1 files changed, 6 insertions, 1 deletions

diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb
index 67a7daf8445..deba71c9dd3 100644
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -5,7 +5,8 @@ class Projects::ImportsController < Projects::ApplicationController
   include ImportUrlParams
 
   # Authorize
-  before_action :authorize_admin_project!
+  before_action :authorize_admin_project!, only: [:new, :create]
+  before_action :require_namespace_project_creation_permission, only: :show
   before_action :require_no_repo, only: [:new, :create]
   before_action :redirect_if_progress, only: [:new, :create]
   before_action :redirect_if_no_import, only: :show
@@ -51,6 +52,10 @@ class Projects::ImportsController < Projects::ApplicationController
     end
   end
 
+  def require_namespace_project_creation_permission
+    render_404 unless current_user.can?(:admin_project, @project) || current_user.can?(:create_projects, @project.namespace)
+  end
+
   def redirect_if_progress
     if @project.import_in_progress?
       redirect_to project_import_path(@project)