diff --git a/v1/menu/tests/__init__.py b/v1/menu/tests/__init__.py
new file mode 100644
index 0000000..6f804bc
--- /dev/null
+++ b/v1/menu/tests/__init__.py
@@ -0,0 +1,2 @@
+#!/usr/bin/env python
+# encoding: utf-8
diff --git a/v1/menu/tests/test_copy.py b/v1/menu/tests/test_copy.py
new file mode 100644
index 0000000..414796d
--- /dev/null
+++ b/v1/menu/tests/test_copy.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python
+# encoding: utf-8
+
+from django.test import TestCase, RequestFactory
+from django.contrib.auth.models import User
+from v1.menu.models import MenuItem, Menu
+from datetime import datetime
+
+from v1.menu import views
+
+
+class ListTests(TestCase):
+    fixtures = [
+        'test/users.json',
+        'course_data.json',
+        'cuisine_data.json',
+        'recipe_data.json',
+        'ing_data.json'
+    ]
+
+    def setUp(self):
+        # Every test needs access to the request factory.
+        self.factory = RequestFactory()
+        # Create a staff user.
+        self.staff = User.objects.create_user(
+            username='staff', email='staff@gmail.com', password='top_secret', is_superuser=True
+        )
+        self.menu = Menu.objects.create(title='food', author=self.staff)
+        self.item = MenuItem.objects.create(menu=self.menu, recipe_id=1)
+
+    def test_get_copy_menu(self):
+        """Check if we get the right data for a list"""
+        view = views.MenuCopyViewSet.as_view()
+        data = {
+            'menu': '1',
+            'title': 'new menu',
+            'description': 'this is new',
+            'start': datetime.now(),
+        }
+        request = self.factory.post('/api/v1/recipe/recipes/', data=data)
+        request.user = self.staff
+        response = view(request)
+
+        print(response.data)
+
+        self.assertTrue(response.data.get('id', True))
diff --git a/v1/menu/tests/test_permission.py b/v1/menu/tests/test_permission.py
new file mode 100644
index 0000000..a5a8104
--- /dev/null
+++ b/v1/menu/tests/test_permission.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python
+# encoding: utf-8
+
+from django.contrib.auth.models import AnonymousUser, User
+from django.test import TestCase, RequestFactory
+from v1.menu.permissions import IsMenuOwner, IsMenuItemOwner
+from v1.menu.models import MenuItem, Menu
+
+
+class PermissionTest(TestCase):
+    fixtures = [
+        'test/users.json',
+        'course_data.json',
+        'cuisine_data.json',
+        'recipe_data.json',
+        'ing_data.json'
+    ]
+
+    def setUp(self):
+        # Every test needs access to the request factory.
+        self.factory = RequestFactory()
+        # Create a staff user.
+        self.staff = User.objects.create_user(
+            username='staff', email='staff@gmail.com', password='top_secret', is_superuser=True
+        )
+        self.user = User.objects.create_user(
+            username='jacob', email='jacob@gmail.com', password='top_secret'
+        )
+        self.menu = Menu.objects.create(title='food', author=self.user)
+        self.item = MenuItem.objects.create(menu=self.menu, recipe_id=1)
+
+    def test_is_list_owner_or_read_only(self):
+        # Try and access something as an admin user.
+        # Both get and post should have access.
+        request = self.factory.get('/admin')
+        request.user = self.staff
+        self.assertTrue(IsMenuOwner().has_object_permission(request, None, None))
+        self.assertTrue(IsMenuOwner().has_object_permission(request, None, self.menu))
+        request = self.factory.post('/admin')
+        request.user = self.staff
+        self.assertTrue(IsMenuOwner().has_object_permission(request, None, None))
+        self.assertTrue(IsMenuOwner().has_object_permission(request, None, self.menu))
+
+        # Try and access something as an user who created th lists.
+        # Both get and post should have access.
+        request = self.factory.get('/admin')
+        request.user = self.user
+        self.assertTrue(IsMenuOwner().has_object_permission(request, None, self.menu))
+        request = self.factory.post('/admin')
+        request.user = self.user
+        self.assertTrue(IsMenuOwner().has_object_permission(request, None, self.menu))
+
+        # Try and access something as an anonymous user.
+        # Both get and post should not have access.
+        request = self.factory.get('/admin')
+        request.user = AnonymousUser()
+        self.assertFalse(IsMenuOwner().has_object_permission(request, None, self.menu))
+        request = self.factory.post('/admin')
+        request.user = AnonymousUser()
+        self.assertFalse(IsMenuOwner().has_object_permission(request, None, self.menu))
+
+    def test_is_item_owner_or_read_only(self):
+        # Try and access something as an admin user.
+        # Both get and post should have access.
+        request = self.factory.get('/admin')
+        request.user = self.staff
+        self.assertTrue(IsMenuItemOwner().has_object_permission(request, None, None))
+        self.assertTrue(IsMenuItemOwner().has_object_permission(request, None, self.item))
+        request = self.factory.post('/admin')
+        request.user = self.staff
+        self.assertTrue(IsMenuItemOwner().has_object_permission(request, None, None))
+        self.assertTrue(IsMenuItemOwner().has_object_permission(request, None, self.item))
+
+        # Try and access something as an user who created th lists.
+        # Both get and post should have access.
+        request = self.factory.get('/admin')
+        request.user = self.user
+        self.assertTrue(IsMenuItemOwner().has_object_permission(request, None, self.item))
+        request = self.factory.post('/admin')
+        request.user = self.user
+        self.assertTrue(IsMenuItemOwner().has_object_permission(request, None, self.item))
+
+        # Try and access something as an anonymous user.
+        # Both get and post should not have access.
+        request = self.factory.get('/admin')
+        request.user = AnonymousUser()
+        self.assertFalse(IsMenuItemOwner().has_object_permission(request, None, self.item))
+        request = self.factory.post('/admin')
+        request.user = AnonymousUser()
+        self.assertFalse(IsMenuItemOwner().has_object_permission(request, None, self.item))
diff --git a/v1/menu/views.py b/v1/menu/views.py
index a969f77..aa48535 100644
--- a/v1/menu/views.py
+++ b/v1/menu/views.py
@@ -41,7 +41,10 @@ def post(self, request, *args, **kwargs):
         description = request.data.get('description')
         start = request.data.get('start')
 
-        new_menu = MenuSerializer(data={'title':title, 'description':description})
+        new_menu = MenuSerializer(data={
+            'title': title,
+            'description': description
+        })
         new_menu.is_valid(raise_exception=True)
         new_menu.save()
 
@@ -55,11 +58,11 @@ def post(self, request, *args, **kwargs):
         new_items = []
         for item in MenuItem.objects.filter(menu__id=menu):
             new_item = MenuItemSerializer(data={
-                'menu':new_menu.data.get('id'),
-                'recipe':item.recipe.id,
-                'all_day':item.all_day,
-                'start_date':item.start_date + timedelta(days=days),
-                'end_date':item.end_date + timedelta(days=days)
+                'menu': new_menu.data.get('id'),
+                'recipe': item.recipe.id,
+                'all_day': item.all_day,
+                'start_date': item.start_date + timedelta(days=days),
+                'end_date': item.end_date + timedelta(days=days)
             })
             new_item.is_valid(raise_exception=True)
             new_item.save()