From f17e9896bf2e3b83f25978eba0fb56844e028148 Mon Sep 17 00:00:00 2001
From: Florian M <florian@scm.io>
Date: Thu, 23 Aug 2018 13:30:10 +0200
Subject: [PATCH 1/2] ensure team administration when pausing/unpausing
 projects

---
 app/controllers/ProjectController.scala | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/ProjectController.scala b/app/controllers/ProjectController.scala
index c93e67fee8a..271aac3e3c0 100644
--- a/app/controllers/ProjectController.scala
+++ b/app/controllers/ProjectController.scala
@@ -103,6 +103,7 @@ class ProjectController @Inject()(val messagesApi: MessagesApi) extends Controll
   private def updatePauseStatus(projectName: String, isPaused: Boolean)(implicit request: SecuredRequest[_]) = {
     for {
       project <- ProjectDAO.findOneByName(projectName) ?~> Messages("project.notFound", projectName)
+      _ <- ensureTeamAdministration(request.identity, project._team)
       _ <- ProjectDAO.updatePaused(project._id, isPaused) ?~> Messages("project.update.failed", projectName)
       updatedProject <- ProjectDAO.findOne(project._id) ?~> Messages("project.notFound", projectName)
       js <- updatedProject.publicWrites

From c9cdf039cdc38d0aa71f06ac3fb6e1bc0cd3a19f Mon Sep 17 00:00:00 2001
From: Florian M <florian@scm.io>
Date: Thu, 23 Aug 2018 13:33:06 +0200
Subject: [PATCH 2/2] update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a563907be9..b41aeb26cc7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.md).
 ### Fixed
 
 - Fixed a bug where large volume downloads contained invalid data.zip archives [#3086](https://github.com/scalableminds/webknossos/pull/3086)
+- Fixed a bug where non-privileged users were wrongly allowed to pause/unpause projects [#3097](https://github.com/scalableminds/webknossos/pull/3097)
 
 ### Removed