diff --git a/rtpconn/webclient.go b/rtpconn/webclient.go
index f4fe2be..483227c 100644
--- a/rtpconn/webclient.go
+++ b/rtpconn/webclient.go
@@ -1612,6 +1612,9 @@ func handleClientMessage(c *webClient, m clientMessage) error {
 		}
 		switch m.Kind {
 		case "clearchat":
+			if !member("op", c.permissions) {
+				return c.error(group.UserError("not authorised"))
+			}
 			g.ClearChatHistory()
 			m := clientMessage{
 				Type:       "usermessage",