Fix Issues#bulk_update

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

2 files changed, 7 insertions, 3 deletions

diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index f260a2e0597..ba5c52d510f 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -9,7 +9,10 @@ class Projects::IssuesController < Projects::ApplicationController
   before_filter :authorize_write_issue!, only: [:new, :create]
 
   # Allow modify issue
-  before_filter :authorize_modify_issue!, only: [:edit, :update, :bulk_update]
+  before_filter :authorize_modify_issue!, only: [:edit, :update]
+
+  # Allow issues bulk update
+  before_filter :authorize_admin_issues!, only: [:bulk_update]
 
   respond_to :html
 
@@ -107,8 +110,8 @@ class Projects::IssuesController < Projects::ApplicationController
     return render_404 unless can?(current_user, :modify_issue, @issue)
   end
 
-  def authorize_admin_issue!
-    return render_404 unless can?(current_user, :admin_issue, @issue)
+  def authorize_admin_issues!
+    return render_404 unless can?(current_user, :admin_issue, @project)
   end
 
   def module_enabled
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 038668fccff..120af807448 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -126,6 +126,7 @@ class Ability
         :write_merge_request,
         :write_wiki,
         :modify_issue,
+        :admin_issue,
         :push_code
       ]
     end