=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AppStoreController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AppStoreController.java	2015-12-22 12:43:17 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AppStoreController.java	2015-12-22 12:49:00 +0000
@@ -43,6 +43,7 @@
 import org.hisp.dhis.appstore.AppStoreManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
 
 /**
  * @author Lars Helge Overland
@@ -65,6 +66,7 @@
     
     @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/{versionId}", method = RequestMethod.POST )
+    @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-appmanager')" )
     public void installAppFromAppStore( @PathVariable String versionId )
     {
         appStoreManager.installAppFromAppStore( versionId );