diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index f260a2e0597d9559103785a2c9c29e21b5763376..ba5c52d510f112b374b7c948b6c7aad05f15c823 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -9,7 +9,10 @@ class Projects::IssuesController < Projects::ApplicationController
   before_filter :authorize_write_issue!, only: [:new, :create]
 
   # Allow modify issue
-  before_filter :authorize_modify_issue!, only: [:edit, :update, :bulk_update]
+  before_filter :authorize_modify_issue!, only: [:edit, :update]
+
+  # Allow issues bulk update
+  before_filter :authorize_admin_issues!, only: [:bulk_update]
 
   respond_to :html
 
@@ -107,8 +110,8 @@ class Projects::IssuesController < Projects::ApplicationController
     return render_404 unless can?(current_user, :modify_issue, @issue)
   end
 
-  def authorize_admin_issue!
-    return render_404 unless can?(current_user, :admin_issue, @issue)
+  def authorize_admin_issues!
+    return render_404 unless can?(current_user, :admin_issue, @project)
   end
 
   def module_enabled
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 038668fccfff987cfc51c5769304097b4c7636b9..120af807448b490f57ca124478a92800aad08163 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -126,6 +126,7 @@ class Ability
         :write_merge_request,
         :write_wiki,
         :modify_issue,
+        :admin_issue,
         :push_code
       ]
     end