diff --git a/apps/comment/tests.py b/apps/comment/tests.py
index e91ee2f4..786f68d3 100644
--- a/apps/comment/tests.py
+++ b/apps/comment/tests.py
@@ -90,7 +90,7 @@ class CommentModeratorPermissionTests(BasePermissionTests):
 
     def test_get(self):
         response = self.client.get(self.url, format='json')
-        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
 
     def test_put_other_user(self):
         other_user = User.objects.create_user(username='test',
diff --git a/apps/comment/views/back.py b/apps/comment/views/back.py
index 8d836177..3b96cbd2 100644
--- a/apps/comment/views/back.py
+++ b/apps/comment/views/back.py
@@ -8,12 +8,13 @@ class CommentLstView(generics.ListCreateAPIView):
     """Comment list create view."""
     serializer_class = serializers.CommentBaseSerializer
     queryset = models.Comment.objects.all()
-    permission_classes = [permissions.IsAuthenticatedOrReadOnly|IsCountryAdmin|IsCommentModerator]
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly| IsCommentModerator|IsCountryAdmin]
 
 
 class CommentRUDView(generics.RetrieveUpdateDestroyAPIView):
     """Comment RUD view."""
     serializer_class = serializers.CommentBaseSerializer
     queryset = models.Comment.objects.all()
-    permission_classes = [IsCountryAdmin|IsCommentModerator]
+
+    permission_classes = [IsCountryAdmin | IsCommentModerator]
     lookup_field = 'id'
diff --git a/apps/location/serializers/back.py b/apps/location/serializers/back.py
index f25aacf6..c178f7fd 100644
--- a/apps/location/serializers/back.py
+++ b/apps/location/serializers/back.py
@@ -16,4 +16,5 @@ class CountryBackSerializer(common.CountrySerializer):
             'code',
             'svg_image',
             'name',
+            'country_id'
         ]
diff --git a/apps/location/tests.py b/apps/location/tests.py
index cb574036..eed68071 100644
--- a/apps/location/tests.py
+++ b/apps/location/tests.py
@@ -19,11 +19,6 @@ class BaseTestCase(APITestCase):
         self.user = User.objects.create_user(
             username=self.username, email=self.email, password=self.password)
 
-        # get tokens
-
-        # self.user.is_superuser = True
-        # self.user.save()
-
         tokkens = User.create_jwt_tokens(self.user)
         self.client.cookies = SimpleCookie(
             {'access_token': tokkens.get('access_token'),
diff --git a/apps/location/views/back.py b/apps/location/views/back.py
index cb8246a4..1cdd91da 100644
--- a/apps/location/views/back.py
+++ b/apps/location/views/back.py
@@ -4,7 +4,7 @@ from rest_framework import generics
 from location import models, serializers
 from location.views import common
 from utils.permissions import IsCountryAdmin
-
+from rest_framework.permissions import  IsAuthenticatedOrReadOnly
 # Address
 class AddressListCreateView(common.AddressViewMixin, generics.ListCreateAPIView):
     """Create view for model Address."""
@@ -50,7 +50,7 @@ class CountryListCreateView(generics.ListCreateAPIView):
     queryset = models.Country.objects.all()
     serializer_class = serializers.CountryBackSerializer
     pagination_class = None
-    permission_classes = [IsCountryAdmin]
+    permission_classes = [IsAuthenticatedOrReadOnly|IsCountryAdmin]
 
 class CountryRUDView(generics.RetrieveUpdateDestroyAPIView):
     """RUD view for model Country."""
diff --git a/apps/utils/permissions.py b/apps/utils/permissions.py
index 8ad1ae32..2a10200c 100644
--- a/apps/utils/permissions.py
+++ b/apps/utils/permissions.py
@@ -56,7 +56,15 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
     Object-level permission to only allow owners of an object to edit it.
     """
     def has_permission(self, request, view):
-        return request.user.is_authenticated
+        rules = [
+            request.method in permissions.SAFE_METHODS
+        ]
+    #     if hasattr(request, 'user.is_superuser'):
+    #         rules = [
+    #             request.user.is_superuser,
+    #             request.method in permissions.SAFE_METHODS
+    #         ]
+        return any(rules)
 
     def has_object_permission(self, request, view, obj):
 
@@ -131,7 +139,6 @@ class IsCountryAdmin(IsStandardUser):
         rules = [
             super().has_permission(request, view)
         ]
-
         # and request.user.email_confirmed,
         if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'):
             # Read permissions are allowed to any request.
@@ -153,9 +160,20 @@ class IsCountryAdmin(IsStandardUser):
             .first()  # 'Comments moderator'
 
         rules = [
-            UserRole.objects.filter(user=request.user, role=role).exists(),
-            super().has_object_permission(request, view, obj),
-        ]
+                super().has_object_permission(request, view, obj)
+            ]
+        # and request.user.email_confirmed,
+        if hasattr(request, 'user') and request.user.is_authenticated:
+            rules = [
+                UserRole.objects.filter(user=request.user, role=role).exists(),
+                super().has_object_permission(request, view, obj),
+            ]
+
+        if hasattr(request.data, 'user'):
+            rules = [
+                UserRole.objects.filter(user=request.data.user, role=role).exists(),
+                super().has_object_permission(request, view, obj),
+            ]
 
         return any(rules)