diff --git a/tests.py b/tests.py
index 05c21ea..38fda4a 100644
--- a/tests.py
+++ b/tests.py
@@ -4,12 +4,19 @@
 import unittest
 import tempfile
 import database
-from models import CategoryModel
-
+from flask.ext.login import login_user , logout_user
+from models import CategoryModel,AdministratorModel,SlideModel
 
+@slides.app.route('/test_login')
+def test_login():
+    database.db_session.add(AdministratorModel("test"))
+    database.db_session.commit()
+    user = ( AdministratorModel.query.filter(AdministratorModel.email=="test").first())
+    login_user(user)
+    return "ok"
 
 class SlidesTestCase(unittest.TestCase):
-    
+
     def setUp(self):
         slides.app.config['TESTING'] = True
         self.app = slides.app.test_client()
@@ -27,6 +34,11 @@ def test_add_new_category(self):
               name='test'), follow_redirects=True)
         assert "Category added succefully" in rv.data
 
+    def test_only_logged_users_can_add_new_category(self):
+        rv = self.app.post('/addCategory', data=dict(
+              name='test'), follow_redirects=True)
+        assert 'Unauthorized' in rv.data
+
     def test_add_existing_category(self):
         self.app.post('/addCategory', data=dict(
              name='test'), follow_redirects=True)
@@ -45,6 +57,20 @@ def test_update_category(self):
              id=c.id, title="test2"), follow_redirects=True)
         assert "Category updated succefully" in rv.data
 
+    def test_only_logged_users_can_update_category(self):
+        self.app.get("/test_login")
+
+        self.app.post('/addCategory', data=dict(
+              name='test'), follow_redirects=True)
+
+        c = CategoryModel.query.filter(CategoryModel.name=="test").first()
+
+        self.app.post("/api/logout")
+
+        rv = self.app.post('/updatecategory', data=dict(
+             id=c.id, title="test2"), follow_redirects=True)
+        assert 'Unauthorized' in rv.data
+
     @unittest.expectedFailure
     def test_update_category_with_existing_name(self):
 
@@ -82,6 +108,20 @@ def test_delete_category(self):
              id=c.id), follow_redirects=True)
         assert "Category deleted succefully" in rv.data
 
+    def test_only_logged_users_can_delete_category(self):
+        self.app.get("/test_login")
+
+        self.app.post('/addCategory', data=dict(
+             name='test'), follow_redirects=True)
+
+        c = CategoryModel.query.filter(CategoryModel.name=="test").first()
+
+        self.app.post("/api/logout")
+
+        rv = self.app.post('/deletecategory', data=dict(
+             id=c.id), follow_redirects=True)
+        assert 'Unauthorized' in rv.data
+
     def test_delete_uncategorised_category(self):
         self.app.get('/init')
 
@@ -140,10 +180,82 @@ def test_add_new_slide_with_non_gh_pages_branch(self):
           )
 
         assert "You have to create a 'gh-pages' branch" in rv.data
-     
+
+    def test_only_logged_users_can_add_slide(self):
+        self.app.get("/test_login")
+        self.app.post('/addCategory', data=dict(
+             name='test'), follow_redirects=True)
+
+        c = CategoryModel.query.filter(CategoryModel.name=="test").first()
+
+        self.app.post("/api/logout")
+
+        rv = self.app.post('/addSlide', data=dict(
+           title='Firefox OS App Day Tunisia',
+           url='https://github.com/moztn/firefoxOSAppDay-Slides',
+           description='Firefox OS App Day Tunisia Event',
+           categorie=c.id)
+         )
+        assert 'Unauthorized' in rv.data
+
+    def test_only_logged_users_can_update_slide(self):
+        self.app.get("/test_login")
+        self.app.post('/addCategory', data=dict(
+             name='test'), follow_redirects=True)
+
+        c = CategoryModel.query.filter(CategoryModel.name=="test").first()
+
+        self.app.post('/addSlide', data=dict(
+           title='Firefox OS App Day Tunisia',
+           url='https://github.com/moztn/firefoxOSAppDay-Slides',
+           description='Firefox OS App Day Tunisia Event',
+           screenshot = "img/badge-reserved.jpg",
+           categorie=c.name)
+         )
+
+        s = SlideModel.query.filter(SlideModel.title=='Firefox OS App Day Tunisia').first()
+
+        self.app.post("/api/logout")
+
+        rv=self.app.post('/addSlide', data=dict(
+           id=s.id,
+           title='Firefox OS App Day TN',
+           url=s.url,
+           description=s.description,
+           screenshot = s.screenshot,
+           categorie=s.category)
+         )
+
+        assert 'Unauthorized' in rv.data
+
+    def test_only_logged_users_can_delete_slide(self):
+        self.app.get("/test_login")
+        self.app.post('/addCategory', data=dict(
+            name='test'), follow_redirects=True)
+
+        c = CategoryModel.query.filter(CategoryModel.name=="test").first()
+
+        self.app.post('/addSlide', data=dict(
+          title='Firefox OS App Day Tunisia',
+          url='https://github.com/moztn/firefoxOSAppDay-Slides',
+          description='Firefox OS App Day Tunisia Event',
+          screenshot = "img/badge-reserved.jpg",
+          categorie=c.name)
+         )
+
+        s = SlideModel.query.filter(SlideModel.title=='Firefox OS App Day Tunisia').first()
+
+        self.app.post("/api/logout")
+
+        rv=self.app.post('/deleteslide', data=dict(
+           id=s.id)
+           )
+
+        assert 'Unauthorized' in rv.data
+
     def test_access_to_admin_page_denied_if_not_logged_in(self):
        rv = self.app.get('/admin')
-       assert 'You must be logged in to access this page' in rv.data     
+       assert 'You must be logged in to access this page' in rv.data