diff --git a/pagure/templates/pull_request.html b/pagure/templates/pull_request.html
index 4f0361d..e17edca 100644
--- a/pagure/templates/pull_request.html
+++ b/pagure/templates/pull_request.html
@@ -556,7 +556,7 @@
 
     <div class="card">
       <div class="card-block">
-        {% if authenticated and mergeform and pull_request.status == 'Open' %}
+        {% if authenticated and mergeform and pull_request.status == 'Open' and repo_admin %}
           <form method="POST" action="{{ url_for('.set_assignee_requests',
               username=username, repo=repo.name, requestid=requestid) }}">
             <fieldset class="form-group issue-metadata-form">
@@ -571,10 +571,10 @@
               <fieldset class="form-group issue-metadata-display">
                 <label><strong>Assignee</strong></label>
                 <div>
-                  {{ pull_request.assignee.username or '' }}
+                  {{ pull_request.assignee.username or 'Unassigned' }}
                 </div>
               </fieldset>
-        {% if authenticated and mergeform and pull_request.status == 'Open' %}
+        {% if authenticated and mergeform and pull_request.status == 'Open' and repo_admin %}
               <input type="submit" class="btn btn-primary issue-metadata-form" value="Update">
               <a class="btn btn-secondary issue-metadata-form editmetadatatoggle" >cancel</a>
             </form>
diff --git a/pagure/ui/fork.py b/pagure/ui/fork.py
index f3a635e..802cfc1 100644
--- a/pagure/ui/fork.py
+++ b/pagure/ui/fork.py
@@ -799,6 +799,9 @@ def set_assignee_requests(repo, requestid, username=None):
     if request.status != 'Open':
         flask.abort(403, 'Pull-request closed')
 
+    if not is_repo_admin(repo):
+        flask.abort(403, 'You are not allowed to assign this pull-request')
+
     form = pagure.forms.ConfirmationForm()
     if form.validate_on_submit():
         try:
diff --git a/tests/test_pagure_flask_ui_fork.py b/tests/test_pagure_flask_ui_fork.py
index 6b8c2fd..e1e8bcb 100644
--- a/tests/test_pagure_flask_ui_fork.py
+++ b/tests/test_pagure_flask_ui_fork.py
@@ -1175,7 +1175,7 @@ index 0000000..2a552bb
 
         # No such project
         user = tests.FakeUser()
-        user.username = 'foo'
+        user.username = 'pingou'
         with tests.user_set(pagure.APP, user):
             output = self.app.post('/foo/pull-request/1/assign')
             self.assertEqual(output.status_code, 404)
@@ -1192,7 +1192,7 @@ index 0000000..2a552bb
                 'Pagure</title>', output.data)
             self.assertIn(
                 '<h3><span class="label label-default">PR#1</span>\n'
-                '  PR from the feature branch\n</h3>', output.data)
+                '  PR from the feature branch\n', output.data)
             self.assertNotIn(
                 '</button>\n                      Request assigned',
                 output.data)
@@ -1217,7 +1217,7 @@ index 0000000..2a552bb
                 'Pagure</title>', output.data)
             self.assertIn(
                 '<h3><span class="label label-default">PR#1</span>\n'
-                '  PR from the feature branch\n</h3>', output.data)
+                '  PR from the feature branch\n', output.data)
             self.assertNotIn(
                 '</button>\n                      Request assigned',
                 output.data)
@@ -1237,7 +1237,7 @@ index 0000000..2a552bb
                 'Pagure</title>', output.data)
             self.assertIn(
                 '<h3><span class="label label-default">PR#1</span>\n'
-                '  PR from the feature branch\n</h3>', output.data)
+                '  PR from the feature branch\n', output.data)
             self.assertIn(
                 '</button>\n                      No user &#34;bar&#34; found',
                 output.data)
@@ -1257,7 +1257,7 @@ index 0000000..2a552bb
                 'Pagure</title>', output.data)
             self.assertIn(
                 '<h3><span class="label label-default">PR#1</span>\n'
-                '  PR from the feature branch\n</h3>', output.data)
+                '  PR from the feature branch\n', output.data)
             self.assertIn(
                 '</button>\n                      Request assigned',
                 output.data)