diff --git a/app/streams/stream_delete.php b/app/streams/stream_delete.php
index 8ea0791519..29581205ef 100644
--- a/app/streams/stream_delete.php
+++ b/app/streams/stream_delete.php
@@ -24,6 +24,16 @@
 //includes
 	require_once "root.php";
 	require_once "resources/require.php";
+	require_once "resources/check_auth.php";
+
+//check permissions
+	if (permission_exists('stream_delete')) {
+		//access granted
+	}
+	else {
+		echo "access denied";
+		exit;
+	}
 
 //add multi-lingual support
 	$language = new text;
@@ -33,7 +43,7 @@
 	message::add($text['message-delete']);
 
 //delete the data
-	if (isset($_GET["id"]) && is_uuid($_GET["id"]) && permission_exists('stream_delete')) {
+	if (isset($_GET["id"]) && is_uuid($_GET["id"])) {
 
 		//get the id
 			$id = check_str($_GET["id"]);