diff --git a/docs/changelog.rst b/docs/changelog.rst
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -19,6 +19,7 @@ fixes
 +++++
 
 - fixed dev-version marker for stable when served from source codes
+- fixed missing permission checks on show forks page
 
 1.3.4 (**2012-03-28**)
 ----------------------
diff --git a/rhodecode/controllers/forks.py b/rhodecode/controllers/forks.py
--- a/rhodecode/controllers/forks.py
+++ b/rhodecode/controllers/forks.py
@@ -35,7 +35,7 @@ import rhodecode.lib.helpers as h
 
 from rhodecode.lib.helpers import Page
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
-    NotAnonymous
+    NotAnonymous, HasRepoPermissionAny
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
 from rhodecode.model.repo import RepoModel
@@ -103,7 +103,13 @@ class ForksController(BaseRepoController
     def forks(self, repo_name):
         p = int(request.params.get('page', 1))
         repo_id = c.rhodecode_db_repo.repo_id
-        d = Repository.get_repo_forks(repo_id)
+        d = []
+        for r in Repository.get_repo_forks(repo_id):
+            if not HasRepoPermissionAny(
+                'repository.read', 'repository.write', 'repository.admin'
+            )(r.repo_name, 'get forks check'):
+                continue
+            d.append(r)
         c.forks_pager = Page(d, page=p, items_per_page=20)
 
         c.forks_data = render('/forks/forks_data.html')
diff --git a/rhodecode/tests/functional/test_forks.py b/rhodecode/tests/functional/test_forks.py
--- a/rhodecode/tests/functional/test_forks.py
+++ b/rhodecode/tests/functional/test_forks.py
@@ -1,9 +1,25 @@
 from rhodecode.tests import *
 
 from rhodecode.model.db import Repository
+from rhodecode.model.repo import RepoModel
+from rhodecode.model.user import UserModel
+
 
 class TestForksController(TestController):
 
+    def setUp(self):
+        self.username = u'forkuser'
+        self.password = u'qweqwe'
+        self.u1 = UserModel().create_or_update(
+            username=self.username, password=self.password,
+            email=u'fork_king@rhodecode.org', name=u'u1', lastname=u'u1'
+        )
+        self.Session.commit()
+
+    def tearDown(self):
+        self.Session.delete(self.u1)
+        self.Session.commit()
+
     def test_index(self):
         self.log_user()
         repo_name = HG_REPO
@@ -12,7 +28,6 @@ class TestForksController(TestController
 
         self.assertTrue("""There are no forks yet""" in response.body)
 
-
     def test_index_with_fork(self):
         self.log_user()
 
@@ -34,7 +49,6 @@ class TestForksController(TestController
         response = self.app.get(url(controller='forks', action='forks',
                                     repo_name=repo_name))
 
-
         self.assertTrue("""<a href="/%s/summary">"""
                          """vcs_test_hg_fork</a>""" % fork_name
                          in response.body)
@@ -42,9 +56,6 @@ class TestForksController(TestController
         #remove this fork
         response = self.app.delete(url('repo', repo_name=fork_name))
 
-
-
-
     def test_z_fork_create(self):
         self.log_user()
         fork_name = HG_FORK
@@ -71,11 +82,9 @@ class TestForksController(TestController
         self.assertEqual(fork_repo.repo_name, fork_name)
         self.assertEqual(fork_repo.fork.repo_name, repo_name)
 
-
         #test if fork is visible in the list ?
         response = response.follow()
 
-
         # check if fork is marked as fork
         # wait for cache to expire
         import time
@@ -84,3 +93,41 @@ class TestForksController(TestController
                                     repo_name=fork_name))
 
         self.assertTrue('Fork of %s' % repo_name in response.body)
+
+    def test_zz_fork_permission_page(self):
+        usr = self.log_user(self.username, self.password)['user_id']
+        repo_name = HG_REPO
+
+        forks = self.Session.query(Repository)\
+            .filter(Repository.fork_id != None)\
+            .all()
+        self.assertEqual(1, len(forks))
+
+        # set read permissions for this
+        RepoModel().grant_user_permission(repo=forks[0],
+                                          user=usr,
+                                          perm='repository.read')
+        self.Session.commit()
+
+        response = self.app.get(url(controller='forks', action='forks',
+                                    repo_name=repo_name))
+
+        response.mustcontain('<div style="padding:5px 3px 3px 42px;">fork of vcs test</div>')
+
+    def test_zzz_fork_permission_page(self):
+        usr = self.log_user(self.username, self.password)['user_id']
+        repo_name = HG_REPO
+
+        forks = self.Session.query(Repository)\
+            .filter(Repository.fork_id != None)\
+            .all()
+        self.assertEqual(1, len(forks))
+
+        # set none
+        RepoModel().grant_user_permission(repo=forks[0],
+                                          user=usr, perm='repository.none')
+        self.Session.commit()
+        # fork shouldn't be there
+        response = self.app.get(url(controller='forks', action='forks',
+                                    repo_name=repo_name))
+        response.mustcontain('There are no forks yet')