diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index 3fb41c6d2731607ed3ad02e1305e2f2f2b9dab67..182c4fd39ae1f09d89e18cd48befa2aa7507e2b5 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -1110,7 +1110,6 @@ def test_use_as_parent():
         datatype=db.TEXT).add_parent(
         name="TestProperty")
 
-    deny_permission(p, "USE:AS_PARENT")
     '''Failure'''
     deny_permission(p, "USE:AS_PARENT")
     with raises(db.TransactionError) as cm:
diff --git a/tests/test_server_side_scripting.py b/tests/test_server_side_scripting.py
index 1c032523d1efee8c4c930235f79e8fd81259cc2c..6e8a86aaabcd413fcbcd0e83946b2a73d4f4a49e 100644
--- a/tests/test_server_side_scripting.py
+++ b/tests/test_server_side_scripting.py
@@ -227,7 +227,8 @@ def test_diagnostics_basic():
     print(etree.tostring(xml))
 
     assert response.status == 200  # ok
-    assert response.getheader("Content-Type") == 'text/xml; charset=UTF-8'
+    assert "text/xml" in response.getheader("Content-Type").lower()
+    assert "charset=utf-8" in response.getheader("Content-Type").lower()
 
     diagnostics = xml.xpath("/Response/script/stdout")[0].text
     assert diagnostics is not None
@@ -266,7 +267,8 @@ def test_diagnostics_with_file_upload():
     response = get_connection().insert(
         ["scripting"], body=body, headers=headers)
     assert response.status == 200  # ok
-    assert response.getheader("Content-Type") == 'text/xml; charset=UTF-8'
+    assert "text/xml" in response.getheader("Content-Type").lower()
+    assert "charset=utf-8" in response.getheader("Content-Type").lower()
 
     xml = etree.parse(response)
     print(etree.tostring(xml))
@@ -316,7 +318,8 @@ def test_call_as_anonymous_with_administration_role():
     xml = etree.parse(response)
 
     assert response.getheader("Set-Cookie") is None  # no auth token returned
-    assert response.getheader("Content-Type") == 'text/xml; charset=UTF-8'
+    assert "text/xml" in response.getheader("Content-Type").lower()
+    assert "charset=utf-8" in response.getheader("Content-Type").lower()
 
     assert response.status == 200  # ok
     assert xml.xpath("/Response/script/@code")[0] == "0"
@@ -390,7 +393,8 @@ def test_anonymous_script_calling_success():
                        body=urlencode(form))
     assert response.status == 200  # ok
     assert response.getheader("Set-Cookie") is None  # no auth token returned
-    assert response.getheader("Content-Type") == 'text/xml; charset=UTF-8'
+    assert "text/xml" in response.getheader("Content-Type").lower()
+    assert "charset=utf-8" in response.getheader("Content-Type").lower()
 
     body = response.read()
     xml = etree.fromstring(body)
diff --git a/tests/test_state.py b/tests/test_state.py
index 1bc8a49c823eedd3479e52f9841bd6ac578346a6..e376dd081cda5ed3509b15363f4313490280738c 100644
--- a/tests/test_state.py
+++ b/tests/test_state.py
@@ -49,6 +49,8 @@ def setup_users():
                 "Grant", "STATE:TRANSITION:Transition4"),
             db.administration.PermissionRule(
                 "Grant", "STATE:TRANSITION:EditTransition"),
+            db.administration.PermissionRule(
+                "Grant", "STATE:TRANSITION:StartReviewTransition"),
         ])
     db.administration._set_permissions(
         role="team-leader", permission_rules=[
@@ -624,11 +626,11 @@ def test_full_edit_review_publish_cycle():
     rec.update()
 
     # start review
-    switch_to_test_user("team-leader")
     rec.state = db.State(model="EditReviewPublish", name="ReviewState")
     rec.update()
 
     # as team-leader
+    switch_to_test_user("team-leader")
     rec.get_property("TestProperty").value = next(val)
     rec.update()