diff --git a/src/mibew/libs/operator.php b/src/mibew/libs/operator.php
index a7d10d4e..c5d09901 100644
--- a/src/mibew/libs/operator.php
+++ b/src/mibew/libs/operator.php
@@ -24,8 +24,6 @@ $can_modifyprofile = 3;
 $can_count = 4;
 $can_viewnotifications = 5;
 
-
-
 $permission_ids = array(
 	$can_administrate => "admin",
 	$can_takeover => "takeover",
@@ -239,6 +237,21 @@ function check_login($redirect = true)
 	return $_SESSION["${mysqlprefix}operator"];
 }
 
+function check_permissions()
+{
+	$check = false;
+	if (func_num_args() > 1) {
+	    $args = func_get_args();
+	    $operator = array_shift($args);
+	    foreach ($args as $permission) {
+		$check = $check || is_capable($permission, $operator);
+	    }
+	}
+	if (!$check) {
+	    die("Permission denied.");
+	}
+}
+
 function get_logged_in()
 {
 	global $mysqlprefix;
diff --git a/src/mibew/operator/avatar.php b/src/mibew/operator/avatar.php
index 59529e5f..b4bf07c4 100644
--- a/src/mibew/operator/avatar.php
+++ b/src/mibew/operator/avatar.php
@@ -26,6 +26,10 @@ $opId = verifyparam("op", "/^\d{1,10}$/");
 $page = array('opid' => $opId, 'avatar' => '');
 $errors = array();
 
+if ($opId && ($opId != $operator['operatorid'])) {
+	check_permissions($operator, $can_administrate);
+}
+
 $canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
 			 || is_capable($can_administrate, $operator);
 
diff --git a/src/mibew/operator/features.php b/src/mibew/operator/features.php
index 5d042659..b78bc605 100644
--- a/src/mibew/operator/features.php
+++ b/src/mibew/operator/features.php
@@ -21,6 +21,7 @@ require_once('../libs/settings.php');
 
 $operator = check_login();
 csrfchecktoken();
+check_permissions($operator, $can_administrate);
 
 $page = array('agentId' => '');
 $errors = array();
diff --git a/src/mibew/operator/getcode.php b/src/mibew/operator/getcode.php
index 100f1f10..5e5ab3ee 100644
--- a/src/mibew/operator/getcode.php
+++ b/src/mibew/operator/getcode.php
@@ -21,6 +21,7 @@ require_once('../libs/groups.php');
 require_once('../libs/getcode.php');
 
 $operator = check_login();
+check_permissions($operator, $can_administrate);
 loadsettings();
 
 $imageLocales = get_image_locales_map("../locales");
diff --git a/src/mibew/operator/gettextcode.php b/src/mibew/operator/gettextcode.php
index b581fab5..d264ce32 100644
--- a/src/mibew/operator/gettextcode.php
+++ b/src/mibew/operator/gettextcode.php
@@ -21,6 +21,7 @@ require_once('../libs/groups.php');
 require_once('../libs/getcode.php');
 
 $operator = check_login();
+check_permissions($operator, $can_administrate);
 loadsettings();
 
 $stylelist = get_style_list("../styles");
diff --git a/src/mibew/operator/group.php b/src/mibew/operator/group.php
index 3c48926c..83e1eb3b 100644
--- a/src/mibew/operator/group.php
+++ b/src/mibew/operator/group.php
@@ -21,6 +21,7 @@ require_once('../libs/groups.php');
 
 $operator = check_login();
 csrfchecktoken();
+check_permissions($operator, $can_administrate);
 
 $page = array('grid' => '');
 $errors = array();
diff --git a/src/mibew/operator/groupmembers.php b/src/mibew/operator/groupmembers.php
index 7a405869..33efe2d2 100644
--- a/src/mibew/operator/groupmembers.php
+++ b/src/mibew/operator/groupmembers.php
@@ -21,6 +21,7 @@ require_once('../libs/groups.php');
 
 $operator = check_login();
 csrfchecktoken();
+check_permissions($operator, $can_administrate);
 
 function get_group_members($groupid)
 {
diff --git a/src/mibew/operator/groups.php b/src/mibew/operator/groups.php
index b9ff7ab6..67801e18 100644
--- a/src/mibew/operator/groups.php
+++ b/src/mibew/operator/groups.php
@@ -20,6 +20,7 @@ require_once('../libs/operator.php');
 
 $operator = check_login();
 csrfchecktoken();
+check_permissions($operator, $can_administrate);
 
 if (isset($_GET['act']) && $_GET['act'] == 'del') {
 
diff --git a/src/mibew/operator/notification.php b/src/mibew/operator/notification.php
index 6cb9c7f4..a584b69c 100644
--- a/src/mibew/operator/notification.php
+++ b/src/mibew/operator/notification.php
@@ -20,6 +20,7 @@ require_once('../libs/operator.php');
 require_once('../libs/chat.php');
 
 $operator = check_login();
+check_permissions($operator, $can_administrate, $can_viewnotifications);
 
 $page = array();
 
diff --git a/src/mibew/operator/notifications.php b/src/mibew/operator/notifications.php
index 833a30ea..0e2ee489 100644
--- a/src/mibew/operator/notifications.php
+++ b/src/mibew/operator/notifications.php
@@ -21,14 +21,11 @@ require_once('../libs/operator.php');
 require_once('../libs/pagination.php');
 
 $operator = check_login();
+check_permissions($operator, $can_administrate, $can_viewnotifications);
 
 $page = array();
 $errors = array();
 
-if (!is_capable($can_administrate, $operator) && !is_capable($can_viewnotifications, $operator)) {
-	die("Permission denied.");
-}
-
 setlocale(LC_TIME, getstring("time.locale"));
 
 # locales
diff --git a/src/mibew/operator/operator.php b/src/mibew/operator/operator.php
index 6b65e32a..73b942d0 100644
--- a/src/mibew/operator/operator.php
+++ b/src/mibew/operator/operator.php
@@ -131,6 +131,9 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 if (!$opId && !is_capable($can_administrate, $operator)) {
 	$errors[] = "You are not allowed to create operators";
 }
+elseif ($opId && ($opId != $operator['operatorid'])) {
+	check_permissions($operator, $can_administrate);
+}
 
 $canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
 			 || is_capable($can_administrate, $operator);
diff --git a/src/mibew/operator/operators.php b/src/mibew/operator/operators.php
index e049feaa..ee109609 100644
--- a/src/mibew/operator/operators.php
+++ b/src/mibew/operator/operators.php
@@ -20,6 +20,7 @@ require_once('../libs/operator.php');
 
 $operator = check_login();
 csrfchecktoken();
+check_permissions($operator, $can_administrate);
 
 if (isset($_GET['act']) && $_GET['act'] == 'del') {
 	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
diff --git a/src/mibew/operator/opgroups.php b/src/mibew/operator/opgroups.php
index 58435613..672b582f 100644
--- a/src/mibew/operator/opgroups.php
+++ b/src/mibew/operator/opgroups.php
@@ -41,6 +41,10 @@ $page['groups'] = get_all_groups($link);
 mysql_close($link);
 $errors = array();
 
+if ($opId && ($opId != $operator['operatorid'])) {
+	check_permissions($operator, $can_administrate);
+}
+
 $canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator))
 			 || is_capable($can_administrate, $operator);
 
diff --git a/src/mibew/operator/performance.php b/src/mibew/operator/performance.php
index 3eca94e6..a45327d5 100644
--- a/src/mibew/operator/performance.php
+++ b/src/mibew/operator/performance.php
@@ -21,6 +21,7 @@ require_once('../libs/settings.php');
 
 $operator = check_login();
 csrfchecktoken();
+check_permissions($operator, $can_administrate);
 
 $page = array('agentId' => '');
 $errors = array();
diff --git a/src/mibew/operator/permissions.php b/src/mibew/operator/permissions.php
index 76db5fea..6f7fa42f 100644
--- a/src/mibew/operator/permissions.php
+++ b/src/mibew/operator/permissions.php
@@ -35,6 +35,10 @@ $opId = verifyparam("op", "/^\d{1,10}$/");
 $page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : "");
 $errors = array();
 
+if ($opId && ($opId != $operator['operatorid'])) {
+	check_permissions($operator, $can_administrate);
+}
+
 $op = operator_by_id($opId);
 
 if (!$op) {
diff --git a/src/mibew/operator/settings.php b/src/mibew/operator/settings.php
index e38227df..812ef216 100644
--- a/src/mibew/operator/settings.php
+++ b/src/mibew/operator/settings.php
@@ -21,6 +21,7 @@ require_once('../libs/settings.php');
 
 $operator = check_login();
 csrfchecktoken();
+check_permissions($operator, $can_administrate);
 
 $page = array('agentId' => '');
 $errors = array();
diff --git a/src/mibew/operator/themes.php b/src/mibew/operator/themes.php
index 5a3f8f26..2c747984 100644
--- a/src/mibew/operator/themes.php
+++ b/src/mibew/operator/themes.php
@@ -24,6 +24,7 @@ require_once('../libs/expand.php');
 require_once('../libs/settings.php');
 
 $operator = check_login();
+check_permissions($operator, $can_administrate);
 
 $stylelist = array();
 $stylesfolder = "../styles";
diff --git a/src/mibew/operator/translate.php b/src/mibew/operator/translate.php
index 250ad392..cea74348 100644
--- a/src/mibew/operator/translate.php
+++ b/src/mibew/operator/translate.php
@@ -119,6 +119,7 @@ function get_auxiliary($s)
 
 $operator = check_login();
 csrfchecktoken();
+check_permissions($operator, $can_administrate);
 
 $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
 $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);
diff --git a/src/mibew/operator/updates.php b/src/mibew/operator/updates.php
index c2b252ff..3d7afb96 100644
--- a/src/mibew/operator/updates.php
+++ b/src/mibew/operator/updates.php
@@ -20,6 +20,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
 $operator = check_login();
+check_permissions($operator, $can_administrate);
 
 $default_extensions = array('mysql', 'gd', 'iconv');