diff --git a/rhodecode/apps/repository/views/repo_settings_advanced.py b/rhodecode/apps/repository/views/repo_settings_advanced.py
--- a/rhodecode/apps/repository/views/repo_settings_advanced.py
+++ b/rhodecode/apps/repository/views/repo_settings_advanced.py
@@ -27,7 +27,8 @@ from rhodecode.apps._base import RepoApp
 from rhodecode.lib import helpers as h
 from rhodecode.lib import audit_logger
 from rhodecode.lib.auth import (
-    LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
+    LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired,
+    HasRepoPermissionAny)
 from rhodecode.lib.exceptions import AttachedForksError
 from rhodecode.lib.utils2 import safe_int
 from rhodecode.lib.vcs import RepositoryError
@@ -169,23 +170,32 @@ class RepoSettingsView(RepoAppView):
         """
         _ = self.request.translate
 
-        new_fork_id = self.request.POST.get('id_fork_of')
-        try:
+        new_fork_id = safe_int(self.request.POST.get('id_fork_of'))
+
+        # valid repo, re-check permissions
+        if new_fork_id:
+            repo = Repository.get(new_fork_id)
+            # ensure we have at least read access to the repo we mark
+            perm_check = HasRepoPermissionAny(
+                'repository.read', 'repository.write', 'repository.admin')
 
-            if new_fork_id and not new_fork_id.isdigit():
-                log.error('Given fork id %s is not an INT', new_fork_id)
+            if repo and perm_check(repo_name=repo.repo_name):
+                new_fork_id = repo.repo_id
+            else:
+                new_fork_id = None
 
-            fork_id = safe_int(new_fork_id)
+        try:
             repo = ScmModel().mark_as_fork(
-                self.db_repo_name, fork_id, self._rhodecode_user.user_id)
+                self.db_repo_name, new_fork_id, self._rhodecode_user.user_id)
             fork = repo.fork.repo_name if repo.fork else _('Nothing')
             Session().commit()
-            h.flash(_('Marked repo %s as fork of %s') % (self.db_repo_name, fork),
-                    category='success')
+            h.flash(
+                _('Marked repo %s as fork of %s') % (self.db_repo_name, fork),
+                category='success')
         except RepositoryError as e:
             log.exception("Repository Error occurred")
             h.flash(str(e), category='error')
-        except Exception as e:
+        except Exception:
             log.exception("Exception while editing fork")
             h.flash(_('An error occurred during this operation'),
                     category='error')
diff --git a/rhodecode/public/js/rhodecode/routes.js b/rhodecode/public/js/rhodecode/routes.js
--- a/rhodecode/public/js/rhodecode/routes.js
+++ b/rhodecode/public/js/rhodecode/routes.js
@@ -218,6 +218,7 @@ function registerRCRoutes() {
     pyroutes.register('edit_repo_strip', '/%(repo_name)s/settings/strip', ['repo_name']);
     pyroutes.register('strip_check', '/%(repo_name)s/settings/strip_check', ['repo_name']);
     pyroutes.register('strip_execute', '/%(repo_name)s/settings/strip_execute', ['repo_name']);
+    pyroutes.register('edit_repo_audit_logs', '/%(repo_name)s/settings/audit_logs', ['repo_name']);
     pyroutes.register('rss_feed_home', '/%(repo_name)s/feed/rss', ['repo_name']);
     pyroutes.register('atom_feed_home', '/%(repo_name)s/feed/atom', ['repo_name']);
     pyroutes.register('repo_summary', '/%(repo_name)s', ['repo_name']);