raise PermissionDenied if someone tries to save an object without can_update rights
diff --git a/planetstack/core/models/plcorebase.py b/planetstack/core/models/plcorebase.py
index 8d657a7..b9692c6 100644
--- a/planetstack/core/models/plcorebase.py
+++ b/planetstack/core/models/plcorebase.py
@@ -5,6 +5,7 @@
 from django.core.urlresolvers import reverse
 from django.forms.models import model_to_dict
 from django.utils import timezone
+from django.core.exceptions import PermissionDenied
 import model_policy
 
 try:
@@ -128,12 +129,14 @@
         self.__initial = self._dict
 
     def save_by_user(self, user, *args, **kwds):
-        if self.can_update(user):
-            self.save(*args, **kwds)
+        if not self.can_update(user):
+            raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
+        self.save(*args, **kwds)
 
     def delete_by_user(self, user, *args, **kwds):
-        if self.can_update(user):
-            self.delete(*args, **kwds)
+        if not self.can_update(user):
+            raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
+        self.delete(*args, **kwds)
 
     @property
     def _dict(self):