diff --git a/kallithea/tests/functional/test_admin_permissions.py b/kallithea/tests/functional/test_admin_permissions.py
--- a/kallithea/tests/functional/test_admin_permissions.py
+++ b/kallithea/tests/functional/test_admin_permissions.py
@@ -49,8 +49,7 @@ class TestAdminPermissionsController(Tes
     def test_edit_permissions_permissions(self):
         user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
 
-        # Test unauthenticated access
-        # FIXME: access without authentication
+        # Test unauthenticated access - it will redirect to login page
         response = self.app.post(
             url('edit_repo_perms_update', repo_name=HG_REPO),
             params=dict(
@@ -61,9 +60,9 @@ class TestAdminPermissionsController(Tes
                 _authentication_token=self.authentication_token()),
             status=302)
 
-        assert response.location.endswith(url('edit_repo_perms_update', repo_name=HG_REPO))
+        assert not response.location.endswith(url('edit_repo_perms_update', repo_name=HG_REPO))
+        assert response.location.endswith(url('login_home', came_from=url('edit_repo_perms_update', repo_name=HG_REPO)))
 
-        # FIXME: access without authentication
         response = self.app.post(
             url('edit_repo_perms_revoke', repo_name=HG_REPO),
             params=dict(
@@ -71,8 +70,9 @@ class TestAdminPermissionsController(Tes
                 obj_type='user',
                 user_id=user.user_id,
                 _authentication_token=self.authentication_token()),
-            status=200) # success has no content
-        assert not response.body
+            status=302)
+
+        assert response.location.endswith(url('login_home', came_from=url('edit_repo_perms_update', repo_name=HG_REPO)))
 
         # Test authenticated access
         self.log_user()