diff --git a/app/models/project.rb b/app/models/project.rb
index a4c634bdb5c19dbe9632ddf7b05973f0a1f941c2..7f2dd37a3ccad5825c09b93bd2b24f28df2a9b35 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -786,6 +786,6 @@ class Project < ActiveRecord::Base
 
   def visibility_level_allowed?(level)
     return true unless forked?
-    Gitlab::VisibilityLevel.allowed_fork_levels(forked_from_project.visibility_level).include?(level)
+    Gitlab::VisibilityLevel.allowed_fork_levels(forked_from_project.visibility_level).include?(level.to_i)
   end
 end
diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb
index 69bdd045ddfeece023c92821cd7d7cdb3cd89853..0a42f3e02aa3efe6e752f6b8d50931f3a2e23548 100644
--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -11,6 +11,15 @@ module Projects
         end
       end
 
+      unless project.visibility_level_allowed?(new_visibility)
+        level_name = Gitlab::VisibilityLevel.level_name(new_visibility)
+        project.errors.add(
+          :visibility_level,
+          "#{level_name} could not be set as visibility level of this project - parent project settings are more restrictive"
+        )
+        return false
+      end
+
       new_branch = params[:default_branch]
 
       if project.repository.exists? && new_branch && new_branch != project.default_branch