diff --git a/web/root/msgs/management.ssjs b/web/root/msgs/management.ssjs
index 0a36185fe40123f24dd7384b89733b6d4ab3728a..f338e7209f8972290a403bf6d9b4da741473bdb4 100644
--- a/web/root/msgs/management.ssjs
+++ b/web/root/msgs/management.ssjs
@@ -13,12 +13,26 @@ if(http_request.query.Action=="Delete Message(s)") {
 	var deleted=0;
 	var errors=0;
 	errorlist=new Array;
-	for(num in http_request.query.number) {
-		if(msgbase.remove_msg(false,parseInt(http_request.query.number[num])))
-			deleted++;
-		else {
-			errors++;
-			errorlist.push(msgbase.last_error);
+
+	if(sub!='mail' && !msg_area.grp_list[g].sub_list[s].is_operator) {
+		errorlist.push("Only operators can delete messages!");
+		errors++;
+	}
+	else {
+		for(num in http_request.query.number) {
+			var mnum=parseInt(http_request.query.number[num]);
+			if(sub==mail && ((idx=get_msg_index(false,mnum))==null || idx.to!=user.number) {
+				errors++;
+				errorlist.push("Cannot delete message "+mnum);
+			}
+			else {
+				if(msgbase.remove_msg(false,mnum))
+					deleted++;
+				else {
+					errors++;
+					errorlist.push(msgbase.last_error);
+				}
+			}
 		}
 	}
 	template.title=deleted+" Messages Deleted";