diff --git a/.gitignore b/.gitignore
index f1a48207..c10afaf8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,14 @@
 # Created by .ignore support plugin (hsz.mobi)
 
 ### Gancio dev configuration
-*.sqlite
+gancio.sqlite
+db.sqlite
 releases
 wp-plugin/wpgancio
 config/development.json
-gancio_config.json
-config.json
-db.sqlite
+/gancio_config.json
+/config.json
+/assets/config.json
 thumb
 docs/_site
 .vscode
diff --git a/server/api/controller/event.js b/server/api/controller/event.js
index ac0d44d5..a65229e2 100644
--- a/server/api/controller/event.js
+++ b/server/api/controller/event.js
@@ -290,6 +290,13 @@ const eventController = {
     res.sendStatus(200)
   },
 
+  async isAnonEventAllowed (req, res, next) {
+    if (!res.locals.settings.allow_anon_event) {
+      return res.sendStatus(403)
+    }
+    next()
+  },
+
   async add (req, res) {
     // req.err comes from multer streaming error
     if (req.err) {
diff --git a/server/api/index.js b/server/api/index.js
index 8622a84f..1ad30dfe 100644
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -101,7 +101,7 @@ if (config.status !== 'READY') {
    */
 
   // allow anyone to add an event (anon event has to be confirmed, TODO: flood protection)
-  api.post('/event', upload.single('image'), eventController.add)
+  api.post('/event', eventController.isAnonEventAllowed, upload.single('image'), eventController.add)
 
   api.put('/event', isAuth, upload.single('image'), eventController.update)
   api.get('/event/import', isAuth, helpers.importURL)
diff --git a/tests/app.test.js b/tests/app.test.js
index cdb2fca6..0b3d8d31 100644
--- a/tests/app.test.js
+++ b/tests/app.test.js
@@ -1,6 +1,7 @@
 const request = require('supertest')
+const fs = require('fs')
 
-const admin = { username: 'admin', password: 'SsJOn5l0JpBE', grant_type: 'password', client_id: 'self' }
+const admin = { username: 'admin', password: 'JqFuXEnkTyOR', grant_type: 'password', client_id: 'self' }
 let token
 // - event list should be empty
 // - try to write without auth
@@ -11,6 +12,7 @@ let token
 // - should login with correct authentication
 let app
 beforeAll( async () => {
+  fs.copyFileSync('./starter.sqlite', './testdb.sqlite')
   await require('../server/initialize.server.js')()
   app = require('../server/routes.js')
 })
@@ -61,17 +63,29 @@ describe('Authentication / Authorization', () => {
       .expect(403)
   })
 
-  // test('should create anon event only when allowed', async () => {
-  //   let response
-  //   response = await request(app)
-  //   .post('/api/settings') // auth._token.local
-  //   .send({ key: 'allow_anon_event', value: false })
-  //   .auth(token.access_token, { type: 'bearer' })
-  //     .expect(200)
-  //   // expect(response.statusCode).toBe(200)
-  //   // response = await request(app).post('/api/settings')
-  //   //   .send({ key: 'allow_anon_event', value: false })
-  // })
+  test('should create anon event only when allowed', async () => {
+    let response
+    response = await request(app).post('/api/settings')
+    .send({ key: 'allow_anon_event', value: false })
+    .auth(token.access_token, { type: 'bearer' })
+      .expect(200)
+    
+    response = await request(app).post('/api/event')
+      .expect(403)
+
+    response = await request(app).post('/api/settings')
+      .send({ key: 'allow_anon_event', value: true })
+      .auth(token.access_token, { type: 'bearer' })
+        .expect(200)
+  
+    response = await request(app).post('/api/event')
+      .send({ title: 'test title', place_name: 'place name', start_datetime: new Date().getTime() * 1000 })
+      .expect(200)
+        
+    // expect(response.statusCode).toBe(200)
+    // response = await request(app).post('/api/settings')
+    //   .send({ key: 'allow_anon_event', value: false })
+  })
 
 })
 
@@ -87,7 +101,7 @@ describe('Events', () => {
 
     const promises = Object.keys(required_fields).map(async field => {
       const response = await request(app).post('/api/event').send(required_fields[field])
-      expect(response.statusCode).toBe(400)
+        .expect(400)
       expect(response.text).toBe(`${field} is required`)
       return
     })
diff --git a/tests/seeds/config.json b/tests/seeds/config.json
new file mode 100644
index 00000000..06cfa7e5
--- /dev/null
+++ b/tests/seeds/config.json
@@ -0,0 +1,21 @@
+{
+  "baseurl": "http://localhost:13120",
+  "hostname": "127.0.0.1",
+  "server": {
+    "host": "0.0.0.0",
+    "port": 13120
+  },
+  "log_level": "error",
+  "log_path": "./logs",
+  "db": {
+    "dialect": "sqlite",
+    "storage": "./testdb.sqlite",
+    "host": "localhost",
+    "database": "gancio",
+    "logging": false,
+    "dialectOptions": {
+      "autoJsonMap": false
+    }
+  },
+  "upload_path": "./uploads"
+}
diff --git a/tests/seeds/starter.sqlite b/tests/seeds/starter.sqlite
new file mode 100644
index 00000000..052d7ba9
Binary files /dev/null and b/tests/seeds/starter.sqlite differ