diff --git a/bds/mixins.py b/bds/mixins.py
index 14fac693..16399704 100644
--- a/bds/mixins.py
+++ b/bds/mixins.py
@@ -2,4 +2,4 @@ from django.contrib.auth.mixins import PermissionRequiredMixin
 
 
 class StaffRequiredMixin(PermissionRequiredMixin):
-    permission_required = "bds:is_team"
+    permission_required = "bds.is_team"
diff --git a/bds/tests/__init__.py b/bds/tests/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/bds/tests/test_views.py b/bds/tests/test_views.py
new file mode 100644
index 00000000..0ad42018
--- /dev/null
+++ b/bds/tests/test_views.py
@@ -0,0 +1,58 @@
+from unittest import mock
+
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Permission
+from django.test import Client, TestCase
+from django.urls import reverse
+
+User = get_user_model()
+
+
+def give_bds_buro_permissions(user: User) -> None:
+    perm = Permission.objects.get(content_type__app_label="bds", codename="is_team")
+    user.user_permissions.add(perm)
+
+
+class TestRegistrationView(TestCase):
+    @mock.patch("gestioncof.signals.messages")
+    def test_get_autocomplete(self, mock_messages):
+        user = User.objects.create_user(username="toto")
+        url = reverse("bds:autocomplete") + "?q=foo"
+        client = Client()
+
+        # Anonymous GET
+        resp = client.get(url)
+        redirect_url = "/login?next={}".format(url)
+        self.assertRedirects(resp, redirect_url)
+
+        # Logged-in but unprivileged GET
+        client.force_login(user)
+        resp = client.get(url)
+        self.assertEquals(resp.status_code, 403)
+
+        # Burô user GET
+        give_bds_buro_permissions(user)
+        resp = client.get(url)
+        self.assertEquals(resp.status_code, 200)
+
+    @mock.patch("gestioncof.signals.messages")
+    def test_get(self, mock_messages):
+        user = User.objects.create_user(username="toto")
+        url = reverse("bds:user.update", args=(user.id,))
+        print(url)
+        client = Client()
+
+        # Anonymous GET
+        resp = client.get(url)
+        redirect_url = "/login?next={}".format(url)
+        self.assertRedirects(resp, redirect_url)
+
+        # Logged-in but unprivileged GET
+        client.force_login(user)
+        resp = client.get(url)
+        self.assertEquals(resp.status_code, 403)
+
+        # Burô user GET
+        give_bds_buro_permissions(user)
+        resp = client.get(url)
+        self.assertEquals(resp.status_code, 200)