diff --git a/src/Controller/OfferController.php b/src/Controller/OfferController.php
index b6a7c0c..c823e38 100644
--- a/src/Controller/OfferController.php
+++ b/src/Controller/OfferController.php
@@ -13,6 +13,7 @@ use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Component\Routing\Annotation\Route;
 use Twig\Environment;
 
@@ -86,33 +87,37 @@ class OfferController extends AbstractController
     {
         $form = $this->createForm(OfferingFormType::class, $offer);
         $user = $this->getUser(); 
+        if ($offer->getByUser() === $user)
+        {
+            $form->handleRequest($request);
 
-        $form->handleRequest($request);
+            if ($form->isSubmitted() && $form->isValid()) {
+                $offer->setByUser($user);
+                $offer->setCreatedAt(new \DateTime());
 
-        if ($form->isSubmitted() && $form->isValid()) {
-            $offer->setByUser($user);
-            $offer->setCreatedAt(new \DateTime());
-
-            if ($photo = $form['photo']->getData()) {
-                $filename = bin2hex(random_bytes(6)).'.'.$photo->guessExtension();
-                try {
-                    $photo->move($photoDir, $filename);
-                } catch (FileException $e) {
-                    // unable to upload the photo, give up
-                    $this->addFlash("error", "There was an error uploading the photo: ".$e);
-                    return $this->redirectToRoute('new_offer');
+                if ($photo = $form['photo']->getData()) {
+                    $filename = bin2hex(random_bytes(6)).'.'.$photo->guessExtension();
+                    try {
+                        $photo->move($photoDir, $filename);
+                    } catch (FileException $e) {
+                        // unable to upload the photo, give up
+                        $this->addFlash("error", "There was an error uploading the photo: ".$e);
+                        return $this->redirectToRoute('new_offer');
+                    }
+                    $offer->setPhotoFilename($filename);
                 }
-                $offer->setPhotoFilename($filename);
-            }
 
-            $this->entityManager->persist($offer);
-            $this->entityManager->flush();
-        } 
+                $this->entityManager->persist($offer);
+                $this->entityManager->flush();
+            } 
 
-        return $this->render('offer/edit.html.twig', [
-            'user' => $this->getUser(),
-            'offer' => $offer,
-            'offer_form' => $form->createView(),
-        ]);
+            return $this->render('offer/edit.html.twig', [
+                'user' => $this->getUser(),
+                'offer' => $offer,
+                'offer_form' => $form->createView(),
+            ]);
+        }
+        
+        throw new HttpException(403, "No permisison");
     }
 }