2 files changed, 26 insertions, 1 deletions

diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 34657813cbd..26c14276535 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -181,7 +181,9 @@ module API
         end
 
         expose :group_access, using: Entities::GroupAccess do |project, options|
-          project.group.users_groups.find_by(user_id: options[:user].id)
+          if project.group
+            project.group.users_groups.find_by(user_id: options[:user].id)
+          end
         end
       end
     end
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index b4b5f606eee..cb30c98b4d2 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -259,6 +259,7 @@ describe API::API do
 
   describe "GET /projects/:id" do
     before { project }
+    before { users_project }
 
     it "should return a project by id" do
       get api("/projects/#{project.id}", user)
@@ -284,6 +285,28 @@ describe API::API do
       get api("/projects/#{project.id}", other_user)
       response.status.should == 404
     end
+
+    describe 'permissions' do
+      context 'personal project' do
+        before { get api("/projects/#{project.id}", user) }
+
+        it { response.status.should == 200 }
+        it { json_response['permissions']["project_access"]["access_level"].should == Gitlab::Access::MASTER }
+        it { json_response['permissions']["group_access"].should be_nil }
+      end
+
+      context 'group project' do
+        before do
+          project2 = create(:project, group: create(:group))
+          project2.group.add_owner(user)
+          get api("/projects/#{project2.id}", user)
+        end
+
+        it { response.status.should == 200 }
+        it { json_response['permissions']["project_access"].should be_nil }
+        it { json_response['permissions']["group_access"]["access_level"].should == Gitlab::Access::OWNER }
+      end
+    end
   end
 
   describe "GET /projects/:id/events" do