diff --git a/assets/modules/event-map.js b/assets/modules/event-map.js
index 83cebad..ba6bffb 100644
--- a/assets/modules/event-map.js
+++ b/assets/modules/event-map.js
@@ -30,8 +30,8 @@ function geocodeAndRender(address, mapEl) {
                 return
             }
 
-            const lat = parseFloat(data[0].lat)
-            const lon = parseFloat(data[0].lon)
+            const lat = Number.parseFloat(data[0].lat)
+            const lon = Number.parseFloat(data[0].lon)
 
             const map = L.map(mapEl).setView([lat, lon], 16)
 
diff --git a/eslint.config.js b/eslint.config.js
index 9427f38..8c8eef1 100644
--- a/eslint.config.js
+++ b/eslint.config.js
@@ -6,6 +6,15 @@ export default [
                 document: "readonly",
                 window: "readonly",
                 console: "readonly",
+                setTimeout: "readonly",
+                globalThis: "readonly",
+                navigator: "readonly",
+                fetch: "readonly",
+                caches: "readonly",
+                Request: "readonly",
+                Response: "readonly",
+                BroadcastChannel: "readonly",
+                DOMParser: "readonly",
             },
         },
         rules: {
diff --git a/templates/admin/events.html.twig b/templates/admin/events.html.twig
index b4f9c54..0f6107c 100644
--- a/templates/admin/events.html.twig
+++ b/templates/admin/events.html.twig
@@ -8,8 +8,8 @@
     <div class="admin-card mb-8">
         <form method="get" action="{{ path('app_admin_events') }}" class="flex flex-wrap gap-3 items-end">
             <div class="flex-1 min-w-[200px]">
-                <label class="admin-form-label font-black uppercase text-gray-400 mb-1 block">Rechercher</label>
-                <input type="text" name="q" value="{{ searchQuery }}" class="admin-form-input" placeholder="Titre, ville, organisateur...">
+                <label for="admin_event_search" class="admin-form-label font-black uppercase text-gray-400 mb-1 block">Rechercher</label>
+                <input type="text" id="admin_event_search" name="q" value="{{ searchQuery }}" class="admin-form-input" placeholder="Titre, ville, organisateur...">
             </div>
             <div class="flex gap-2">
                 <button type="submit" class="admin-btn-search font-black uppercase text-xs tracking-widest">Rechercher</button>
diff --git a/tests/Controller/AccountControllerTest.php b/tests/Controller/AccountControllerTest.php
index 8e8d5f8..3609611 100644
--- a/tests/Controller/AccountControllerTest.php
+++ b/tests/Controller/AccountControllerTest.php
@@ -690,6 +690,86 @@ class AccountControllerTest extends WebTestCase
         self::assertResponseRedirects('/mon-compte/evenement/'.$event->getId().'/modifier');
     }
 
+    public function testEventsSearchReturnsSuccess(): void
+    {
+        $client = static::createClient();
+        $user = $this->createUser(['ROLE_ORGANIZER'], true);
+
+        $client->loginUser($user);
+        $client->request('GET', '/mon-compte?tab=events&q=brocante');
+
+        self::assertResponseIsSuccessful();
+    }
+
+    public function testToggleOnlineDeniedForOtherUser(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+        $owner = $this->createUser(['ROLE_ORGANIZER'], true);
+        $other = $this->createUser(['ROLE_ORGANIZER'], true);
+
+        $event = new \App\Entity\Event();
+        $event->setAccount($owner);
+        $event->setTitle('Toggle Denied');
+        $event->setStartAt(new \DateTimeImmutable('2026-08-01 10:00'));
+        $event->setEndAt(new \DateTimeImmutable('2026-08-01 18:00'));
+        $event->setAddress('1 rue');
+        $event->setZipcode('75001');
+        $event->setCity('Paris');
+        $em->persist($event);
+        $em->flush();
+
+        $client->loginUser($other);
+        $client->request('POST', '/mon-compte/evenement/'.$event->getId().'/en-ligne');
+        self::assertResponseStatusCodeSame(403);
+    }
+
+    public function testToggleSecretDeniedForOtherUser(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+        $owner = $this->createUser(['ROLE_ORGANIZER'], true);
+        $other = $this->createUser(['ROLE_ORGANIZER'], true);
+
+        $event = new \App\Entity\Event();
+        $event->setAccount($owner);
+        $event->setTitle('Secret Denied');
+        $event->setStartAt(new \DateTimeImmutable('2026-08-01 10:00'));
+        $event->setEndAt(new \DateTimeImmutable('2026-08-01 18:00'));
+        $event->setAddress('1 rue');
+        $event->setZipcode('75001');
+        $event->setCity('Paris');
+        $em->persist($event);
+        $em->flush();
+
+        $client->loginUser($other);
+        $client->request('POST', '/mon-compte/evenement/'.$event->getId().'/secret');
+        self::assertResponseStatusCodeSame(403);
+    }
+
+    public function testDeleteEventDeniedForOtherUser(): void
+    {
+        $client = static::createClient();
+        $em = static::getContainer()->get(EntityManagerInterface::class);
+        $owner = $this->createUser(['ROLE_ORGANIZER'], true);
+        $other = $this->createUser(['ROLE_ORGANIZER'], true);
+
+        $event = new \App\Entity\Event();
+        $event->setAccount($owner);
+        $event->setTitle('Delete Denied');
+        $event->setStartAt(new \DateTimeImmutable('2026-08-01 10:00'));
+        $event->setEndAt(new \DateTimeImmutable('2026-08-01 18:00'));
+        $event->setAddress('1 rue');
+        $event->setZipcode('75001');
+        $event->setCity('Paris');
+        $em->persist($event);
+        $em->flush();
+
+        $client->loginUser($other);
+        $client->request('POST', '/mon-compte/evenement/'.$event->getId().'/supprimer');
+        self::assertResponseStatusCodeSame(403);
+    }
+
     /**
      * @param list<string> $roles
      */