diff --git a/tests/__init__.py b/tests/__init__.py
index 308012ed..21169867 100644
--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 import os
+os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
 import unittest
 import logging
 from webtest import TestApp
@@ -9,7 +10,15 @@
 logging.getLogger('django.db.backends').setLevel(logging.WARN)
 log = logging.getLogger('nose')
 
-os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
+import settings
+
+settings.MIDDLEWARE_CLASSES += ('django.contrib.auth.middleware.RemoteUserMiddleware',)
+settings.AUTHENTICATION_BACKENDS = (
+    'django.contrib.auth.backends.RemoteUserBackend',
+)
+
+from django.contrib.auth.models import User, Permission
+from django.contrib.contenttypes.models import ContentType
 
 django_app = django.core.handlers.wsgi.WSGIHandler()
 
@@ -31,4 +40,37 @@ def visit_links(self, links):
                     resp = self.app.get(l)
                     log.debug('visiting %r', l)
                 except Exception, e:
-                    log.warn('seems that %r is not a valid url. cant be encoded', l) 
+                    log.warn('seems that %r is not a valid url. cant be encoded', l)
+
+class UserTestCase(TestCase):
+
+    user = None
+    user_data = dict(id=99, username='garage1', email='garage@lqdn.fr')
+
+    def setUp(self):
+        self.set_user()
+
+    def set_anonymous(self):
+        self.app = TestApp(django_app)
+
+    def set_user(self, **kwargs):
+        user, created = User.objects.get_or_create(**self.user_data)
+        user.set_password('passwd')
+        for k, v in kwargs.items():
+            setattr(user, k, v)
+        if 'is_staff' in kwargs:
+            # staff is allowed to edit comments
+            ctype = ContentType.objects.get(name='comment')
+            perms = Permission.objects.filter(content_type=ctype)
+            user.user_permissions = perms
+        else:
+            user.user_permissions = []
+        user.save()
+        self.app = TestApp(django_app, extra_environ={'REMOTE_USER': str(user.username)})
+        self.user = user
+        return user
+
+    def tearDown(self):
+        self.user.delete()
+
+
diff --git a/tests/test_comments.py b/tests/test_comments.py
index d2d4c0d9..c2750144 100644
--- a/tests/test_comments.py
+++ b/tests/test_comments.py
@@ -1,10 +1,11 @@
 # -*- coding: utf-8 -*-
 from tests import *
+from uuid import uuid4
 
 class TestComments(TestCase):
 
     def test_meps_comments(self):
-        """test 10 first meps"""
+        """test comments"""
         resp = self.app.get('/europe/parliament/names/')
         l = pq(resp.pyquery('a[href^="/europe/parliament/deputy/"]')[0]).attr.href
         resp = self.app.get(l)
@@ -21,3 +22,27 @@ def test_meps_comments(self):
         resp = resp.follow()
         resp.mustcontain('<h1>Thank you for your comment.</h1>')
 
+class TestCommentsModeration(UserTestCase):
+
+    def test_meps_comments(self):
+        """test comments"""
+        resp = self.app.get('/europe/parliament/names/')
+        l = pq(resp.pyquery('a[href^="/europe/parliament/deputy/"]')[0]).attr.href
+        resp = self.app.get(l)
+        self.assert_(len(resp.forms)==1, resp.forms)
+        form = resp.form # comment form is the only one
+
+        # user dont need name and email
+        form['comment'] = 'ACTA sucks'
+        resp = form.submit()
+        assert resp.status_int == 302, resp
+        resp = resp.follow()
+        resp.mustcontain('<h1>Thank you for your comment.</h1>')
+
+        # login as staff user
+        self.set_user(is_staff=True)
+        resp = self.app.get('/admin/')
+        resp.mustcontain('<a href="comments/comment/">Comments</a>')
+        resp = self.app.get('/admin/comments/comment/')
+        resp.mustcontain('<th><a href="','/">garage1</a></th>')
+