diff --git a/internal/http/auth/auth.go b/internal/http/auth/auth.go
index e1cbd356..de1ebcfc 100644
--- a/internal/http/auth/auth.go
+++ b/internal/http/auth/auth.go
@@ -55,3 +55,14 @@ func HostsOrAdminsOnly(next http.Handler) http.Handler {
 		}
 	})
 }
+
+func CanHostOnly(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		session := GetSession(r)
+		if !session.CanHost() {
+			utils.HttpForbidden(w, "Only for members, that can host.")
+		} else {
+			next.ServeHTTP(w, r)
+		}
+	})
+}