diff --git a/server/methods/deleteMessage.coffee b/server/methods/deleteMessage.coffee
index f440c41edfb..2ad45558362 100644
--- a/server/methods/deleteMessage.coffee
+++ b/server/methods/deleteMessage.coffee
@@ -6,6 +6,10 @@ Meteor.methods
 		if not RocketChat.settings.get 'Message_AllowDeleting'
 			throw new Meteor.Error 'message-deleting-not-allowed', "[methods] updateMessage -> Message deleting not allowed"
 
+		user = Meteor.users.findOne Meteor.userId()
+
+		unless user?.admin is true or message.u._id is Meteor.userId()
+			throw new Meteor.Error 'not-authorized', '[methods] deleteMessage -> Not authorized'
 
 		console.log '[methods] deleteMessage -> '.green, 'userId:', Meteor.userId(), 'arguments:', arguments
 
@@ -25,7 +29,7 @@ Meteor.methods
 					_id: message._id
 					'u._id': Meteor.userId()
 				,
-					$set: 
+					$set:
 						_hidden: true
 
 		else
@@ -39,7 +43,7 @@ Meteor.methods
 				_id: message._id
 				'u._id': Meteor.userId()
 			,
-				$set: 
+				$set:
 					msg: ''
 					t: 'rm'
 					ets: new Date()
diff --git a/server/methods/deleteUser.coffee b/server/methods/deleteUser.coffee
index 678196ba077..af4fee1ad0f 100644
--- a/server/methods/deleteUser.coffee
+++ b/server/methods/deleteUser.coffee
@@ -2,12 +2,11 @@ Meteor.methods
 	deleteUser: (userId) ->
 		if not Meteor.userId()
 			throw new Meteor.Error('invalid-user', "[methods] deleteUser -> Invalid user")
-		
-		user = Meteor.users.findOne Meteor.userId()
+
+		user = Meteor.users.findOne userId()
 		unless user?.admin is true
 			throw new Meteor.Error 'not-authorized', '[methods] deleteUser -> Not authorized'
 
-		user = Meteor.users.findOne userId
 		unless user?
 			throw new Meteor.Error 'not-found', '[methods] deleteUser -> User not found'
 
@@ -18,10 +17,6 @@ Meteor.methods
 			if room.t isnt 'c' and room.usernames.length is 1
 				ChatRoom.remove subscription.rid # Remove non-channel rooms with only 1 user (the one being deleted)
 
-			
-
-
-
 		ChatSubscription.remove { "u._id": userId } # Remove user subscriptions
 
 		rooms = ChatRoom.find({ "u._id": userId }).fetch()
@@ -31,4 +26,4 @@ Meteor.methods
 		ChatRoom.update {}, { $pull: { usernames: user.username } }, { multi: true } # Remove user from all other rooms
 		Meteor.users.remove { _id: userId } # Remove user from users database
 
-		return true
\ No newline at end of file
+		return true
diff --git a/server/methods/updateMessage.coffee b/server/methods/updateMessage.coffee
index dffe9ea5a49..2db3f603664 100644
--- a/server/methods/updateMessage.coffee
+++ b/server/methods/updateMessage.coffee
@@ -6,6 +6,11 @@ Meteor.methods
 		if not RocketChat.settings.get 'Message_AllowEditing'
 			throw new Meteor.Error 'message-editing-not-allowed', "[methods] updateMessage -> Message editing not allowed"
 
+		user = Meteor.users.findOne Meteor.userId()	
+
+		unless user?.admin is true or message.u._id is Meteor.userId()
+			throw new Meteor.Error 'not-authorized', '[methods] updateMessage -> Not authorized'
+
 		console.log '[methods] updateMessage -> '.green, 'userId:', Meteor.userId(), 'arguments:', arguments
 
 		# If we keep history of edits, insert a new message to store history information
@@ -31,4 +36,4 @@ Meteor.methods
 			$set: message
 
 		# Meteor.defer ->
-		# 	RocketChat.callbacks.run 'afterSaveMessage', ChatMessage.findOne(message.id)
\ No newline at end of file
+		# 	RocketChat.callbacks.run 'afterSaveMessage', ChatMessage.findOne(message.id)