diff --git a/calendar/inc/class.calendar_bo.inc.php b/calendar/inc/class.calendar_bo.inc.php
index 3ec1fe1033..5a297035bf 100644
--- a/calendar/inc/class.calendar_bo.inc.php
+++ b/calendar/inc/class.calendar_bo.inc.php
@@ -1142,6 +1142,13 @@ class calendar_bo
 			$access = $this->user == $owner || $grants & $needed
 				&& ($needed == EGW_ACL_FREEBUSY || !$private || $grants & EGW_ACL_PRIVATE);
 		}
+		// do NOT allow users to purge deleted events, if we dont have 'user_purge' enabled
+		if ($access && $needed == EGW_ACL_DELETE && $event['deleted'] &&
+			!$GLOBALS['egw_info']['user']['apps']['admin'] &&
+			$GLOBALS['egw_info']['server']['calendar_delete_history'] != 'user_purge')
+		{
+			$access = false;
+		}
 		if ($this->debug && ($this->debug > 2 || $this->debug == 'check_perms'))
 		{
 			$this->debug_message('calendar_bo::check_perms(%1,%2,%3)=%4',True,ACL_TYPE_IDENTIFER.$needed,$event,$other,$access);