diff --git a/lib/classes/JsonApi/Routes/Courseware/BlocksCopy.php b/lib/classes/JsonApi/Routes/Courseware/BlocksCopy.php
index 26c49ce5cf8e995548480901a48b9b67ab710749..6d71a91b58325965613cc704f45299f04db2b20f 100755
--- a/lib/classes/JsonApi/Routes/Courseware/BlocksCopy.php
+++ b/lib/classes/JsonApi/Routes/Courseware/BlocksCopy.php
@@ -30,8 +30,9 @@ class BlocksCopy extends NonJsonApiController
 
         $block = \Courseware\Block::find($data['block']['id']);
         $container = \Courseware\Container::find($data['parent_id']);
+        $user = $this->getUser($request);
 
-        if (!Authority::canCreateBlocks($user = $this->getUser($request), $container)) {
+        if (!Authority::canCreateBlocks($user, $container) || !Authority::canUpdateBlock($user, $block)) {
             throw new AuthorizationFailedException();
         }
 
@@ -57,4 +58,4 @@ class BlocksCopy extends NonJsonApiController
         //TODO update section block ids
         return true;
     }
-}
\ No newline at end of file
+}
diff --git a/lib/classes/JsonApi/Routes/Courseware/ContainersCopy.php b/lib/classes/JsonApi/Routes/Courseware/ContainersCopy.php
index 9f04e5350ac2b3d606deb8f611d14b1549c6e84f..2b99f65bf42059659e688e6ad19078a4e2bf8de9 100755
--- a/lib/classes/JsonApi/Routes/Courseware/ContainersCopy.php
+++ b/lib/classes/JsonApi/Routes/Courseware/ContainersCopy.php
@@ -30,7 +30,8 @@ class ContainersCopy extends NonJsonApiController
 
         $container = \Courseware\Container::find($data['container']['id']);
         $element = \Courseware\StructuralElement::find($data['parent_id']);
-        if (!Authority::canCreateContainer($user = $this->getUser($request), $element)) {
+        $user = $this->getUser($request);
+        if (!Authority::canCreateContainer($user, $element) || !Authority::canUpdateContainer($user, $container)) {
             throw new AuthorizationFailedException();
         }
 
@@ -48,4 +49,4 @@ class ContainersCopy extends NonJsonApiController
 
         return $container;
     }
-}
\ No newline at end of file
+}
diff --git a/lib/classes/JsonApi/Routes/Courseware/StructuralElementsCopy.php b/lib/classes/JsonApi/Routes/Courseware/StructuralElementsCopy.php
index e56f266a53561cce4f63b33eb667a09c475ac9c7..68b0b4d64862f91396cbe33e1713b98378158e71 100755
--- a/lib/classes/JsonApi/Routes/Courseware/StructuralElementsCopy.php
+++ b/lib/classes/JsonApi/Routes/Courseware/StructuralElementsCopy.php
@@ -29,7 +29,8 @@ class StructuralElementsCopy extends NonJsonApiController
 
         $sourceElement = StructuralElement::find($args['id']);
         $newParent = StructuralElement::find($data['parent_id']);
-        if (!Authority::canCreateContainer($user = $this->getUser($request), $newParent)) {
+        $user = $this->getUser($request);
+        if (!Authority::canCreateStructuralElement($user, $newParent) || !Authority::canUpdateStructuralElement($user, $sourceElement)) {
             throw new AuthorizationFailedException();
         }