This mixin checks if the object being updated belongs to the current user.

check-author-mixin.py

# -*- coding: utf-8 -*-
from django.http.response import HttpResponseForbidden

class AuthorRequiredMixin(object):
    def dispatch(self, request, *args, **kwargs):
        obj = self.get_object()

        if obj.user != self.request.user:
            return HttpResponseForbidden()

        return super(AuthorRequiredMixin, self).dispatch(request, *args, **kwargs)