diff --git a/app/routers/audit.py b/app/routers/audit.py
index 5b8df9a..2e0e9f3 100644
--- a/app/routers/audit.py
+++ b/app/routers/audit.py
@@ -117,6 +117,9 @@ async def audit_detail(request: Request, audit_id: int, db=Depends(get_db)):
     user = get_current_user(request)
     if not user:
         return HTMLResponse("<p>Non autorisé</p>")
+    from ..dependencies import get_user_perms, can_view
+    if not can_view(get_user_perms(db, user), "audit"):
+        return HTMLResponse("<p>Non autorisé</p>")
     entry = db.execute(text("SELECT * FROM server_audit WHERE id = :id"),
                        {"id": audit_id}).fetchone()
     if not entry:
diff --git a/app/routers/servers.py b/app/routers/servers.py
index 7464b13..59b3817 100644
--- a/app/routers/servers.py
+++ b/app/routers/servers.py
@@ -98,6 +98,9 @@ async def server_detail(request: Request, server_id: int, db=Depends(get_db)):
     user = get_current_user(request)
     if not user:
         return HTMLResponse("<p>Non autorise</p>")
+    from ..dependencies import get_user_perms, can_view
+    if not can_view(get_user_perms(db, user), "servers"):
+        return HTMLResponse("<p>Non autorise</p>")
     s = get_server_full(db, server_id)
     if not s:
         return HTMLResponse("<p>Serveur non trouve</p>")
@@ -115,6 +118,9 @@ async def server_edit(request: Request, server_id: int, db=Depends(get_db)):
     user = get_current_user(request)
     if not user:
         return HTMLResponse("<p>Non autorise</p>")
+    from ..dependencies import get_user_perms, can_edit
+    if not can_edit(get_user_perms(db, user), "servers"):
+        return HTMLResponse("<p>Non autorise</p>")
     s = get_server_full(db, server_id)
     if not s:
         return HTMLResponse("<p>Serveur non trouve</p>")