- /dev/null
+++ b/forum/permissions.py
@@ -0,0 +1,32 @@
+from rolepermissions.permissions import register_object_checker
+from amadeus.roles import SystemAdmin
+
+@register_object_checker()
+def view_forum(role, user, forum):
+    if (role == SystemAdmin):
+        return True
+
+    if (user in forum.topic.subject.professors.all() or user in forum.topic.subject.students.all()):
+        return True
+
+    return False
+
+@register_object_checker()
+def edit_forum(role, user, forum):
+    if (role == SystemAdmin):
+        return True
+
+    if (user in forum.topic.subject.professors.all()):
+        return True
+
+    return False
+
+@register_object_checker()
+def delete_forum(role, user, forum):
+    if (role == SystemAdmin):
+        return True
+
+    if (user in forum.topic.subject.professors.all()):
+        return True
+
+    return False
diff --git a/forum/templates/forum/forum_view.html b/forum/templates/forum/forum_view.html
index 18272fc..f19b088 100644
--- a/forum/templates/forum/forum_view.html
+++ b/forum/templates/forum/forum_view.html
@@ -34,7 +34,7 @@
         </div>
     </div>
     
-    {% if request.user|has_role:'system_admin' or request.user|has_role:'professor' and request.user == post.user %}
+    {% if request.user|has_role:'system_admin' or request.user|has_role:'professor' and request.user in forum.topic.subject.professors.all %}
         <div class="panel panel-primary navigation">
             <div class="panel-heading">
                 <h3 class="panel-title">{% trans 'Actions' %}</h3>
diff --git a/forum/views.py b/forum/views.py
index c239be0..b989123 100644
--- a/forum/views.py
+++ b/forum/views.py
@@ -9,6 +9,9 @@ from django.http import Http404, JsonResponse
 from django.urls import reverse
 from django.template.loader import render_to_string
 
+from rolepermissions.mixins import HasRoleMixin
+from rolepermissions.verifications import has_object_permission
+
 from .models import Forum, Post, PostAnswer
 from courses.models import Topic
 from core.models import Action, Resource
@@ -41,7 +44,9 @@ class ForumIndex(LoginRequiredMixin, generic.ListView):
 
 		return context
 
-class CreateForumView(LoginRequiredMixin, generic.edit.CreateView, NotificationMixin):
+class CreateForumView(LoginRequiredMixin, HasRoleMixin, generic.edit.CreateView, NotificationMixin):
+	allowed_roles = ['professor', 'system_admin']
+
 	login_url = reverse_lazy("core:home")	
 	redirect_field_name = 'next'
 
@@ -69,7 +74,9 @@ def render_forum(request, forum):
 
 	return JsonResponse({'url': str(reverse_lazy('course:forum:view', args = (), kwargs = {'slug': last_forum.slug})), 'forum_id': str(forum), 'name': str(last_forum.name)})
 
-class UpdateForumView(LoginRequiredMixin, generic.UpdateView):
+class UpdateForumView(LoginRequiredMixin, HasRoleMixin, generic.UpdateView):
+	allowed_roles = ['professor', 'system_admin']
+
 	login_url = reverse_lazy("core:home")	
 	redirect_field_name = 'next'
 
@@ -77,6 +84,14 @@ class UpdateForumView(LoginRequiredMixin, generic.UpdateView):
 	form_class = ForumForm
 	model = Forum
 	
+	def dispatch(self, *args, **kwargs):
+		forum = get_object_or_404(Forum, id = self.kwargs.get('pk'))
+
+		if(not has_object_permission('edit_forum', self.request.user, forum)):
+			return self.handle_no_permission()
+
+		return super(UpdateForumView, self).dispatch(*args, **kwargs)
+
 	def form_invalid(self, form):
 		return self.render_to_response(self.get_context_data(form = form), status = 400)
 
@@ -93,7 +108,9 @@ def render_edit_forum(request, forum):
 
 	return render(request, 'forum/render_forum.html', context)
 
-class ForumDeleteView(LoginRequiredMixin, generic.DeleteView):
+class ForumDeleteView(LoginRequiredMixin, HasRoleMixin, generic.DeleteView):
+	allowed_roles = ['professor', 'system_admin']
+
 	login_url = reverse_lazy("core:home")
 	redirect_field_name = 'next'
 
@@ -101,6 +118,14 @@ class ForumDeleteView(LoginRequiredMixin, generic.DeleteView):
 	pk_url_kwarg = 'pk'	
 	success_url = reverse_lazy('course:forum:deleted_forum')
 
+	def dispatch(self, *args, **kwargs):
+		forum = get_object_or_404(Forum, id = self.kwargs.get('pk'))
+
+		if(not has_object_permission('delete_forum', self.request.user, forum)):
+			return self.handle_no_permission()
+
+		return super(ForumDeleteView, self).dispatch(*args, **kwargs)
+
 def forum_deleted(request):
 	return HttpResponse(_("Forum deleted successfully."))
 
@@ -112,6 +137,14 @@ class ForumDetailView(LoginRequiredMixin, generic.DetailView):
 	template_name = 'forum/forum_view.html'
 	context_object_name = 'forum'
 
+	def dispatch(self, *args, **kwargs):
+		forum = get_object_or_404(Forum, slug = self.kwargs.get('slug'))
+
+		if(not has_object_permission('view_forum', self.request.user, forum)):
+			return self.handle_no_permission()
+
+		return super(ForumDetailView, self).dispatch(*args, **kwargs)
+
 	def get_context_data(self, **kwargs):
 		context = super(ForumDetailView, self).get_context_data(**kwargs)
 		forum = get_object_or_404(Forum, slug = self.kwargs.get('slug'))
--
libgit2 0.21.2