API: Return 404 when trying to fork to unaccessible namespace

Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2016-09-21 16:40:46 +0200
committer: Rémy Coutable <remy@rymai.me> 2016-09-22 12:15:45 +0200
commit: 7458126111fab210974edb6e59cd722bee248088 (patch)
tree: 9520e116026d5e846918f46c36d1a172275d4244 /lib
parent: 2fea80d55b02a89368f7ae8e679732d411c2fa13 (diff)
download: gitlab-ce-7458126111fab210974edb6e59cd722bee248088.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 5eb83c2c8f8..6d99617b56f 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -207,7 +207,9 @@ module API
         if namespace_id.present?
           namespace = Namespace.find_by(id: namespace_id) || Namespace.find_by_path_or_name(namespace_id)
 
-          not_found!('Target Namespace') unless namespace
+          unless namespace && can?(current_user, :create_projects, namespace)
+            not_found!('Target Namespace')
+          end
 
           attrs[:namespace] = namespace
         end
author	Rémy Coutable <remy@rymai.me>	2016-09-21 16:40:46 +0200
committer	Rémy Coutable <remy@rymai.me>	2016-09-22 12:15:45 +0200
commit	7458126111fab210974edb6e59cd722bee248088 (patch)
tree	9520e116026d5e846918f46c36d1a172275d4244 /lib
parent	2fea80d55b02a89368f7ae8e679732d411c2fa13 (diff)
download	gitlab-ce-7458126111fab210974edb6e59cd722bee248088.tar.gz