diff --git a/nocodetools/permissions.py b/nocodetools/permissions.py
index 30b032f..1489bf2 100644
--- a/nocodetools/permissions.py
+++ b/nocodetools/permissions.py
@@ -3,8 +3,26 @@ from rest_framework.permissions import BasePermission
 from projects.models import Project, ProjectTeamList
 from portfolios.models import Portfolio
 
+from .services import NocodetoolObjectMapService
+
 UNSAFE_REQUEST = ["POST", "PUT", "PATCH", "DELETE"]
 
+class IsNotPublished(BasePermission):
+    def has_permission(self, request, view):
+        if request.method not in UNSAFE_REQUEST:
+            return True
+
+        related_type = request.query_params.get("type")
+        related_id = request.query_params.get("id")
+
+        if not related_type or not related_id:
+            return False
+
+        if obj := NocodetoolObjectMapService.mapping_model_instance(related_type, related_id):
+            if not obj.is_published:
+                return True
+        return False
+
 class IsOwnerOrMemberInCreateAndUpdateAndDelete(BasePermission):
     def has_permission(self, request, view):
         if request.method not in UNSAFE_REQUEST: