diff --git a/lib/classes/JsonApi/Routes/Courseware/Authority.php b/lib/classes/JsonApi/Routes/Courseware/Authority.php
index 9fb281005b52d450b50aab46c963b85f55964b80..36488a406341f950bdea15b14809dc2cecc3b6b9 100644
--- a/lib/classes/JsonApi/Routes/Courseware/Authority.php
+++ b/lib/classes/JsonApi/Routes/Courseware/Authority.php
@@ -549,5 +549,9 @@ class Authority
         return self::canIndexClipboardsOfAUser($request_user, $user);
     }
 
+    public static function canInsertFromClipboard(User $user, Clipboard $resource)
+    {
+        return $resource->user_id === $user->id;
+    }
 
 }
diff --git a/lib/classes/JsonApi/Routes/Courseware/ClipboardsInsert.php b/lib/classes/JsonApi/Routes/Courseware/ClipboardsInsert.php
index 5f5f7d07905b6022f25025c23050871f8b196b8a..4fafc4c22c5bfce0b40578e1d33e5dcd9868b4b2 100644
--- a/lib/classes/JsonApi/Routes/Courseware/ClipboardsInsert.php
+++ b/lib/classes/JsonApi/Routes/Courseware/ClipboardsInsert.php
@@ -35,6 +35,11 @@ class ClipboardsInsert extends NonJsonApiController
         }
 
         $user = $this->getUser($request);
+
+        if (!Authority::canInsertFromClipboard($user, $clipboard)) {
+            throw new AuthorizationFailedException();
+        }
+
         $backup = json_decode($clipboard->backup);
 
         if ($clipboard->object_type === 'courseware-blocks') {