diff --git a/app/controllers/platforms/contents_controller.rb b/app/controllers/platforms/contents_controller.rb
index 4ac5e832a..5624000f2 100644
--- a/app/controllers/platforms/contents_controller.rb
+++ b/app/controllers/platforms/contents_controller.rb
@@ -21,6 +21,7 @@ class Platforms::ContentsController < Platforms::BaseController
   end
 
   def remove_file
+    authorize!(:remove_file, @platform)
     PlatformContent.remove_file(@platform, params[:path])
     render nothing: true
   end
diff --git a/spec/controllers/platforms/contents_controller_spec.rb b/spec/controllers/platforms/contents_controller_spec.rb
index ab01ca3ba..e8b1c1454 100644
--- a/spec/controllers/platforms/contents_controller_spec.rb
+++ b/spec/controllers/platforms/contents_controller_spec.rb
@@ -28,6 +28,34 @@ shared_examples_for 'content platform user with show rights' do
   end
 end
 
+shared_examples_for 'content platform user without owner rights' do
+  it 'should not be able to perform remove_file action for main platform' do
+    get :remove_file, platform_id: @platform, path: '/test'
+    response.should_not be_success
+  end
+
+  it 'should not be able to perform index remove_file for personal platform' do
+    get :remove_file, platform_id: @personal_platform, path: '/test'
+    response.should_not be_success
+  end
+end
+
+shared_examples_for 'content platform user with owner rights' do
+  before do
+    allow(PlatformContent).to receive(:remove_file)
+  end
+
+  it 'should be able to perform remove_file action for main platform' do
+    get :remove_file, platform_id: @platform, path: '/test'
+    response.should be_success
+  end
+
+  it 'should be able to perform remove_file action for personal platform' do
+    get :remove_file, platform_id: @personal_platform, path: '/test'
+    response.should be_success
+  end
+end
+
 describe Platforms::ContentsController do
   before do
     stub_symlink_methods
@@ -52,6 +80,7 @@ describe Platforms::ContentsController do
 
     it_should_behave_like 'content platform user with show rights' if APP_CONFIG['anonymous_access']
     it_should_behave_like 'content platform user without show rights for hidden platform'
+    it_should_behave_like 'content platform user without owner rights'
   end
 
   context 'for global admin' do
@@ -61,17 +90,20 @@ describe Platforms::ContentsController do
 
     it_should_behave_like 'content platform user with show rights'
     it_should_behave_like 'content platform user with show rights for hidden platform'
+    it_should_behave_like 'content platform user with owner rights'
   end
 
   context 'for owner user' do
     before do
       http_login(@user)
-      @platform.owner = @user; @platform.save
+      allow(Platform).to receive(:find).and_return(@platform)
+      allow(@platform).to receive(:owner).and_return(@user)
       create_relation(@platform, @user, 'admin')
     end
 
     it_should_behave_like 'content platform user with show rights'
     it_should_behave_like 'content platform user with show rights for hidden platform'
+    it_should_behave_like 'content platform user with owner rights'
   end
 
   context 'for member of platform' do
@@ -83,6 +115,7 @@ describe Platforms::ContentsController do
 
     it_should_behave_like 'content platform user with show rights'
     it_should_behave_like 'content platform user with show rights for hidden platform'
+    it_should_behave_like 'content platform user without owner rights'
   end
 
   context 'for simple user' do
@@ -92,6 +125,7 @@ describe Platforms::ContentsController do
 
     it_should_behave_like 'content platform user with show rights'
     it_should_behave_like 'content platform user without show rights for hidden platform'
+    it_should_behave_like 'content platform user without owner rights'
   end
 
 end