diff --git a/rtpconn/webclient.go b/rtpconn/webclient.go
index f4ef07c..d0cbf43 100644
--- a/rtpconn/webclient.go
+++ b/rtpconn/webclient.go
@@ -1619,6 +1619,9 @@ func handleClientMessage(c *webClient, m clientMessage) error {
 		}
 		switch m.Kind {
 		case "clearchat":
+			if !member("op", c.permissions) {
+				return c.error(group.UserError("not authorised"))
+			}
 			g.ClearChatHistory()
 			m := clientMessage{
 				Type:       "usermessage",