diff --git a/kfet/auth/tests.py b/kfet/auth/tests.py
index 37344cd7..bdb61cd8 100644
--- a/kfet/auth/tests.py
+++ b/kfet/auth/tests.py
@@ -19,7 +19,6 @@ from .fields import GroupsField, CorePermissionsField
 from .middleware import TemporaryAuthMiddleware
 from .models import GenericTeamToken, Group, Permission
 from .utils import get_kfet_generic_user
-from .views import GenericLoginView
 
 
 ##
@@ -261,6 +260,10 @@ class GenericLoginViewTests(TestCase):
         patcher_messages.start()
         self.addCleanup(patcher_messages.stop)
 
+        # Prevent querying the database too soon.
+        from .views import GenericLoginView
+        self.view_cls = GenericLoginView
+
         user_acc = Account(trigramme='000')
         user_acc.save({'username': 'user'})
         self.user = user_acc.user
@@ -352,14 +355,14 @@ class GenericLoginViewTests(TestCase):
         """
         token = GenericTeamToken.objects.create(token='valid')
         self._set_signed_cookie(
-            self.client, GenericLoginView.TOKEN_COOKIE_NAME, 'valid')
+            self.client, self.view_cls.TOKEN_COOKIE_NAME, 'valid')
 
         r = self.client.get(self.url)
 
         self.assertRedirects(r, reverse('kfet.kpsul'))
         self.assertEqual(r.wsgi_request.user, self.generic_user)
         self._is_cookie_deleted(
-            self.client, GenericLoginView.TOKEN_COOKIE_NAME)
+            self.client, self.view_cls.TOKEN_COOKIE_NAME)
         with self.assertRaises(GenericTeamToken.DoesNotExist):
             token.refresh_from_db()
 
@@ -368,14 +371,14 @@ class GenericLoginViewTests(TestCase):
         If token is invalid, delete it and try again.
         """
         self._set_signed_cookie(
-            self.client, GenericLoginView.TOKEN_COOKIE_NAME, 'invalid')
+            self.client, self.view_cls.TOKEN_COOKIE_NAME, 'invalid')
 
         r = self.client.get(self.url)
 
         self.assertRedirects(r, self.url, fetch_redirect_response=False)
         self.assertEqual(r.wsgi_request.user, AnonymousUser())
         self._is_cookie_deleted(
-            self.client, GenericLoginView.TOKEN_COOKIE_NAME)
+            self.client, self.view_cls.TOKEN_COOKIE_NAME)
 
     def test_flow_ok(self):
         """
diff --git a/kfet/cms/forms.py b/kfet/cms/forms.py
index f56d8892..727649b0 100644
--- a/kfet/cms/forms.py
+++ b/kfet/cms/forms.py
@@ -58,7 +58,7 @@ class CmsGroupForm(KeepUnselectableModelFormMixin, forms.ModelForm):
 
 class SnippetsCmsGroupForm(KeepUnselectableModelFormMixin, forms.ModelForm):
     permissions = BasePermissionsField(
-        label='',
+        label='', required=False,
         queryset=Permission.kfetcms.all(),
     )
 
diff --git a/kfet/cms/views.py b/kfet/cms/views.py
index ae50c0f6..4cb719a8 100644
--- a/kfet/cms/views.py
+++ b/kfet/cms/views.py
@@ -6,14 +6,15 @@ from wagtail.wagtailadmin.forms import (
 from wagtail.wagtailcore import hooks
 from wagtail.wagtailcore.models import Collection, Page
 
-from .forms import (
-    CmsGroupForm, SnippetsCmsGroupForm, prepare_page_permissions_formset,
-    prepare_collection_member_permissions_formset,
-)
 from .utils import get_kfet_root_collection, get_kfet_root_page
 
 
 def get_kfetcms_group_formview_extra():
+    # Prevents querying the database too soon.
+    from .forms import (
+        CmsGroupForm, SnippetsCmsGroupForm, prepare_page_permissions_formset,
+        prepare_collection_member_permissions_formset,
+    )
     forms = []
 
     # Misc cms-related permissions.