diff --git a/files/routes/posts.py b/files/routes/posts.py
index 857059662..b5e60f621 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -43,6 +43,7 @@ titleheaders = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWe
 def toggle_club(pid, v):
 
 	post = get_post(pid)
+	if post.author_id != v.id and v.admin_level < 2: abort(403)
 
 	post.club = not post.club
 	g.db.add(post)
diff --git a/files/templates/post_actions.html b/files/templates/post_actions.html
index b45b6649a..806a6ec2d 100644
--- a/files/templates/post_actions.html
+++ b/files/templates/post_actions.html
@@ -50,8 +50,10 @@
 				<a id="unpin-{{p.id}}" class="dropdown-item {% if not p.stickied %}d-none{% endif %} list-inline-item text-info" role="button" onclick="post_toast2(this,'/unsticky/{{p.id}}','pin-{{p.id}}','unpin-{{p.id}}')"><i class="fas fa-thumbtack fa-rotate--45"></i>Unpin</a>
 			{% endif %}
 
-			<a id="club-{{p.id}}" class="dropdown-item {% if p.club %}d-none{% endif %} list-inline-item text-info" role="button" onclick="post_toast2(this,'/toggle_club/{{p.id}}','club-{{p.id}}','unclub-{{p.id}}')"><i class="fas fa-eye-slash"></i>Mark club</a>
-			<a id="unclub-{{p.id}}" class="dropdown-item {% if not p.club %}d-none{% endif %} list-inline-item text-info" role="button" onclick="post_toast2(this,'/toggle_club/{{p.id}}','club-{{p.id}}','unclub-{{p.id}}')"><i class="fas fa-eye"></i>Unmark club</a>
+			{% if v.admin_level > 1 or v.id == p.author_id %}
+				<a id="club-{{p.id}}" class="dropdown-item {% if p.club %}d-none{% endif %} list-inline-item text-info" role="button" onclick="post_toast2(this,'/toggle_club/{{p.id}}','club-{{p.id}}','unclub-{{p.id}}')"><i class="fas fa-eye-slash"></i>Mark club</a>
+				<a id="unclub-{{p.id}}" class="dropdown-item {% if not p.club %}d-none{% endif %} list-inline-item text-info" role="button" onclick="post_toast2(this,'/toggle_club/{{p.id}}','club-{{p.id}}','unclub-{{p.id}}')"><i class="fas fa-eye"></i>Unmark club</a>
+			{% endif %}
 
 			{% if v.admin_level > 1 %}
 				{% if "/reported/" in request.path %}
