diff --git a/tests/test_progit_flask_ui_admin.py b/tests/test_progit_flask_ui_admin.py
index 4dacbde..377f95b 100644
--- a/tests/test_progit_flask_ui_admin.py
+++ b/tests/test_progit_flask_ui_admin.py
@@ -58,6 +58,14 @@ class PagureFlaskAdmintests(tests.Modeltests):
 
         user = tests.FakeUser()
         with tests.user_set(pagure.APP, user):
+            output = self.app.post('/admin', follow_redirects=True)
+            self.assertEqual(output.status_code, 404)
+            self.assertIn(
+                '</button>\n                      Access restricted',
+                 output.data)
+
+        user.username = 'foo'
+        with tests.user_set(pagure.APP, user):
             output = self.app.get('/admin', follow_redirects=True)
             self.assertEqual(output.status_code, 200)
             self.assertIn(
@@ -89,6 +97,14 @@ class PagureFlaskAdmintests(tests.Modeltests):
         user = tests.FakeUser()
         with tests.user_set(pagure.APP, user):
             output = self.app.post('/admin/gitolite', follow_redirects=True)
+            self.assertEqual(output.status_code, 404)
+            self.assertIn(
+                '</button>\n                      Access restricted',
+                 output.data)
+
+        user.username = 'foo'
+        with tests.user_set(pagure.APP, user):
+            output = self.app.post('/admin/gitolite', follow_redirects=True)
             self.assertEqual(output.status_code, 200)
             self.assertIn(
                 '</button>\n                      Access restricted',
@@ -137,6 +153,14 @@ class PagureFlaskAdmintests(tests.Modeltests):
         user = tests.FakeUser()
         with tests.user_set(pagure.APP, user):
             output = self.app.post('/admin/ssh', follow_redirects=True)
+            self.assertEqual(output.status_code, 404)
+            self.assertIn(
+                '</button>\n                      Access restricted',
+                 output.data)
+
+        user.username = 'foo'
+        with tests.user_set(pagure.APP, user):
+            output = self.app.post('/admin/ssh', follow_redirects=True)
             self.assertEqual(output.status_code, 200)
             self.assertIn(
                 '</button>\n                      Access restricted',
@@ -183,6 +207,14 @@ class PagureFlaskAdmintests(tests.Modeltests):
         user = tests.FakeUser()
         with tests.user_set(pagure.APP, user):
             output = self.app.post('/admin/hook_token', follow_redirects=True)
+            self.assertEqual(output.status_code, 404)
+            self.assertIn(
+                '</button>\n                      Access restricted',
+                 output.data)
+
+        user.username = 'foo'
+        with tests.user_set(pagure.APP, user):
+            output = self.app.post('/admin/hook_token', follow_redirects=True)
             self.assertEqual(output.status_code, 200)
             self.assertIn(
                 '</button>\n                      Access restricted',