diff --git a/apps/utils/methods.py b/apps/utils/methods.py
index a2fd4bd3..bd069ce0 100644
--- a/apps/utils/methods.py
+++ b/apps/utils/methods.py
@@ -7,6 +7,7 @@ import string
 from collections import namedtuple
 from functools import reduce
 from io import BytesIO
+from operator import or_
 
 import requests
 from PIL import Image
@@ -242,12 +243,12 @@ def get_image_meta_by_url(url) -> (int, int, int):
 def get_permission_classes(*args) -> list:
     """Return permission_class object with admin permissions."""
     from rest_framework.permissions import IsAdminUser
-    from utils.permissions import IsCountryAdmin
+    from utils.permissions import IsCountryAdmin, IsReadOnly
 
-    admin_permission_classes = [IsCountryAdmin, IsAdminUser]
+    admin_permission_classes = [IsCountryAdmin, IsAdminUser, IsReadOnly]
     permission_classes = [
         reduce(
-            lambda a, b: a | b, admin_permission_classes + list(args)
+            or_, admin_permission_classes + list(args)
         )
     ]
     return permission_classes
diff --git a/apps/utils/permissions.py b/apps/utils/permissions.py
index 7fe145f5..877d4a50 100644
--- a/apps/utils/permissions.py
+++ b/apps/utils/permissions.py
@@ -53,7 +53,7 @@ class IsRefreshTokenValid(permissions.BasePermission):
         return False
 
 
-class IsGuest(permissions.IsAuthenticatedOrReadOnly):
+class IsGuest(permissions.BasePermission):
     """
     Object-level permission to only allow owners of an object to edit it.
     """
@@ -66,6 +66,15 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
         return all(rules)
 
 
+class IsReadOnly(permissions.BasePermission):
+    """
+    Allows getting access to resource only if request method in SAFE_METHODs.
+    """
+
+    def has_permission(self, request, view):
+        return request.method in SAFE_HTTP_METHODS
+
+
 class IsApprovedUser(IsAuthenticatedAndTokenIsValid):
     """
     Object-level permission to only allow owners of an object to edit it.
@@ -200,7 +209,7 @@ class IsEstablishmentAdministrator(IsApprovedUser):
                 ).only('id')
                 has_permission = True if user_role.exists() else has_permission
         rules.append(has_permission)
-        return all(rules)
+        return bool(request.method in SAFE_HTTP_METHODS or all(rules))
 
     def has_object_permission(self, request, view, obj):
         rules = [