Respond 404 when unauthorized user imports membersfix/permissions-when-importing-members

2 files changed, 3 insertions, 3 deletions

diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index fd56dfd1260..e457db2f0b7 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -100,7 +100,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
       status = @project.team.import(source_project, current_user)
       notice = status ? "Successfully imported" : "Import failed"
     else
-      notice = 'Import failed - source project not found!'
+      return render_404
     end
 
     redirect_to(namespace_project_project_members_path(project.namespace, project),
diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb
index 6ff3d4199f6..d47e4ab9a4f 100644
--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -41,8 +41,8 @@ describe Projects::ProjectMembersController do
         expect(project.team_members).to_not include member
       end
 
-      it 'pretends that source projects does not exist' do
-        expect(response).to set_flash.to /source project not found/
+      it 'responds with not found' do
+        expect(response.status).to eq 404
       end
     end
   end