diff --git a/forms.py b/forms.py
index 35d0339..d68f54c 100644
--- a/forms.py
+++ b/forms.py
@@ -13,7 +13,6 @@ async def invite_user(request):
 	"""Allows an admin to invite a new user."""
 	if not request['session']['admin']:
 		return {'main': "You do not have permission to do that."}
-
 	data = await request.post()
 	email = data.get('email')
 
@@ -27,6 +26,8 @@ async def invite_user(request):
 
 async def change_user_perms(request):
 	"""Allows an admin to change user permissions."""
+	if not request['session']['admin']:
+		return {'main': "You do not have permission to do that."}
 	data = await request.post()
 	data = json.loads(data['perms'])
 
@@ -52,6 +53,8 @@ async def change_user_perms(request):
 
 async def new_app(request):
 	"""Allows an admin to add a new app to be managed by Buckler."""
+	if not request['session']['admin']:
+		return {'main': "You do not have permission to do that."}
 	data = await request.post()
 	app_name = data.get('app_name')
 	app_url = data.get('app_url')