diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index bf5b7f1..d3f05fd 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -12,6 +12,7 @@
 use App\Http\Middleware\RealNamed;
 use App\Http\Middleware\RedirectIfAuthenticated;
 use App\Http\Middleware\ReportRequestToCluster;
+use App\Http\Middleware\ResourceOwner;
 use App\Http\Middleware\TrimStrings;
 use App\Http\Middleware\TrustedDomain;
 use App\Http\Middleware\TrustProxies;
@@ -107,5 +108,6 @@ class Kernel extends HttpKernel
         'banned' => ValidateUserIfBanned::class,
         'admin.validateReferer' => ValidateReferer::class,
         'real_named' => RealNamed::class,
+        'resource_owner' => ResourceOwner::class,
     ];
 }
diff --git a/app/Http/Middleware/ResourceOwner.php b/app/Http/Middleware/ResourceOwner.php
new file mode 100644
index 0000000..814dc6d
--- /dev/null
+++ b/app/Http/Middleware/ResourceOwner.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+
+class ResourceOwner
+{
+    /**
+     * Handle an incoming request.
+     */
+    public function handle(Request $request, Closure $next, $model): Response|RedirectResponse
+    {
+        $model = $request->route($model);
+
+        if ($model && isset($model->user_id) && $request->user()) {
+            // if module has user_id and user is logined
+            if ($model->user_id != $request->user()->id) {
+                abort(403);
+            }
+        }
+
+        return $next($request);
+    }
+}