diff --git a/webapp/serializers.py b/webapp/serializers.py
index 5bfffb9..ea89c52 100644
--- a/webapp/serializers.py
+++ b/webapp/serializers.py
@@ -73,24 +73,22 @@ class TagSerializer(serializers.ModelSerializer):
 
 
 class FeedSerializer(serializers.ModelSerializer):
-    # tags = TagSerializer(many=True, read_only=False)
-    # tags = serializers.PrimaryKeyRelatedField(
-    #     many=True,
-    #     queryset=Tag.objects.all(),
-    #     read_only=False
-    # )
+    tag_id = serializers.PrimaryKeyRelatedField(
+        many=True,
+        source="tags",
+        queryset=Tag.objects.all()
+    )
 
     class Meta:
         model = Feed
-        fields = ('tags', 'visible', 'title', 'description',
-                  'content', 'publish_time', 'autohide')
+        fields = ('id', 'tags', 'tag_id', 'visible', 'title', 'description',
+                  'content', 'publish_time', 'autohide', 'autohide_enabled')
+        depth = 1
 
     def create(self, validated_data):
-        print("validated data: ", validated_data)
         tags_data = validated_data.pop('tags')
         feed = Feed.objects.create(**validated_data)
         for tag in tags_data:
-            print(tag)
             feed.tags.add(tag)
         feed.save()
         return feed
diff --git a/webapp/views.py b/webapp/views.py
index c04e11f..e70ac9d 100644
--- a/webapp/views.py
+++ b/webapp/views.py
@@ -33,15 +33,6 @@ class IsPostOrIsAuthenticated(permissions.BasePermission):
             return True
         return request.user and request.user.is_authenticated
 
-
-class IsPostOrReadOnlyOrAuthenticated(permissions.BasePermission):
-    def has_permission(self, request, view):
-        if request.method in ['POST', 'GET']:
-            return True
-
-        return request.user and request.user.is_authenticated
-
-
 # -- REST API -- #
 class RootView(routers.APIRootView):
     permission_classes = [IsAuthenticatedOrReadOnly]
@@ -50,13 +41,17 @@ class RootView(routers.APIRootView):
 class EventViewSet(viewsets.ModelViewSet):
     queryset = Event.objects.all()
     serializer_class = EventSerializer
-    permission_classes = [IsPostOrReadOnlyOrAuthenticated]
+    permission_classes = [IsAuthenticatedOrReadOnly]
     filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter)
     filter_fields = '__all__'
     search_fields = '__all__'
 
     def get_queryset(self):
-        return Event.objects.filter(visible=True, end_time__gt=timezone.now()).order_by('start_time')
+        since = self.request.query_params.get('since', None)
+        if since:
+            return Event.objects.filter(visible=True, end_time__gt=since).order_by('start_time')
+
+        return Event.objects.filter(visible=True).order_by('start_time')
 
 
 class SignupFormViewSet(viewsets.ModelViewSet):
@@ -98,7 +93,17 @@ class FeedViewSet(viewsets.ModelViewSet):
     search_fields = '__all__'
 
     def get_queryset(self):
-        return Feed.objects.filter(visible=True, autohide__gt=timezone.now()).order_by('publish_time')
+        objs = Feed.objects.filter(visible=True).order_by('publish_time')
+
+        result_ids = []
+        for obj in objs:
+            if obj.autohide_enabled:
+                if obj.autohide > timezone.now():
+                    result_ids.append(obj.id)
+            else:
+                result_ids.append(obj.id)
+
+        return Feed.objects.filter(id__in=result_ids)
 
 
 class ContactsViewSet(viewsets.ReadOnlyModelViewSet):