diff options
Diffstat (limited to 'app/controllers/projects/project_members_controller.rb')
-rw-r--r-- | app/controllers/projects/project_members_controller.rb | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb index e7bddc4a6f1..e457db2f0b7 100644 --- a/app/controllers/projects/project_members_controller.rb +++ b/app/controllers/projects/project_members_controller.rb @@ -94,9 +94,14 @@ class Projects::ProjectMembersController < Projects::ApplicationController end def apply_import - giver = Project.find(params[:source_project_id]) - status = @project.team.import(giver, current_user) - notice = status ? "Successfully imported" : "Import failed" + source_project = Project.find(params[:source_project_id]) + + if can?(current_user, :read_project_member, source_project) + status = @project.team.import(source_project, current_user) + notice = status ? "Successfully imported" : "Import failed" + else + return render_404 + end redirect_to(namespace_project_project_members_path(project.namespace, project), notice: notice) |