diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb
index 16755a125031f49fc7de8a7b419c14df06eae7b5..599060e6909e1105dd310d947bbb4f436a89f25b 100644
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -74,7 +74,7 @@ private
   
   def find_optional_project
     @project = Project.find(params[:project_id]) if params[:project_id]
-    User.current.allowed_to?(:save_queries, @project, :global => true)
+    render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
   rescue ActiveRecord::RecordNotFound
     render_404
   end