diff --git a/radicale/tests/test_rights.py b/radicale/tests/test_rights.py
index b7f8c93..b6f6570 100644
--- a/radicale/tests/test_rights.py
+++ b/radicale/tests/test_rights.py
@@ -25,10 +25,11 @@ import tempfile
 
 from radicale import Application, config
 
+from .helpers import get_file_content
 from .test_base import BaseTest
 
 
-class TestBaseAuthRequests(BaseTest):
+class TestBaseRightsRequests(BaseTest):
     """Tests basic requests with rights."""
 
     def setup(self):
@@ -41,14 +42,16 @@ class TestBaseAuthRequests(BaseTest):
     def teardown(self):
         shutil.rmtree(self.colpath)
 
-    def _test_rights(self, rights_type, user, path, mode, expected_status):
+    def _test_rights(self, rights_type, user, path, mode, expected_status,
+                     with_auth=True):
         assert mode in ("r", "w")
         assert user in ("", "tmp")
         htpasswd_file_path = os.path.join(self.colpath, ".htpasswd")
         with open(htpasswd_file_path, "w") as f:
             f.write("tmp:bepo\nother:bepo")
         self.configuration["rights"]["type"] = rights_type
-        self.configuration["auth"]["type"] = "htpasswd"
+        if with_auth:
+            self.configuration["auth"]["type"] = "htpasswd"
         self.configuration["auth"]["htpasswd_filename"] = htpasswd_file_path
         self.configuration["auth"]["htpasswd_encryption"] = "plain"
         self.application = Application(self.configuration)
@@ -75,6 +78,12 @@ class TestBaseAuthRequests(BaseTest):
         self._test_rights("owner_only", "tmp", "/other", "r", 403)
         self._test_rights("owner_only", "tmp", "/other", "w", 403)
 
+    def test_owner_only_without_auth(self):
+        self._test_rights("owner_only", "", "/", "r", 207, False)
+        self._test_rights("owner_only", "", "/", "w", 401, False)
+        self._test_rights("owner_only", "", "/tmp", "r", 207, False)
+        self._test_rights("owner_only", "", "/tmp", "w", 207, False)
+
     def test_owner_write(self):
         self._test_rights("owner_write", "", "/", "r", 401)
         self._test_rights("owner_write", "", "/", "w", 401)
@@ -87,6 +96,12 @@ class TestBaseAuthRequests(BaseTest):
         self._test_rights("owner_write", "tmp", "/other", "r", 207)
         self._test_rights("owner_write", "tmp", "/other", "w", 403)
 
+    def test_owner_write_without_auth(self):
+        self._test_rights("owner_write", "", "/", "r", 207, False)
+        self._test_rights("owner_write", "", "/", "w", 401, False)
+        self._test_rights("owner_write", "", "/tmp", "r", 207, False)
+        self._test_rights("owner_write", "", "/tmp", "w", 207, False)
+
     def test_authenticated(self):
         self._test_rights("authenticated", "", "/", "r", 401)
         self._test_rights("authenticated", "", "/", "w", 401)
@@ -99,6 +114,12 @@ class TestBaseAuthRequests(BaseTest):
         self._test_rights("authenticated", "tmp", "/other", "r", 207)
         self._test_rights("authenticated", "tmp", "/other", "w", 207)
 
+    def test_authenticated_without_auth(self):
+        self._test_rights("authenticated", "", "/", "r", 207, False)
+        self._test_rights("authenticated", "", "/", "w", 207, False)
+        self._test_rights("authenticated", "", "/tmp", "r", 207, False)
+        self._test_rights("authenticated", "", "/tmp", "w", 207, False)
+
     def test_from_file(self):
         rights_file_path = os.path.join(self.colpath, "rights")
         with open(rights_file_path, "w") as f:
@@ -123,3 +144,43 @@ permissions: Rr""")
         """Custom rights management."""
         self._test_rights("tests.custom.rights", "", "/", "r", 401)
         self._test_rights("tests.custom.rights", "", "/tmp", "r", 207)
+
+    def test_collections_and_items(self):
+        """Test rights for creation of collections, calendars and items.
+
+        Collections are allowed at "/" and "/.../".
+        Calendars/Address books are allowed at "/.../.../".
+        Items are allowed at "/.../.../...".
+
+        """
+        self.application = Application(self.configuration)
+        status, _, _ = self.request("MKCALENDAR", "/")
+        assert status == 401
+        status, _, _ = self.request("MKCALENDAR", "/user/")
+        assert status == 401
+        status, _, _ = self.request("MKCOL", "/user/")
+        assert status == 201
+        status, _, _ = self.request("MKCOL", "/user/calendar/")
+        assert status == 401
+        status, _, _ = self.request("MKCALENDAR", "/user/calendar/")
+        assert status == 201
+        status, _, _ = self.request("MKCOL", "/user/calendar/item")
+        assert status == 401
+        status, _, _ = self.request("MKCALENDAR", "/user/calendar/item")
+        assert status == 401
+
+    def test_put_collections_and_items(self):
+        """Test rights for creation of calendars and items with PUT."""
+        self.application = Application(self.configuration)
+        status, _, _ = self.request(
+            "PUT", "/user/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR")
+        assert status == 401
+        status, _, _ = self.request("MKCOL", "/user/")
+        assert status == 201
+        status, _, _ = self.request(
+            "PUT", "/user/calendar/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR")
+        assert status == 201
+        event1 = get_file_content("event1.ics")
+        status, _, _ = self.request(
+            "PUT", "/user/calendar/event1.ics", event1)
+        assert status == 201