From 8ffef5ecaff3bad2d86c313ae9b00f86ab7a7dfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Wed, 21 Sep 2016 16:40:46 +0200
Subject: API: Return 404 when trying to fork to unaccessible namespace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 lib/api/projects.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/api')

diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 5eb83c2c8f8..6d99617b56f 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -207,7 +207,9 @@ module API
         if namespace_id.present?
           namespace = Namespace.find_by(id: namespace_id) || Namespace.find_by_path_or_name(namespace_id)
 
-          not_found!('Target Namespace') unless namespace
+          unless namespace && can?(current_user, :create_projects, namespace)
+            not_found!('Target Namespace')
+          end
 
           attrs[:namespace] = namespace
         end
-- 
cgit v1.2.1