You can use bool capable(int cap) function, which returns true if user has capability requested. Possible values of cap are listed in kernel sources at include/uapi/linux/capability.h (macros started with CAP_).

As you can see, there are many admin-like capabilities. Choose one which seems fit better for you task. Or just take CAP_SYS_ADMIN.

Restrict by Write Permission

You can restrict certain ioctl commands if the device is opened read-only. To implement this, given the first parameter to the ioctl function, struct file *file, test if file->f_mode has FMODE_WRITE bit set.

if (!(file->f_mode & FMODE_WRITE))
        return -EACCES;

Set the permissions so that only a particular user or group has write permissions for the device. This could be useful in a scenario where certain users should be able to control a device, by opening it in read-write mode, while other users can only read the device and get status by opening it in read-only mode.

A user might also choose to open() the device with mode O_RDONLY, if the user only wants to read the device while ensuring he doesn't modify it.

Restrict by Capabilities

You could restrict certain ioctl commands to only be permitted if the user has a specified capability (CAP_SYS_ADMIN is likely suitable).

if (!capable(CAP_SYS_ADMIN))
        return -EACCES;