diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0ec2cf3495f0e6cb2ed615ded22c234bd3140fab..a1ffd6b914fcbd335fbf6a0ccd2548b37a49e90c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -56,7 +56,6 @@ test_frontend:
         script:
                 - yarn install
                 - yarn test --single-run
-        allow_failure: true
 
 # ============================== Staging section ============================= #
 .staging_template: &staging_definition
diff --git a/backend/core/tests/test_access_rights.py b/backend/core/tests/test_access_rights.py
index 78853afceae5dcfaa5cd4a6e6d49d6066682eb39..2e97b2edf551ce6e8ee1a449e836a4c7df18cda1 100644
--- a/backend/core/tests/test_access_rights.py
+++ b/backend/core/tests/test_access_rights.py
@@ -6,6 +6,7 @@ from core.views import StudentApiView
 
 from util.factories import GradyUserFactory
 
+
 class AccessRightsOfStudentAPIViewTests(APITestCase):
     """ All tests that enshure that only students can see what students
     should see belong here """
diff --git a/backend/core/tests/test_tutor_api_endpoints.py b/backend/core/tests/test_tutor_api_endpoints.py
index 698d987cdbbad13ff7e694ce5b682d29973e2546..88982efb433c80e5a2fa442e83258185499e64e2 100644
--- a/backend/core/tests/test_tutor_api_endpoints.py
+++ b/backend/core/tests/test_tutor_api_endpoints.py
@@ -5,3 +5,44 @@
     * GET /tutorlist list of all tutors with their scores
 """
 
+from rest_framework.test import APITestCase, APIRequestFactory, force_authenticate
+from rest_framework import status
+from core.models import Reviewer
+from django.urls import reverse
+from core.views import StudentApiView
+
+from util.factories import GradyUserFactory
+
+
+class AccessRightsTests(APITestCase):
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.factory = APIRequestFactory()
+        cls.user_factory = GradyUserFactory()
+
+    def setUp(self):
+        self.student = self.user_factory.make_student()
+        self.tutor = self.user_factory.make_tutor()
+        self.reviewer = self.user_factory.make_reviewer()
+        self.request = self.factory.get(reverse('student-page'))
+        self.view = StudentApiView.as_view()
+
+    def test_unauthorized_access_denied(self):
+        response = self.view(self.request)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_tutor_has_no_access(self):
+        force_authenticate(self.request, user=self.tutor.user)
+        response = self.view(self.request)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_reviewer_has_no_access(self):
+        force_authenticate(self.request, user=self.reviewer.user)
+        response = self.view(self.request)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_student_is_authorized(self):
+        force_authenticate(self.request, user=self.student.user)
+        response = self.view(self.request)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)